Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
at.zip

Overview

General Information

Sample name:at.zip
Analysis ID:1538487
MD5:6dd87a1d9baaf21fa3442e6680e0e447
SHA1:52bde540e5ae24f09118318242fcc0c3f2ef51e5
SHA256:54cc640764057626ed48c0c5a6067325c65a8793b50f2e8ec55b2343d7ba5c45
Infos:

Detection

Score:60
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Changes security center settings (notifications, updates, antivirus, firewall)
Loading BitLocker PowerShell Module
Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)
Query firmware table information (likely to detect VMs)
Tries to delay execution (extensive OutputDebugStringW loop)
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
Too many similar processes found

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 6876 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • svchost.exe (PID: 6952 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6264 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • SgrmBroker.exe (PID: 6304 cmdline: C:\Windows\system32\SgrmBroker.exe MD5: 3BA1A18A0DC30A0545E7765CB97D8E63)
  • svchost.exe (PID: 6188 cmdline: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • svchost.exe (PID: 6448 cmdline: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
    • MpCmdRun.exe (PID: 5856 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: B3676839B2EE96983F9ED735CD044159)
  • svchost.exe (PID: 6368 cmdline: C:\Windows\system32\svchost.exe -k UnistackSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • msiexec.exe (PID: 5792 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 3736 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 1548 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding F73FC5BE388AC90391F7C233BAB74653 C MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • ISBEW64.exe (PID: 5888 cmdline: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{607A0846-7FAA-484B-BAE7-495122EFB1D7} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 2792 cmdline: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BD98A506-F1A0-4A2A-94F9-1230E3DC00D0} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 3660 cmdline: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CA5762C4-33FC-4D8D-9D4F-E8335D2893E9} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 1088 cmdline: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{69BB69E2-CA60-448A-B3E2-C8DB9863E765} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 6768 cmdline: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F036FD47-334C-47B8-A3E5-01A14999B665} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 6892 cmdline: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B0CAD4F4-7A0D-4ED7-B980-E015B12ECC39} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 1508 cmdline: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6D39ED87-D5E3-4531-AD77-9BBEDC82DCAB} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 532 cmdline: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CD0E6580-BEFA-4156-A6B9-224AE1C144D4} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 6924 cmdline: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76D3BE47-3108-4355-987E-96FD21AAE7DE} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 2336 cmdline: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{21D9055D-1632-4E84-9D59-F0731B49FF8E} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 6284 cmdline: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76179EBE-6058-4117-967C-80856ABD982F} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 1284 cmdline: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B07184C-5113-4F64-92ED-9A263AB05DA7} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 6252 cmdline: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10209B81-218A-4EF3-8AF1-19A29A5986F9} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 3056 cmdline: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{996A2DD5-2A2C-48CE-AC11-9EA456FDC2E7} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 6300 cmdline: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EFD1604A-6248-4498-ADCE-3361829C7E1D} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 2740 cmdline: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CE560784-D3BB-44F4-9907-C10B218DCC17} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 1792 cmdline: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1B60702B-AD7B-47CC-B27B-DE367CA1D354} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 6244 cmdline: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{37BB446B-F9AF-4014-A93F-55A3E319780F} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 848 cmdline: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2CF4727D-7605-4A5F-8B09-A18BFB920E8A} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 1776 cmdline: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3C13FFD2-7102-4879-9759-81B32AE3765D} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ServiceShell.exe (PID: 3056 cmdline: "C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe" MD5: 2A955535DD9B5629EE10275B84252252)
      • dllhost.exe (PID: 532 cmdline: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} MD5: 08EB78E5BE019DF044C26B14703BD1FA)
    • msiexec.exe (PID: 5876 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding E2F957FEC349BF7B483546BFBAD7298A MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • ISBEW64.exe (PID: 3496 cmdline: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{650B6CF9-4E93-4302-87AA-17533D8B885D} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 5856 cmdline: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C3CDC299-282E-4460-8D30-E1232142E995} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
        • conhost.exe (PID: 6668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • ISBEW64.exe (PID: 3660 cmdline: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B66BE4B-B0C3-4DC1-97B8-6F778BA1D76E} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 6348 cmdline: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D661ED2D-688E-41CC-9DEC-612D0C81BA5D} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 6768 cmdline: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5820DB16-9391-42AA-BF17-584A7B99DCB5} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 5508 cmdline: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{313BCC91-5505-4E94-AED8-911B55BF87B7} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 4212 cmdline: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{55B683E6-2048-47C3-97F1-301495CEBE86} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 6912 cmdline: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{49C79C11-F027-44D7-A2B9-2E9D8A93B766} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 7152 cmdline: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A5B49D98-6548-4070-BA57-D5A2DDA91B2E} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
      • ISBEW64.exe (PID: 4540 cmdline: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{01428B13-0DF2-4580-86F4-CAC7053EC6FA} MD5: 7EB57876FF781F17ADCE41FFC70D1F31)
    • msiexec.exe (PID: 1596 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 978A58EFDA084F66A555F22C9485C2C4 E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • sc.exe (PID: 2992 cmdline: "C:\Windows\System32\sc.exe" config DellClientManagementService start= delayed-auto MD5: D9D7684B8431A0D10D0E76FE9F5FFEC8)
        • conhost.exe (PID: 4092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • msiexec.exe (PID: 1884 cmdline: C:\Windows\System32\MsiExec.exe -Embedding 3D34A1BCEFEFC55E701097BF7FDC5FA7 E Global\MSI0000 MD5: E5DA170027542E25EDE42FC54C929077)
      • DismHost.exe (PID: 5360 cmdline: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\dismhost.exe {FEA8E85D-CA55-4941-A607-6EF73554AE62} MD5: E5D5E9C1F65B8EC7AA5B7F1B1ACDD731)
  • dllhost.exe (PID: 6412 cmdline: C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} MD5: 08EB78E5BE019DF044C26B14703BD1FA)
  • msdtc.exe (PID: 6484 cmdline: C:\Windows\System32\msdtc.exe MD5: 2EF846AC66E181BE820B513DBC15B5D2)
  • svchost.exe (PID: 4368 cmdline: C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • rundll32.exe (PID: 5128 cmdline: rundll32.exe AppXDeploymentExtensions.OneCore.dll,ShellRefresh MD5: EF3179D498793BF4234F708D3BE28633)
  • ServiceShell.exe (PID: 4248 cmdline: "C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe" MD5: 2A955535DD9B5629EE10275B84252252)
    • InvColPC.exe (PID: 4100 cmdline: "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress MD5: 4BD8BEF0043F64D5CBF6D0DEF23B3665)
      • conhost.exe (PID: 6212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • invcol.exe (PID: 6180 cmdline: C:\Windows\TEMP\inv5098_tmp\.\invcol.exe -bdir="C:\Windows\system32" "-progress" MD5: 506B775742D085B7921B84E0FFEB63C1)
    • InvColPC.exe (PID: 1032 cmdline: "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -outc=C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml MD5: 4BD8BEF0043F64D5CBF6D0DEF23B3665)
      • conhost.exe (PID: 2356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • invcol.exe (PID: 1240 cmdline: C:\Windows\TEMP\inv5098_tmp_1\.\invcol.exe -bdir="C:\Windows\system32" "-outc=C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml" MD5: 506B775742D085B7921B84E0FFEB63C1)
    • InvColPC.exe (PID: 5320 cmdline: "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress MD5: 4BD8BEF0043F64D5CBF6D0DEF23B3665)
      • conhost.exe (PID: 304 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • invcol.exe (PID: 3960 cmdline: C:\Windows\TEMP\inv65D5_tmp\.\invcol.exe -bdir="C:\Windows\system32" "-progress" MD5: 506B775742D085B7921B84E0FFEB63C1)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\msiexec.exe, ProcessId: 1884, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qoyj5agt.30g.ps1
Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 656, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6952, ProcessName: svchost.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\DellJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdateJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\readme.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\App.Core.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Configuration.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Configuration.RemoteStorage.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\FrameworkCore.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\GUI.Core.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Interop.COMAdmin.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Interop.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Logger.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Scheduler.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Serialize.Linq.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Configuration.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.ContinualService.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Core.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Notifications.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.ServiceModel.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Storage.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\System.Reactive.Core.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\System.Reactive.Interfaces.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Update.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\UpdateClient.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\UserSettings.Configuration.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Verification.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\WindowsManagement.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\dcu-cli.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\log4net.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5669AB71-1302-4412-8DA1-CB69CD7B7324}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\readme.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\ThirdPartyLicenses.txtJump to behavior
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile opened: C:\Windows\TEMP\inv5098_tmp\msvcr100.dll
Source: Binary string: C:\CodeBases\isdev\Redist\Language Independent\i386\ISSetup.pdb source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi
Source: Binary string: DismCorePS.pdb source: DismHost.exe, 00000036.00000002.1728781104.00007FFF23044000.00000002.00000001.01000000.0000000C.sdmp, DismCorePS.dll.53.dr
Source: Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb8(R( D(_CorDllMainmscoree.dll source: ServiceShell.ContinualService.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Custom.Loader\obj\Release\Update.Custom.Loader.pdb source: ServiceShell.exe, 00000032.00000002.1782091857.0000028ED0522000.00000002.00000001.01000000.00000028.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Principal\obj\Release\Update.Principal.pdb source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Configuration\Configuration.Classic\obj\Release\Configuration.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1756041385.0000028EB72C2000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1776868100.0000028ED01E2000.00000002.00000001.01000000.00000023.sdmp, Storage.Classic.dll1.12.dr
Source: Binary string: DISMProv.pdb source: DismHost.exe, 00000036.00000002.1728438193.00007FFF2301D000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdb source: Storage.Classic.dll.12.dr
Source: Binary string: C:\Projects\Crossword\prasanna_mishra_jigsaw_1.0\jigsaw\jigsaw_src\StaticIC\StaticIC\Release\StaticIC.pdb source: StaticIC.exe.62.dr
Source: Binary string: c:\prod_jenkins\workspace\Platinum-SDK-V1\dotnet\proj\Dell.Pla.P1.Common\obj\Release\Dell.Pla.P1.Common.pdbH_b_ T__CorDllMainmscoree.dll source: Dell.Pla.P1.Common.dll.12.dr
Source: Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.Core\bin\Release\net45\System.Reactive.Core.pdb source: ServiceShell.exe, 00000032.00000002.1776516728.0000028ED01B2000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Transfer\Transfer\obj\Release\Transfer.pdbL source: ServiceShell.exe, 00000039.00000002.2539522546.000002AF6C762000.00000002.00000001.01000000.00000046.sdmp
Source: Binary string: dismhost.pdbGCTL source: DismHost.exe, 00000036.00000000.1652308247.00007FF7E884B000.00000002.00000001.01000000.0000000B.sdmp, DismHost.exe.53.dr
Source: Binary string: dismhost.pdb source: DismHost.exe, 00000036.00000000.1652308247.00007FF7E884B000.00000002.00000001.01000000.0000000B.sdmp, DismHost.exe.53.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\WindowsManagement.Principal\obj\Release\WindowsManagement.Principal.pdb source: ServiceShell.exe, 00000032.00000002.1777701885.0000028ED033A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2514158477.000002AF6BCE2000.00000002.00000001.01000000.00000040.sdmp, WindowsManagement.Principal.dll.12.dr
Source: Binary string: AppxProvider.pdbGCTL source: DismHost.exe, 00000036.00000002.1727165204.00007FFF22F04000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\UpdateScheduler.Principal\obj\Release\UpdateScheduler.Principal.pdb source: ServiceShell.exe, 00000039.00000002.2516704711.000002AF6BF42000.00000002.00000001.01000000.00000043.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdbL-f- X-_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1776868100.0000028ED01E2000.00000002.00000001.01000000.00000023.sdmp, Storage.Classic.dll1.12.dr
Source: Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.PlatformServices\bin\Release\net45\System.Reactive.PlatformServices.pdbxp source: System.Reactive.PlatformServices.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Core.Classic\obj\Release\ServiceShell.Core.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757240624.0000028EB7802000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: OfflineSetupProvider.pdbGCTL source: OfflineSetupProvider.dll.53.dr
Source: Binary string: vcruntime140.amd64.pdbGCTL source: InvColPC.exe, 0000003E.00000002.2337266370.0000000000EE0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\asimov\Source\ServiceShell.Configuration\obj\Release\ServiceShell.Configuration.pdb source: ServiceShell.Configuration.dll.12.dr
Source: Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\crossword_ie\crossword_driverapp\DriverIE_src\winnt\nt32\Release\DRVUpdate.pdb source: DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr
Source: Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb\L source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Proxy\obj\Release\ServiceShell.Proxy.pdb source: ServiceShell.exe, 00000032.00000002.1786172642.0000028ED0CF2000.00000002.00000001.01000000.0000002B.sdmp, ServiceShell.Proxy.dll.12.dr
Source: Binary string: DpInst.pdbH source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp
Source: Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\crossword_ie\crossword_driverapp\DriverIE_src\winnt\nt32\Release\PNPUpdate.pdb source: PNPUpdate.exe.62.dr
Source: Binary string: c:\jenkins\jobs\DCU2.1\workspace\DCU\Source\Tools\Internal\DemoDpinst\obj\Release\dpinst.pdb source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp
Source: Binary string: c:\CodeBases\isdev\Src\Runtime\MSI\CustomActions\ClrPSHelper\obj\x64\Release\ClrPSHelper.pdb source: 532a59.rbs.12.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Configuration\Configuration.RemoteStorage.Classic\obj\Release\Configuration.RemoteStorage.Classic.pdb source: ServiceShell.exe, 00000039.00000002.2513379047.000002AF6BC02000.00000002.00000001.01000000.0000003F.sdmp, Configuration.RemoteStorage.Classic.dll0.12.dr
Source: Binary string: bacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell\obj\Release\ServiceShell.pdb source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED0786000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: DmiProvider.pdb source: DmiProvider.dll.53.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ServiceModel.Classic\obj\Release\ServiceShell.ServiceModel.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757565087.0000028EB7852000.00000002.00000001.01000000.0000001A.sdmp, ServiceShell.ServiceModel.Classic.dll0.12.dr
Source: Binary string: DISMProv.pdbGCTL source: DismHost.exe, 00000036.00000002.1728438193.00007FFF2301D000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\ServiceShell.Logger\obj\Release\ServiceShell.Logger.pdb source: ServiceShell.exe, 00000032.00000002.1756309426.0000028EB72F2000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: ImagingProvider.pdb source: ImagingProvider.dll.53.dr
Source: Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.PlatformServices\bin\Release\net45\System.Reactive.PlatformServices.pdb source: System.Reactive.PlatformServices.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Transfer\SharpBITS.Base\obj\Release\SharpBITS.Base.pdb source: ServiceShell.exe, 00000039.00000002.2539864659.000002AF6C772000.00000002.00000001.01000000.00000047.sdmp, SharpBITS.Base.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\UserSettings.Configuration.Classic\obj\Release\UserSettings.Configuration.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1756184608.0000028EB72E2000.00000002.00000001.01000000.00000015.sdmp, UserSettings.Configuration.Classic.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Custom\obj\Release\Update.Custom.pdb source: ServiceShell.exe, 00000032.00000002.1781970252.0000028ED0512000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\Thunderbolt_FW_Reg\Release\ThunderboltRegModule.pdb source: ThunderboltRegModule.exe.62.dr
Source: Binary string: FfuProvider.pdb source: FfuProvider.dll.53.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\UpdateClient\UpdateClient.Classic\obj\Release\UpdateClient.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1786266374.0000028ED0D02000.00000002.00000001.01000000.0000002C.sdmp, UpdateClient.Classic.dll.12.dr
Source: Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\ISBEW64\x64\Release\ISBEW64.pdb source: ISBEW64.exe, 0000000E.00000000.1373616080.00007FF61EDC7000.00000002.00000001.01000000.00000006.sdmp, ISBEW64.exe, 00000018.00000000.1383569184.00007FF629957000.00000002.00000001.01000000.00000007.sdmp, ISBEW64.exe, 00000025.00000000.1499833281.00007FF7C0077000.00000002.00000001.01000000.00000008.sdmp, ISBEW64.exe0.13.dr
Source: Binary string: DpInst.pdb source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell\obj\Release\ServiceShell.pdb source: ServiceShell.exe, 00000032.00000000.1528658920.0000028EB6E92000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\WindowsManagement.Classic\obj\Release\WindowsManagement.Classic.pdbT source: ServiceShell.exe, 00000039.00000002.2514903207.000002AF6BD12000.00000002.00000001.01000000.00000041.sdmp, WindowsManagement.Classic.dll0.12.dr
Source: Binary string: LogProvider.pdb source: DismHost.exe, 00000036.00000002.1727727691.00007FFF22FAB000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Execution\Execution\obj\Release\Execution.pdbt; source: ServiceShell.exe, 00000039.00000002.2540143577.000002AF6C782000.00000002.00000001.01000000.00000048.sdmp
Source: Binary string: ImagingProvider.pdbGCTL source: ImagingProvider.dll.53.dr
Source: Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\_IsRes2k\0009-English\Debug\_isres_0x0409.pdb source: _isres_0x0409.dll0.13.dr
Source: Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\UpdateClient\UpdateClient.Classic\obj\Release\UpdateClient.Classic.pdbhd source: ServiceShell.exe, 00000032.00000002.1786266374.0000028ED0D02000.00000002.00000001.01000000.0000002C.sdmp, UpdateClient.Classic.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\ServiceShell.Configuration\obj\Release\ServiceShell.Configuration.pdb source: ServiceShell.exe, 00000032.00000002.1755937437.0000028EB72B2000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: LogProvider.pdbGCTL source: DismHost.exe, 00000036.00000002.1727727691.00007FFF22FAB000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb8(R( D(_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1758584715.0000028EB7932000.00000002.00000001.01000000.0000001E.sdmp, ServiceShell.ContinualService.dll0.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Loader\obj\Release\ServiceShell.Loader.pdb source: ServiceShell.exe, 00000032.00000002.1757667211.0000028EB7872000.00000002.00000001.01000000.0000001B.sdmp, ServiceShell.Loader.dll.12.dr
Source: Binary string: C:\DSIA\crossword\crossword_ie\crossword_driverapp\DriverIE_src\winnt\nt32\Release\SCSIUpdate.pdb source: SCSIUpdate.exe.62.dr
Source: Binary string: AppxProvider.pdb source: DismHost.exe, 00000036.00000002.1727165204.00007FFF22F04000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb@! source: ServiceShell.exe, 00000032.00000002.1776975385.0000028ED01F2000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\net45\Newtonsoft.Json.pdb source: Newtonsoft.Json.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Transfer\Transfer\obj\Release\Transfer.pdb source: ServiceShell.exe, 00000039.00000002.2539522546.000002AF6C762000.00000002.00000001.01000000.00000046.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb@! source: Update.Classic.dll0.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Storage.Principal\obj\Release\Storage.Principal.pdb source: ServiceShell.exe, 00000039.00000002.2515948801.000002AF6BE02000.00000002.00000001.01000000.00000042.sdmp
Source: Binary string: DmiProvider.pdbGCTL source: DmiProvider.dll.53.dr
Source: Binary string: msvcr100.i386.pdb source: invcol.exe, 00000041.00000002.2282658956.0000000073CE1000.00000020.00000001.01000000.00000031.sdmp
Source: Binary string: msvcp100.i386.pdb source: invcol.exe, 00000041.00000002.2281502645.000000006CD61000.00000020.00000001.01000000.00000033.sdmp, invcol.exe, 00000045.00000002.2328667240.000000006CC31000.00000020.00000001.01000000.0000003C.sdmp, msvcp100.dll.61.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\FrameworkCore\FrameworkCore.Classic\obj\Release\FrameworkCore.Classic.pdb\O source: ServiceShell.exe, 00000032.00000002.1757884351.0000028EB7892000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: OfflineSetupProvider.pdb source: OfflineSetupProvider.dll.53.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Logger\Logger.Classic\obj\Release\Logger.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1756981070.0000028EB7432000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ServiceModel.Classic\obj\Release\ServiceShell.ServiceModel.Classic.pdb8,R, D,_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1757565087.0000028EB7852000.00000002.00000001.01000000.0000001A.sdmp, ServiceShell.ServiceModel.Classic.dll0.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Telemetry\UpdateTelemetry.Proxy\obj\Release\UpdateTelemetry.Proxy.pdb source: ServiceShell.exe, 00000039.00000002.2517599079.000002AF6BFB2000.00000002.00000001.01000000.00000044.sdmp, UpdateTelemetry.Proxy.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Verification\Verification\obj\Release\Verification.pdb source: ServiceShell.exe, 00000032.00000002.1757767388.0000028EB7882000.00000002.00000001.01000000.0000001C.sdmp, Verification.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1776975385.0000028ED01F2000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\WindowsManagement.Classic\obj\Release\WindowsManagement.Classic.pdb source: ServiceShell.exe, 00000039.00000002.2514903207.000002AF6BD12000.00000002.00000001.01000000.00000041.sdmp, WindowsManagement.Classic.dll0.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb source: ServiceShell.ContinualService.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdbL-f- X-_CorDllMainmscoree.dll source: Storage.Classic.dll.12.dr
Source: Binary string: c:\Dev\Esskar\Serialize.Linq\src\Serialize.Linq.Net45\obj\Release\Serialize.Linq.pdb source: ServiceShell.exe, 00000032.00000002.1777354098.0000028ED02C2000.00000002.00000001.01000000.00000026.sdmp, Serialize.Linq.dll0.12.dr
Source: Binary string: OSProvider.pdbGCTL source: DismHost.exe, 00000036.00000002.1728033479.00007FFF22FD6000.00000002.00000001.01000000.0000000E.sdmp, OSProvider.dll.53.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Execution\Execution\obj\Release\Execution.pdb source: ServiceShell.exe, 00000039.00000002.2540143577.000002AF6C782000.00000002.00000001.01000000.00000048.sdmp
Source: Binary string: vcruntime140.amd64.pdb source: InvColPC.exe, 0000003E.00000002.2337266370.0000000000EE0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: FfuProvider.pdbGCTL source: FfuProvider.dll.53.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Scheduler\Scheduler\obj\Release\Scheduler.pdb source: ServiceShell.exe, 00000032.00000002.1785810546.0000028ED0C82000.00000002.00000001.01000000.00000029.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb source: ServiceShell.exe, 00000032.00000002.1758584715.0000028EB7932000.00000002.00000001.01000000.0000001E.sdmp, ServiceShell.ContinualService.dll0.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Telemetry\UpdateTelemetry.Principal\obj\Release\UpdateTelemetry.Principal.pdb source: ServiceShell.exe, 00000032.00000002.1785970883.0000028ED0CE2000.00000002.00000001.01000000.0000002A.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Verification\Verification\obj\Release\Verification.pdbhK source: ServiceShell.exe, 00000032.00000002.1757767388.0000028EB7882000.00000002.00000001.01000000.0000001C.sdmp, Verification.dll.12.dr
Source: Binary string: DismCorePS.pdbGCTL source: DismHost.exe, 00000036.00000002.1728781104.00007FFF23044000.00000002.00000001.01000000.0000000C.sdmp, DismCorePS.dll.53.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Interop\Interop.Classic\obj\Release\Interop.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757450729.0000028EB7832000.00000002.00000001.01000000.00000019.sdmp, Interop.Classic.dll0.12.dr
Source: Binary string: OSProvider.pdb source: DismHost.exe, 00000036.00000002.1728033479.00007FFF22FD6000.00000002.00000001.01000000.0000000E.sdmp, OSProvider.dll.53.dr
Source: Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.Interfaces\bin\Release\net45\System.Reactive.Interfaces.pdb@4Z4 L4_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1777199207.0000028ED0292000.00000002.00000001.01000000.00000025.sdmp, System.Reactive.Interfaces.dll0.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\FrameworkCore\FrameworkCore.Classic\obj\Release\FrameworkCore.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757884351.0000028EB7892000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: DpInst.pdbp source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\ServiceShell.Logger\obj\Release\ServiceShell.Logger.pdbh> source: ServiceShell.exe, 00000032.00000002.1756309426.0000028EB72F2000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Notifications\obj\Release\ServiceShell.Notifications.pdb source: ServiceShell.exe, 00000032.00000002.1776740754.0000028ED01D2000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\Thunderbolt_FW_Reg\Release\ThunderboltRegModule.pdb( source: ThunderboltRegModule.exe.62.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Proxy\obj\Release\ServiceShell.Proxy.pdbD7^7 P7_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1786172642.0000028ED0CF2000.00000002.00000001.01000000.0000002B.sdmp, ServiceShell.Proxy.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb source: Update.Classic.dll0.12.dr
Source: Binary string: c:\prod_jenkins\workspace\Platinum-SDK-V1\dotnet\proj\Dell.Pla.P1.Common\obj\Release\Dell.Pla.P1.Common.pdb source: Dell.Pla.P1.Common.dll.12.dr
Source: Binary string: .pdbH source: ServiceShell.exe, 00000032.00000002.1783248118.0000028ED066D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.Interfaces\bin\Release\net45\System.Reactive.Interfaces.pdb source: ServiceShell.exe, 00000032.00000002.1777199207.0000028ED0292000.00000002.00000001.01000000.00000025.sdmp, System.Reactive.Interfaces.dll0.12.dr
Source: Binary string: indoC:\Windows\Scheduler.pdb source: ServiceShell.exe, 00000039.00000002.2453945924.000000C80B770000.00000004.00000010.00020000.00000000.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\svchost.exeFile opened: d:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\dllhost.exeFile opened: c:
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: dellupdater.dell.com
Source: global trafficDNS traffic detected: DNS query: downloads.dell.com
Source: ThunderboltRegModule.exe.62.drString found in binary or memory: ftp://http://hrefbaseheadhtml%.20s%ddefault%d%.20scopying
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aia.en
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aia.ent/evcs1-chain256U
Source: ServiceShell.exe, 00000032.00000002.1780859478.0000028ED046C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C3B4000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr, ServiceShell.Configuration.dll.12.dr, invcol.exe.66.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, ThunderboltRegModule.exe.62.dr, Storage.Classic.dll.12.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, WindowsManagement.Classic.dll0.12.dr, UpdateTelemetry.Proxy.dll.12.drString found in binary or memory: http://aia.entrust.net/evcs1-chain256.cer01
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aia.entrust.net/ovcs2-chain.p7c
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, BITEE8F.tmp.2.drString found in binary or memory: http://aia.entrust.net/ovcs2-chain.p7c01
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aia.entrust.net/ovcs2-chain.p7cg
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aia.entrust.net/ts1-chain256.cer
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aia.entrust.net/ts1-chain256.cer$
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1783248118.0000028ED066D000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1774767894.0000028ED00E8000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED0786000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C02B000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C584000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.drString found in binary or memory: http://aia.entrust.net/ts1-chain256.cer01
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://aia.entrust.net/ts1-chain256.cer5xD
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.en
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.en%
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl(xQ
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, Storage.Classic.dll.12.dr, WindowsManagement.Classic.dll0.12.dr, UpdateTelemetry.Proxy.dll.12.dr, BITEE8F.tmp.2.drString found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crlfx
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/csbr1.crl
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C02B000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4A6000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, BITEE8F.tmp.2.drString found in binary or memory: http://crl.entrust.net/csbr1.crl0
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/csbr1.crl5
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/evcs1.crl
Source: ServiceShell.exe, 00000032.00000002.1780859478.0000028ED046C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C3B4000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr, ServiceShell.Configuration.dll.12.dr, invcol.exe.66.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, ThunderboltRegModule.exe.62.dr, Storage.Classic.dll.12.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, WindowsManagement.Classic.dll0.12.dr, UpdateTelemetry.Proxy.dll.12.drString found in binary or memory: http://crl.entrust.net/evcs1.crl0J
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/g2ca.crl
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, BITEE8F.tmp.2.drString found in binary or memory: http://crl.entrust.net/g2ca.crl0
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C12E000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 0000003D.00000002.2286382085.00000000010F0000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 0000003E.00000002.2336985250.0000000000ED0000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 00000042.00000002.2337144714.00000000010A4000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr, ServiceShell.Configuration.dll.12.dr, invcol.exe.66.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, ThunderboltRegModule.exe.62.dr, Storage.Classic.dll.12.dr, PNPUpdate.exe.62.dr, osinv.exe.62.drString found in binary or memory: http://crl.entrust.net/g2ca.crl0;
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/g2ca.crl7
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/g2ca.crlE
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/g2ca.crlM
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/g2ca.crlk
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/g2ca.crlo
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/g2ca.crlq
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/ovcs2.crl
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/ovcs2.crl-
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, BITEE8F.tmp.2.drString found in binary or memory: http://crl.entrust.net/ovcs2.crl0
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C02B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/ts1ca.cr
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/ts1ca.crl
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/ts1ca.crl-xl
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1783248118.0000028ED066D000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1774767894.0000028ED00E8000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED0786000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C584000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.drString found in binary or memory: http://crl.entrust.net/ts1ca.crl0
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/ts1ca.crl3
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/ts1ca.crl;xB
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/ts1ca.crlOxN
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/ts1ca.crlR
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/ts1ca.crlkx
Source: DismHost.exe, 00000036.00000003.1656886936.000001A279CFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.mic
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: svchost.exe, 00000002.00000002.2464209907.0000028260E00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C0F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.net/evcs1.crl00A06
Source: ServiceShell.exe, 00000032.00000002.1774767894.0000028ED00E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabme.k
Source: ServiceShell.exe, 00000032.00000002.1774767894.0000028ED00E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/encj
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmpString found in binary or memory: http://dellincca.dell.com/aia/externalissuingca2.crt0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmpString found in binary or memory: http://dellincca.dell.com/cps/dellinccps.htm0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmpString found in binary or memory: http://dellincca.dell.com/crl/Dell%20Inc.%20Enterprise%20CA.crl0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmpString found in binary or memory: http://dellincca.dell.com/crl/Dell%20Inc.%20Enterprise%20CA.crt0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmpString found in binary or memory: http://dellincca.dell.com/crl/externalissuingca2.crl0P
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.drString found in binary or memory: http://exslt.org/common
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.drString found in binary or memory: http://exslt.org/commonxsl:sort
Source: svchost.exe, 00000002.00000003.1202943646.0000028260C50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: invcol.exe, 00000045.00000003.2324251088.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.drString found in binary or memory: http://icl.com/saxon
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.drString found in binary or memory: http://icl.com/saxonFound
Source: Newtonsoft.Json.dll.12.drString found in binary or memory: http://james.newtonking.com/projects/json
Source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.drString found in binary or memory: http://logging.apache.org/log4net/release/faq.html#trouble-EventLog
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://ocsp.digicert.com0A
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://ocsp.digicert.com0C
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://ocsp.digicert.com0N
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://ocsp.digicert.com0O
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net(h8H&
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBTXgePhfsJco9hFmE0qWx1GtVqUPQQUKnCVOp%2F2k8Xzis
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQYZiPAAGkmN%2BgbjpL0XWVofDLNAQUKgpvMiwpICF2ar
Source: ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRRKiO2Poi0XFwdRr1PZXruPzTMZAQU75%2B6ebBz8iUeeJ
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRr2bwARTxMtEy9aspRAZg5QFhagQQUgrrWPZfOn89x6JI3
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRzOQUpInJktokRKeuwxSyxHXa9owQUw8Jx0nvXaAWuOzmb
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTLXNCzDvBhHecWjg70iJhBW0InywQUanImetAe733nO2lR
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C12E000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 0000003D.00000002.2286382085.00000000010F0000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 0000003E.00000002.2336985250.0000000000ED0000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 00000042.00000002.2337144714.00000000010A4000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr, ServiceShell.Configuration.dll.12.dr, invcol.exe.66.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.drString found in binary or memory: http://ocsp.entrust.net00
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C02B000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4A6000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, BITEE8F.tmp.2.drString found in binary or memory: http://ocsp.entrust.net01
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED0786000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, Storage.Classic.dll.12.drString found in binary or memory: http://ocsp.entrust.net02
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1783248118.0000028ED066D000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1774767894.0000028ED00E8000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C584000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.drString found in binary or memory: http://ocsp.entrust.net03
Source: ServiceShell.exe, 00000032.00000002.1780859478.0000028ED046C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C3B4000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr, ServiceShell.Configuration.dll.12.dr, invcol.exe.66.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, ThunderboltRegModule.exe.62.dr, Storage.Classic.dll.12.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, WindowsManagement.Classic.dll0.12.dr, UpdateTelemetry.Proxy.dll.12.drString found in binary or memory: http://ocsp.entrust.net05
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net1.3.6.1.5.5.7.48.2http://aia.entrust.net/ts1-chain256.cerLF
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net3
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net8
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.netD
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.netJhZH
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.neta
Source: ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/2048ca.crl
Source: ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/2048ca.crlu
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/evcs1.crl
Source: ServiceShell.exe, 00000032.00000002.1783248118.0000028ED06E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/g2ca.crl9
Source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.nethttp://crl.entrust.net/ts1ca.crl
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.neti
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.nett
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5BF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.netxhHH
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entr~
Source: ServiceShell.exe, 00000032.00000002.1781240151.0000028ED0483000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.suscerte.gob.ve0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiString found in binary or memory: http://ocsp.thawte.com0
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://reactivex.io/0
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.dr, ThunderboltRegModule.exe.62.drString found in binary or memory: http://relaxng.org/ns/structure/1.0
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, StaticIC.exe.62.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, StaticIC.exe.62.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.drString found in binary or memory: http://s.symcd.com06
Source: SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiString found in binary or memory: http://s2.symcb.com0
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7A28000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Dell.Asimov.ServiceShell.Core
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Dell.Asimov.ServiceShell.Corex
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Dell.Asimov.Storage
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53680000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53AB0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53A86000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53C8E000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53C1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Dell.Asimov.Update
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Dell.Asimov.UpdateZ
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7A28000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Dell.Asimov.WindowsManagement
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Serialize.Linq.Nodes
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/Serialize.Linq.NodesH
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.IO
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.Linq.Expressions
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53680000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53AB0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53A86000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53C8E000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53C1E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceModel
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.Xml
Source: StaticIC.exe.62.drString found in binary or memory: http://schemas.dell.com/openmanage/cm/2009/1/1/staticinventory.xsd
Source: DismHost.exe, 00000036.00000002.1720338328.000001A279A9E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.microsoft
Source: DismHost.exe, 00000036.00000003.1658367099.000001A279CF0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.microsoft.c
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/rol
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7A28000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F00000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, SCSIUpdate.exe.62.drString found in binary or memory: http://sf.symcb.com/sf.crl0f
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, SCSIUpdate.exe.62.drString found in binary or memory: http://sf.symcb.com/sf.crt0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, SCSIUpdate.exe.62.drString found in binary or memory: http://sf.symcd.com0&
Source: SCSIUpdate.exe.62.drString found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiString found in binary or memory: http://sv.symcb.com/sv.crl0f
Source: SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiString found in binary or memory: http://sv.symcb.com/sv.crt0
Source: SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiString found in binary or memory: http://sv.symcd.com0&
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7A28000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/:ValidatedNamedPipeBinding
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/:ValidatedNamedPipeBinding_
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7A28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/:ValidatedNamedPipeBindingb
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/H
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, StaticIC.exe.62.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, StaticIC.exe.62.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, StaticIC.exe.62.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C0F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wst.net/rpa0
Source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiString found in binary or memory: http://www.adrchambers.com/
Source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.drString found in binary or memory: http://www.apache.org/).
Source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.drString found in binary or memory: http://www.apache.org/licenses/
Source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: svchost.exe, 00000004.00000002.1366939262.000001F1C0413000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bingmapsportal.com
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, SCSIUpdate.exe.62.drString found in binary or memory: http://www.dell.com
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: Interop.Classic.dll0.12.dr, DRVUpdate.exe0.62.drString found in binary or memory: http://www.entrust.net/rpa0
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED0786000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1777701885.0000028ED033A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2468001112.000002AF52C45000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.drString found in binary or memory: http://www.entrust.net/rpa03
Source: ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiString found in binary or memory: http://www.flexerasoftware.com0
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, invcol.exe, 00000045.00000002.2327889244.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.drString found in binary or memory: http://www.jclark.com/xt
Source: invcol.exe, 00000045.00000002.2327889244.0000000000FEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jclark.com/xtmp_1
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.drString found in binary or memory: http://www.jclark.com/xtnode-sethttp://xmlsoft.org/XSLT/namespacexsl:import
Source: Newtonsoft.Json.dll.12.drString found in binary or memory: http://www.newtonsoft.com/jsonschema
Source: ServiceShell.exe, 00000032.00000002.1781240151.0000028ED0483000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suscerte.gob.ve/dpc0
Source: ServiceShell.exe, 00000032.00000002.1781240151.0000028ED0483000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.suscerte.gob.ve/lcr0#
Source: SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiString found in binary or memory: http://www.symauth.com/cps0(
Source: SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiString found in binary or memory: http://www.symauth.com/rpa00
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.oh
Source: ServiceShell.exe, 00000032.00000002.1758830092.0000028EB80FC000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB80F0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB80BD000.00000004.00000800.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1682274411.000001A27A346000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.w3.or
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.drString found in binary or memory: http://xmlsoft.org/XSLT/
Source: invcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.drString found in binary or memory: http://xmlsoft.org/XSLT/Registering
Source: invcol.exe, 00000045.00000002.2327889244.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.drString found in binary or memory: http://xmlsoft.org/XSLT/namespace
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ISBEW64.exe0.13.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, ISRT.dll.13.dr, StaticIC.exe.62.dr, 532a59.rbs.12.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiString found in binary or memory: https://d.symcb.com/cps0%
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ISBEW64.exe0.13.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, ISRT.dll.13.dr, StaticIC.exe.62.dr, 532a59.rbs.12.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiString found in binary or memory: https://d.symcb.com/rpa0
Source: SCSIUpdate.exe.62.dr, icsvc32.dll.62.dr, invcol.exe.66.dr, ThunderboltRegModule.exe.62.dr, PNPUpdate.exe.62.dr, osinv.exe.62.dr, StaticIC.exe.62.dr, DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.drString found in binary or memory: https://d.symcb.com/rpa0.
Source: svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dellupdater.dell.com/
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53680000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dellupdater.dell.com/non_du/ClientService/Catalog/
Source: Service.log.50.drString found in binary or memory: https://dellupdater.dell.com/non_du/ClientService/Catalog/CatalogIndexPC.cab
Source: svchost.exe, 00000002.00000002.2462330694.000002825C540000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185094103.0000028260C55000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2463421692.0000028260C5F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dellupdater.dell.com/non_du/ClientService/Catalog/CatalogIndexPC.cab3C:
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmpString found in binary or memory: https://dellupdater.dell.com/non_du/ClientService/Catalog/Platform/
Source: svchost.exe, 00000004.00000002.1367067080.000001F1C0459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
Source: svchost.exe, 00000004.00000003.1366423405.000001F1C045F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1367082424.000001F1C0465000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366368706.000001F1C0462000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366516827.000001F1C045A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1367139186.000001F1C0481000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000004.00000002.1367139186.000001F1C0481000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
Source: svchost.exe, 00000004.00000003.1366351770.000001F1C0467000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
Source: svchost.exe, 00000004.00000003.1366220951.000001F1C0486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Stops/
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
Source: svchost.exe, 00000004.00000002.1367002000.000001F1C043F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366368706.000001F1C0462000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366516827.000001F1C045A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366351770.000001F1C0467000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
Source: svchost.exe, 00000004.00000002.1367002000.000001F1C043F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1367082424.000001F1C0465000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366368706.000001F1C0462000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
Source: svchost.exe, 00000004.00000003.1366550157.000001F1C0441000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1367017153.000001F1C0444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
Source: svchost.exe, 00000004.00000003.1366368706.000001F1C0462000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
Source: svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C3B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.dell.com/
Source: ServiceShell.exe, 00000039.00000002.2469404116.000002AF53680000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://downloads.dell.com/catalog/2
Source: Service.log.50.drString found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cab
Source: svchost.exe, 00000002.00000002.2461270036.000002825C100000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cab312
Source: svchost.exe, 00000002.00000002.2462330694.000002825C540000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2471779399.0000028261220000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2185094103.0000028260C55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cab3C:
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cabN
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C350000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cabe
Source: svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cabm/
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cabocLMEMp
Source: svchost.exe, 00000002.00000002.2466616382.0000028260E79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.dell.com/catalog/CatalogIndexPC.cabp
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmpString found in binary or memory: https://downloads.dell.com/catalog/DriverPackCatalog.CAB
Source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmpString found in binary or memory: https://downloads.dell.com/catalog/DriverPackCatalog.CAB1Cannot
Source: svchost.exe, 00000002.00000002.2467383721.0000028260EA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://downloads.dell.com:443/catalog/CatalogIndexPC.cablog/CatalogIndexPC.cabVolume
Source: svchost.exe, 00000004.00000003.1366533850.000001F1C0449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
Source: svchost.exe, 00000004.00000002.1367017153.000001F1C0444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000004.00000003.1366368706.000001F1C0462000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000004.00000003.1366423405.000001F1C045F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366550157.000001F1C0441000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
Source: svchost.exe, 00000004.00000002.1367139186.000001F1C0481000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366351770.000001F1C0467000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000002.00000003.1202943646.0000028260CC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod-C:
Source: svchost.exe, 00000002.00000003.1202943646.0000028260CB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2-C:
Source: DismHost.exe, 00000036.00000003.1700313847.000001A279FB4000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1695283467.000001A279BEC000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1685119986.000001A27A4A3000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1696116252.000001A279FAB000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1680525296.000001A27A4A3000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1679450558.000001A27A4A2000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1691948065.000001A279ED5000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1680988314.000001A27A3E8000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000002.1723935671.000001A279E40000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000002.1724381865.000001A279EFB000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1702361908.000001A279E08000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1675318300.000001A279B42000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1700841640.000001A279EF6000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1706343758.000001A279F14000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1672461592.000001A27A478000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1680089697.000001A27A4BA000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1709231602.000001A279FCD000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1690660113.000001A279F00000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000002.1724656503.000001A279FB3000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1697671423.000001A279F14000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1704740036.000001A279EFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://microsoft.sharepoint.com/teams/appxmanifest/SitePages/Home.aspx
Source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiString found in binary or memory: https://opensource.dell.com/
Source: DismHost.exe, 00000036.00000003.1696721909.000001A279DE1000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1678004006.000001A27A3CB000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1682560908.000001A27A3E8000.00000004.00000020.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1704740036.000001A279EF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://osgwiki.com/wiki/Manifest_Request
Source: MSI2fadb.LOG.12.drString found in binary or memory: https://support.dell.com
Source: log4net.dll.12.drString found in binary or memory: https://svn.apache.org/repos/asf/logging/log4net/tags/2.0.8RC1
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virt
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtu
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.8?C
Source: svchost.exe, 00000004.00000003.1366550157.000001F1C0441000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
Source: svchost.exe, 00000004.00000003.1366533850.000001F1C0449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366550157.000001F1C0441000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.1367067080.000001F1C0459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366533850.000001F1C0449000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000004.00000003.1366467857.000001F1C045D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
Source: svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
Source: svchost.exe, 00000004.00000002.1367067080.000001F1C0459000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
Source: ServiceShell.exe, 00000032.00000002.1785970883.0000028ED0CE2000.00000002.00000001.01000000.0000002A.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516704711.000002AF6BF42000.00000002.00000001.01000000.00000043.sdmpString found in binary or memory: https://tm-sdk.platinumai.net
Source: MSI2fadb.LOG.12.drString found in binary or memory: https://www.dell.com
Source: readme.txt.12.drString found in binary or memory: https://www.dell.com/contactus
Source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiString found in binary or memory: https://www.dell.com/servicecontracts/global
Source: readme.txt.12.drString found in binary or memory: https://www.dell.com/support
Source: svchost.exe, 00000002.00000002.2466058940.0000028260E5D000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2466616382.0000028260E79000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dell.com/support/onlineapi/nellogger/log
Source: System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drString found in binary or memory: https://www.digicert.com/CPS0
Source: svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C584000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4A6000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, BITEE8F.tmp.2.drString found in binary or memory: https://www.entrust.net/rpa0
Source: Newtonsoft.Json.dll.12.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exeFile created: C:\Users\user\AppData\Local\Temp\APPX.6dty55tqcko6vfohyya_ri47e.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exeFile created: C:\Users\user\AppData\Local\Temp\APPX.t8mqwtu5j5pg8c5nai0t49rcf.tmpJump to dropped file
Source: ISBEW64.exeProcess created: 61
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\532a58.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{5669AB71-1302-4412-8DA1-CB69CD7B7324}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2E4F.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2ECD.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{5669AB71-1302-4412-8DA1-CB69CD7B7324}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{5669AB71-1302-4412-8DA1-CB69CD7B7324}\ARPPRODUCTICON.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5A14.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\532a5a.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\532a5a.msiJump to behavior
Source: C:\Windows\System32\dllhost.exeFile created: C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{2EF74E71-39CF-4E5B-A8B9-6E1C57F9D94F}.crmlog
Source: C:\Windows\Temp\inv5098_tmp_1\invcol.exeFile created: C:\Windows\invcol.tmp
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI2ECD.tmpJump to behavior
Source: MSIFDEB.tmp.11.drStatic PE information: Resource name: PUBLICKEY type: b.out overlay separate pure segmented executable V2.3 186 286 286 386 Large Text Large Data Huge Objects Enabled
Source: MSI166.tmp.11.drStatic PE information: Resource name: PUBLICKEY type: b.out overlay separate pure segmented executable V2.3 186 286 286 386 Large Text Large Data Huge Objects Enabled
Source: ThunderboltRegModule.exe.62.drBinary string: E\Device\PhysicalMemoryntdll.dllkernel32.dllNtOpenSectionNtCloseNtMapViewOfSectionNtUnmapViewOfSectionRtlInitUnicodeStringZwSystemDebugControlEnumSystemFirmwareTablesGetSystemFirmwareTable\device\physicalmemoryHandle to physical memory was not set or could not be opened.Error accessing buffer.Error mapping physical memory.Error unmapping physical memory.Could not use Debug Sysctl to read physical memory.Could not locate a table which can be used.Failed to allocate memory for Firmware table.GetSystemFirmwareTable returned 0 for table length.EnumSystemFirmwareTables returned 0 for table size.Could not load ntdll functions!SeDebugPrivilegewriting to physical memory is not implemented on Windows yet.dfG
Source: ThunderboltRegModule.exe.62.drBinary string: \Device\PhysicalMemory
Source: DmiProvider.dll.53.drBinary string: WdsCopyFileEx: Failed to copy [%s] to [%s], GLE = 0x%x; will retry in %u msWdsCopyFileEx: Failed to strip file attributes for %s, will delete. GLE = 0x%xWdsCopyFileEx: Failed to delete %s. GLE = 0x%xkernel32.dllFindFirstFileNameWFindNextFileNameWDeleteFileEx: Spoofing detected deleting [%s] -> [%s]\\?\Volume{DeleteFileEx: Unable to allocate hardlink path bufferDeleteFileEx: Unable to remove [%s]; GLE = 0x%xDeleteFileEx: hardlink given to us is: %sDeleteFileEx: Trying to set back attributes on: %sDeleteFileEx: Unable to restore attributes on [%s]; GLE = 0x%xDeleteFileEx: Unable to clear out attributes on [%s]; GLE = 0x%xDeleteFileEx: Unable to get information on [%s]; GLE = 0x%xDeleteFileEx: Unable to delete [%s]; GLE = 0x%xDeleteFileEx: Unable to open [%s]; GLE = 0x%xWdsRemoveDirectory: Unable to clear attributes on [%s]; GLE = 0x%xWdsRemoveDirectory: Unable to remove directory [%s]; GLE = 0x%xWdsRemoveDirectory: Unable to prepare path [%s]; GLE = 0x%xEnumeratePathEx: Unable to get reparse tag for persistent reparse point; GLE = 0x%x*...EnumeratePathEx: Unable to enumerate [%s]; GLE = 0x%xEnumeratePathEx: Callback requested enumeration interruption or hit internal enumeration failure on [%s]; GLE = 0x%xEnumeratePathEx: Unable to construct path under [%s]; GLE = 0x%xEnumeratePathEx: FindFirstFile failed for [%s]; GLE = 0x%xEnumeratePathEx: Failed search path is >= MAX_PATH!CopyDirectoryDirCallback: The copy was canceled by the user.CopyDirectoryFileCallback: The copy was canceled by the user.user32.dllSendMessageWmovecopyCopyDirectoryFileCallback: Unable to %s file from [%s] to [%s]; GLE = 0x%xCopyDirectoryEx2: Specified directory [%s] doesn't existCopyDirectoryEx2: Failed to copy [%s] to [%s], GLE = 0x%x; will retry in %u ms; am on try %u.\\?\UNCCreatePath: Unable to create [%s]; GLE = 0x%xCreatePath: Unable to create parent directory for [%s]; GLE = 0x%x\\?\GLOBALROOT\Device\\{bf1a281b-ad7b-4476-ac95-f47682990ce7}..{}..
Source: OfflineSetupProvider.dll.53.drBinary string: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-WIN-%s\%s\Device\KsecDD0123456789ABCDEFGHIJKLMNOPQRSTUVMUI%s\%s\%s.mui%s\%s.mui.\%s\%s.mui.\%s.muiMUI\%04hx
Source: icsvc32.dll.62.drBinary string: \Device\PhysicalMemoryntdll.dllkernel32.dllNtOpenSectionNtCloseNtMapViewOfSectionNtUnmapViewOfSectionRtlInitUnicodeStringZwSystemDebugControlEnumSystemFirmwareTablesGetSystemFirmwareTable\device\physicalmemoryHandle to physical memory was not set or could not be opened.Error accessing buffer.Error mapping physical memory.Error unmapping physical memory.Could not use Debug Sysctl to read physical memory.Could not locate a table which can be used.Failed to allocate memory for Firmware table.GetSystemFirmwareTable returned 0 for table length.EnumSystemFirmwareTables returned 0 for table size.Could not load ntdll functions!SeDebugPrivilegewriting to physical memory is not implemented on Windows yet.
Source: classification engineClassification label: mal60.evad.winZIP@107/1001@4/1
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\DellJump to behavior
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\C__ProgramData_Dell_UpdateService_Log_Service.log
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\3C0983922B7A37F32E4DADF6C3705488
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\51DC44F7D66E991AFDEE94749C67F5B1
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6212:120:WilError_03
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\6103E6FEA6513F7D8641496DF3C42447
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\63D3958AD4137B17EEA6FDDC9E63D2FF
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\9BAB89858416B94B57169E6F44E791DC
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\01EA8B2198FD50AAE6B5CEA9721955F5
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\A7E5FF56E202B41EAAC42B17A256D73C
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\C__ProgramData_Dell_UpdateService_Clients_CommandUpdate_Scheduler.dat
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\27CD7570C4C0E5DBC7983D2A71155F5E
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\1F9CF2888AAC14E30813E527230DBB05
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\CD63157A1FBFE56BD8E5632E9DE511B0
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\07F5ABE778811D938251CC7B2F4E1130
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\08A40336CB4486523758172D07374B6E
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\E5573EA3076405C89A19BF7E0B09A395
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\4E36918A3031C928AE18B751103E44B0
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\28C755528B74E002DD8710E57794A689
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exeMutant created: \Sessions\1\BaseNamedObjects\Global\WdsSetupLogInit
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\56CBA0F550C102E4764BA8DAE2218ECA
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\8659A036D365487B59B7B48E26D661D1
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\TIMER:C__ProgramData_Dell_UpdateService_Clients_CommandUpdate_Scheduler.dat
Source: C:\Windows\Temp\inv5098_tmp_1\invcol.exeMutant created: NULL
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\C__ProgramData_Dell_UpdateService_Log_Activity.log
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6668:120:WilError_03
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\CD519571451D12B765701B9BE164F1B3
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\7837B0190866F359D0E29347FB941532
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\F036C5A7E9DF3D703CDA4DE7A6B7A18B
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\DC6899D66958FD8C26C1022E00DD6773
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\D1A1B428E0C83DF495CE498FA6EB0704
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:304:120:WilError_03
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\93A2A6F52B8C2F043E8A7EEFCD649BB6
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4092:120:WilError_03
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMutant created: \BaseNamedObjects\Global\EBDB0655BF853ED705269172962984F6
Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:2356:120:WilError_03
Source: C:\Windows\System32\svchost.exeFile created: C:\ProgramData\Dell\UpdateService\Temp\BIT908F.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile read: C:\Windows\win.iniJump to behavior
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: unknownProcess created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F73FC5BE388AC90391F7C233BAB74653 C
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{607A0846-7FAA-484B-BAE7-495122EFB1D7}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BD98A506-F1A0-4A2A-94F9-1230E3DC00D0}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CA5762C4-33FC-4D8D-9D4F-E8335D2893E9}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{69BB69E2-CA60-448A-B3E2-C8DB9863E765}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F036FD47-334C-47B8-A3E5-01A14999B665}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B0CAD4F4-7A0D-4ED7-B980-E015B12ECC39}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6D39ED87-D5E3-4531-AD77-9BBEDC82DCAB}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CD0E6580-BEFA-4156-A6B9-224AE1C144D4}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76D3BE47-3108-4355-987E-96FD21AAE7DE}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{21D9055D-1632-4E84-9D59-F0731B49FF8E}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76179EBE-6058-4117-967C-80856ABD982F}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B07184C-5113-4F64-92ED-9A263AB05DA7}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10209B81-218A-4EF3-8AF1-19A29A5986F9}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{996A2DD5-2A2C-48CE-AC11-9EA456FDC2E7}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EFD1604A-6248-4498-ADCE-3361829C7E1D}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CE560784-D3BB-44F4-9907-C10B218DCC17}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1B60702B-AD7B-47CC-B27B-DE367CA1D354}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{37BB446B-F9AF-4014-A93F-55A3E319780F}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2CF4727D-7605-4A5F-8B09-A18BFB920E8A}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3C13FFD2-7102-4879-9759-81B32AE3765D}
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E2F957FEC349BF7B483546BFBAD7298A
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{650B6CF9-4E93-4302-87AA-17533D8B885D}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C3CDC299-282E-4460-8D30-E1232142E995}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B66BE4B-B0C3-4DC1-97B8-6F778BA1D76E}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D661ED2D-688E-41CC-9DEC-612D0C81BA5D}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5820DB16-9391-42AA-BF17-584A7B99DCB5}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{313BCC91-5505-4E94-AED8-911B55BF87B7}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{55B683E6-2048-47C3-97F1-301495CEBE86}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{49C79C11-F027-44D7-A2B9-2E9D8A93B766}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A5B49D98-6548-4070-BA57-D5A2DDA91B2E}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{01428B13-0DF2-4580-86F4-CAC7053EC6FA}
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 978A58EFDA084F66A555F22C9485C2C4 E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" config DellClientManagementService start= delayed-auto
Source: C:\Windows\SysWOW64\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe "C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe"
Source: unknownProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Source: unknownProcess created: C:\Windows\System32\msdtc.exe C:\Windows\System32\msdtc.exe
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 3D34A1BCEFEFC55E701097BF7FDC5FA7 E Global\MSI0000
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\dismhost.exe {FEA8E85D-CA55-4941-A607-6EF73554AE62}
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
Source: unknownProcess created: C:\Windows\System32\rundll32.exe rundll32.exe AppXDeploymentExtensions.OneCore.dll,ShellRefresh
Source: unknownProcess created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe "C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -outc=C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeProcess created: C:\Windows\Temp\inv5098_tmp\invcol.exe C:\Windows\TEMP\inv5098_tmp\.\invcol.exe -bdir="C:\Windows\system32" "-progress"
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeProcess created: C:\Windows\Temp\inv65D5_tmp\invcol.exe C:\Windows\TEMP\inv65D5_tmp\.\invcol.exe -bdir="C:\Windows\system32" "-progress"
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeProcess created: C:\Windows\Temp\inv5098_tmp_1\invcol.exe C:\Windows\TEMP\inv5098_tmp_1\.\invcol.exe -bdir="C:\Windows\system32" "-outc=C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml"
Source: C:\Windows\System32\svchost.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C3CDC299-282E-4460-8D30-E1232142E995}Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding F73FC5BE388AC90391F7C233BAB74653 CJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding E2F957FEC349BF7B483546BFBAD7298AJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 978A58EFDA084F66A555F22C9485C2C4 E Global\MSI0000Jump to behavior
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\msiexec.exe C:\Windows\System32\MsiExec.exe -Embedding 3D34A1BCEFEFC55E701097BF7FDC5FA7 E Global\MSI0000Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{607A0846-7FAA-484B-BAE7-495122EFB1D7}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BD98A506-F1A0-4A2A-94F9-1230E3DC00D0}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CA5762C4-33FC-4D8D-9D4F-E8335D2893E9}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{69BB69E2-CA60-448A-B3E2-C8DB9863E765}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F036FD47-334C-47B8-A3E5-01A14999B665}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B0CAD4F4-7A0D-4ED7-B980-E015B12ECC39}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6D39ED87-D5E3-4531-AD77-9BBEDC82DCAB}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CD0E6580-BEFA-4156-A6B9-224AE1C144D4}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76D3BE47-3108-4355-987E-96FD21AAE7DE}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{21D9055D-1632-4E84-9D59-F0731B49FF8E}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76179EBE-6058-4117-967C-80856ABD982F}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B07184C-5113-4F64-92ED-9A263AB05DA7}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10209B81-218A-4EF3-8AF1-19A29A5986F9}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{996A2DD5-2A2C-48CE-AC11-9EA456FDC2E7}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EFD1604A-6248-4498-ADCE-3361829C7E1D}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CE560784-D3BB-44F4-9907-C10B218DCC17}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1B60702B-AD7B-47CC-B27B-DE367CA1D354}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{37BB446B-F9AF-4014-A93F-55A3E319780F}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2CF4727D-7605-4A5F-8B09-A18BFB920E8A}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3C13FFD2-7102-4879-9759-81B32AE3765D}Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{650B6CF9-4E93-4302-87AA-17533D8B885D}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C3CDC299-282E-4460-8D30-E1232142E995}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B66BE4B-B0C3-4DC1-97B8-6F778BA1D76E}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D661ED2D-688E-41CC-9DEC-612D0C81BA5D}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5820DB16-9391-42AA-BF17-584A7B99DCB5}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{313BCC91-5505-4E94-AED8-911B55BF87B7}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{55B683E6-2048-47C3-97F1-301495CEBE86}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{49C79C11-F027-44D7-A2B9-2E9D8A93B766}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A5B49D98-6548-4070-BA57-D5A2DDA91B2E}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{01428B13-0DF2-4580-86F4-CAC7053EC6FA}
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" config DellClientManagementService start= delayed-auto
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\dismhost.exe {FEA8E85D-CA55-4941-A607-6EF73554AE62}
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -outc=C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeProcess created: C:\Windows\Temp\inv5098_tmp\invcol.exe C:\Windows\TEMP\inv5098_tmp\.\invcol.exe -bdir="C:\Windows\system32" "-progress"
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeProcess created: C:\Windows\Temp\inv5098_tmp_1\invcol.exe C:\Windows\TEMP\inv5098_tmp_1\.\invcol.exe -bdir="C:\Windows\system32" "-outc=C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml"
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeProcess created: C:\Windows\Temp\inv65D5_tmp\invcol.exe C:\Windows\TEMP\inv65D5_tmp\.\invcol.exe -bdir="C:\Windows\system32" "-progress"
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: moshost.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mapsbtsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mosstorage.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ztrace_maps.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mapconfiguration.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: storsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fltlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bcd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wer.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: aphostservice.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: networkhelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userdataplatformhelperutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mccspal.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: syncutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vaultcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dmcfgutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dmxmlhelputils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: inproclogger.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: synccontroller.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pimstore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: aphostclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: accountaccessor.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: systemeventsbrokerclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userdatalanguageutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mccsengineshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cemapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userdatatypehelperutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: phoneutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: riched20.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: usp10.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dispex.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: riched32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: riched20.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: usp10.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: riched32.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: riched20.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: usp10.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msls31.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: riched32.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: riched20.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: usp10.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msls31.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeSection loaded: sxs.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: vbscript.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: amsi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: userenv.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: dispex.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sxs.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: scrrun.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: gpapi.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: propsys.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: edputil.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: urlmon.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iertutil.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: srvcli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sspicli.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wintypes.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: appresolver.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: bcp47langs.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: slc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sppc.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: mscoree.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: cryptnet.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: mfcsubs.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: comsvcs.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: catsrvps.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: catsrvut.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: es.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: stclient.dll
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: sxs.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: comsvcs.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: rsaenh.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: cryptbase.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: txflog.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: es.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: propsys.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: sxs.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: xolehlp.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: msdtcprx.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: mtxclu.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: ktmw32.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: clusapi.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: resutils.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: wkscli.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: cscapi.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: netutils.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: fwpuclnt.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: rasadhlp.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: catsrv.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: mfcsubs.dll
Source: C:\Windows\System32\dllhost.exeSection loaded: catsrvps.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: msdtctm.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: msdtcprx.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: msdtclog.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: mtxclu.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: winmm.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: clusapi.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: mtxclu.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: ktmw32.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: clusapi.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: resutils.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: xolehlp.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: mswsock.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: cryptsp.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: clusapi.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: resutils.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: dnsapi.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\msdtc.exeSection loaded: comres.dll
Source: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile written: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\IsConfig.iniJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeFile opened: C:\Windows\SysWOW64\RICHED32.DLLJump to behavior
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\DellJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdateJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\readme.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\App.Core.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Configuration.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Configuration.RemoteStorage.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\FrameworkCore.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\GUI.Core.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Interop.COMAdmin.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Interop.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Logger.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Scheduler.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Serialize.Linq.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Configuration.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.ContinualService.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Core.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Notifications.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\ServiceShell.ServiceModel.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Storage.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\System.Reactive.Core.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\System.Reactive.Interfaces.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Update.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\UpdateClient.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\UserSettings.Configuration.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\Verification.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\WindowsManagement.Classic.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\dcu-cli.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeDirectory created: C:\Program Files\Dell\CommandUpdate\log4net.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5669AB71-1302-4412-8DA1-CB69CD7B7324}Jump to behavior
Source: at.zipStatic file information: File size 14491122 > 1048576
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile opened: C:\Windows\TEMP\inv5098_tmp\msvcr100.dll
Source: Binary string: C:\CodeBases\isdev\Redist\Language Independent\i386\ISSetup.pdb source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi
Source: Binary string: DismCorePS.pdb source: DismHost.exe, 00000036.00000002.1728781104.00007FFF23044000.00000002.00000001.01000000.0000000C.sdmp, DismCorePS.dll.53.dr
Source: Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb8(R( D(_CorDllMainmscoree.dll source: ServiceShell.ContinualService.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Custom.Loader\obj\Release\Update.Custom.Loader.pdb source: ServiceShell.exe, 00000032.00000002.1782091857.0000028ED0522000.00000002.00000001.01000000.00000028.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Principal\obj\Release\Update.Principal.pdb source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Configuration\Configuration.Classic\obj\Release\Configuration.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1756041385.0000028EB72C2000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1776868100.0000028ED01E2000.00000002.00000001.01000000.00000023.sdmp, Storage.Classic.dll1.12.dr
Source: Binary string: DISMProv.pdb source: DismHost.exe, 00000036.00000002.1728438193.00007FFF2301D000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdb source: Storage.Classic.dll.12.dr
Source: Binary string: C:\Projects\Crossword\prasanna_mishra_jigsaw_1.0\jigsaw\jigsaw_src\StaticIC\StaticIC\Release\StaticIC.pdb source: StaticIC.exe.62.dr
Source: Binary string: c:\prod_jenkins\workspace\Platinum-SDK-V1\dotnet\proj\Dell.Pla.P1.Common\obj\Release\Dell.Pla.P1.Common.pdbH_b_ T__CorDllMainmscoree.dll source: Dell.Pla.P1.Common.dll.12.dr
Source: Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.Core\bin\Release\net45\System.Reactive.Core.pdb source: ServiceShell.exe, 00000032.00000002.1776516728.0000028ED01B2000.00000002.00000001.01000000.00000021.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Transfer\Transfer\obj\Release\Transfer.pdbL source: ServiceShell.exe, 00000039.00000002.2539522546.000002AF6C762000.00000002.00000001.01000000.00000046.sdmp
Source: Binary string: dismhost.pdbGCTL source: DismHost.exe, 00000036.00000000.1652308247.00007FF7E884B000.00000002.00000001.01000000.0000000B.sdmp, DismHost.exe.53.dr
Source: Binary string: dismhost.pdb source: DismHost.exe, 00000036.00000000.1652308247.00007FF7E884B000.00000002.00000001.01000000.0000000B.sdmp, DismHost.exe.53.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\WindowsManagement.Principal\obj\Release\WindowsManagement.Principal.pdb source: ServiceShell.exe, 00000032.00000002.1777701885.0000028ED033A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2514158477.000002AF6BCE2000.00000002.00000001.01000000.00000040.sdmp, WindowsManagement.Principal.dll.12.dr
Source: Binary string: AppxProvider.pdbGCTL source: DismHost.exe, 00000036.00000002.1727165204.00007FFF22F04000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\UpdateScheduler.Principal\obj\Release\UpdateScheduler.Principal.pdb source: ServiceShell.exe, 00000039.00000002.2516704711.000002AF6BF42000.00000002.00000001.01000000.00000043.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdbL-f- X-_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1776868100.0000028ED01E2000.00000002.00000001.01000000.00000023.sdmp, Storage.Classic.dll1.12.dr
Source: Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.PlatformServices\bin\Release\net45\System.Reactive.PlatformServices.pdbxp source: System.Reactive.PlatformServices.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Core.Classic\obj\Release\ServiceShell.Core.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757240624.0000028EB7802000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: OfflineSetupProvider.pdbGCTL source: OfflineSetupProvider.dll.53.dr
Source: Binary string: vcruntime140.amd64.pdbGCTL source: InvColPC.exe, 0000003E.00000002.2337266370.0000000000EE0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\asimov\Source\ServiceShell.Configuration\obj\Release\ServiceShell.Configuration.pdb source: ServiceShell.Configuration.dll.12.dr
Source: Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\crossword_ie\crossword_driverapp\DriverIE_src\winnt\nt32\Release\DRVUpdate.pdb source: DRVUpdate.exe1.62.dr, DRVUpdate.exe0.62.dr
Source: Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb\L source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Proxy\obj\Release\ServiceShell.Proxy.pdb source: ServiceShell.exe, 00000032.00000002.1786172642.0000028ED0CF2000.00000002.00000001.01000000.0000002B.sdmp, ServiceShell.Proxy.dll.12.dr
Source: Binary string: DpInst.pdbH source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp
Source: Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\crossword_ie\crossword_driverapp\DriverIE_src\winnt\nt32\Release\PNPUpdate.pdb source: PNPUpdate.exe.62.dr
Source: Binary string: c:\jenkins\jobs\DCU2.1\workspace\DCU\Source\Tools\Internal\DemoDpinst\obj\Release\dpinst.pdb source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp
Source: Binary string: c:\CodeBases\isdev\Src\Runtime\MSI\CustomActions\ClrPSHelper\obj\x64\Release\ClrPSHelper.pdb source: 532a59.rbs.12.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Configuration\Configuration.RemoteStorage.Classic\obj\Release\Configuration.RemoteStorage.Classic.pdb source: ServiceShell.exe, 00000039.00000002.2513379047.000002AF6BC02000.00000002.00000001.01000000.0000003F.sdmp, Configuration.RemoteStorage.Classic.dll0.12.dr
Source: Binary string: bacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell\obj\Release\ServiceShell.pdb source: ServiceShell.exe, 00000032.00000002.1784750701.0000028ED0786000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: DmiProvider.pdb source: DmiProvider.dll.53.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ServiceModel.Classic\obj\Release\ServiceShell.ServiceModel.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757565087.0000028EB7852000.00000002.00000001.01000000.0000001A.sdmp, ServiceShell.ServiceModel.Classic.dll0.12.dr
Source: Binary string: DISMProv.pdbGCTL source: DismHost.exe, 00000036.00000002.1728438193.00007FFF2301D000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\ServiceShell.Logger\obj\Release\ServiceShell.Logger.pdb source: ServiceShell.exe, 00000032.00000002.1756309426.0000028EB72F2000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: ImagingProvider.pdb source: ImagingProvider.dll.53.dr
Source: Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.PlatformServices\bin\Release\net45\System.Reactive.PlatformServices.pdb source: System.Reactive.PlatformServices.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Transfer\SharpBITS.Base\obj\Release\SharpBITS.Base.pdb source: ServiceShell.exe, 00000039.00000002.2539864659.000002AF6C772000.00000002.00000001.01000000.00000047.sdmp, SharpBITS.Base.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\UserSettings.Configuration.Classic\obj\Release\UserSettings.Configuration.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1756184608.0000028EB72E2000.00000002.00000001.01000000.00000015.sdmp, UserSettings.Configuration.Classic.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Custom\obj\Release\Update.Custom.pdb source: ServiceShell.exe, 00000032.00000002.1781970252.0000028ED0512000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\Thunderbolt_FW_Reg\Release\ThunderboltRegModule.pdb source: ThunderboltRegModule.exe.62.dr
Source: Binary string: FfuProvider.pdb source: FfuProvider.dll.53.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\UpdateClient\UpdateClient.Classic\obj\Release\UpdateClient.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1786266374.0000028ED0D02000.00000002.00000001.01000000.0000002C.sdmp, UpdateClient.Classic.dll.12.dr
Source: Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\ISBEW64\x64\Release\ISBEW64.pdb source: ISBEW64.exe, 0000000E.00000000.1373616080.00007FF61EDC7000.00000002.00000001.01000000.00000006.sdmp, ISBEW64.exe, 00000018.00000000.1383569184.00007FF629957000.00000002.00000001.01000000.00000007.sdmp, ISBEW64.exe, 00000025.00000000.1499833281.00007FF7C0077000.00000002.00000001.01000000.00000008.sdmp, ISBEW64.exe0.13.dr
Source: Binary string: DpInst.pdb source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell\obj\Release\ServiceShell.pdb source: ServiceShell.exe, 00000032.00000000.1528658920.0000028EB6E92000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\WindowsManagement.Classic\obj\Release\WindowsManagement.Classic.pdbT source: ServiceShell.exe, 00000039.00000002.2514903207.000002AF6BD12000.00000002.00000001.01000000.00000041.sdmp, WindowsManagement.Classic.dll0.12.dr
Source: Binary string: LogProvider.pdb source: DismHost.exe, 00000036.00000002.1727727691.00007FFF22FAB000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Execution\Execution\obj\Release\Execution.pdbt; source: ServiceShell.exe, 00000039.00000002.2540143577.000002AF6C782000.00000002.00000001.01000000.00000048.sdmp
Source: Binary string: ImagingProvider.pdbGCTL source: ImagingProvider.dll.53.dr
Source: Binary string: C:\CodeBases\isdev\Src\Runtime\InstallScript\_IsRes2k\0009-English\Debug\_isres_0x0409.pdb source: _isres_0x0409.dll0.13.dr
Source: Binary string: c:\log4net\tags\2.0.8RC1\bin\net\4.5\release\log4net.pdb source: ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\UpdateClient\UpdateClient.Classic\obj\Release\UpdateClient.Classic.pdbhd source: ServiceShell.exe, 00000032.00000002.1786266374.0000028ED0D02000.00000002.00000001.01000000.0000002C.sdmp, UpdateClient.Classic.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\ServiceShell.Configuration\obj\Release\ServiceShell.Configuration.pdb source: ServiceShell.exe, 00000032.00000002.1755937437.0000028EB72B2000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: LogProvider.pdbGCTL source: DismHost.exe, 00000036.00000002.1727727691.00007FFF22FAB000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb8(R( D(_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1758584715.0000028EB7932000.00000002.00000001.01000000.0000001E.sdmp, ServiceShell.ContinualService.dll0.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Loader\obj\Release\ServiceShell.Loader.pdb source: ServiceShell.exe, 00000032.00000002.1757667211.0000028EB7872000.00000002.00000001.01000000.0000001B.sdmp, ServiceShell.Loader.dll.12.dr
Source: Binary string: C:\DSIA\crossword\crossword_ie\crossword_driverapp\DriverIE_src\winnt\nt32\Release\SCSIUpdate.pdb source: SCSIUpdate.exe.62.dr
Source: Binary string: AppxProvider.pdb source: DismHost.exe, 00000036.00000002.1727165204.00007FFF22F04000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb@! source: ServiceShell.exe, 00000032.00000002.1776975385.0000028ED01F2000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\net45\Newtonsoft.Json.pdb source: Newtonsoft.Json.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Transfer\Transfer\obj\Release\Transfer.pdb source: ServiceShell.exe, 00000039.00000002.2539522546.000002AF6C762000.00000002.00000001.01000000.00000046.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb@! source: Update.Classic.dll0.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Storage.Principal\obj\Release\Storage.Principal.pdb source: ServiceShell.exe, 00000039.00000002.2515948801.000002AF6BE02000.00000002.00000001.01000000.00000042.sdmp
Source: Binary string: DmiProvider.pdbGCTL source: DmiProvider.dll.53.dr
Source: Binary string: msvcr100.i386.pdb source: invcol.exe, 00000041.00000002.2282658956.0000000073CE1000.00000020.00000001.01000000.00000031.sdmp
Source: Binary string: msvcp100.i386.pdb source: invcol.exe, 00000041.00000002.2281502645.000000006CD61000.00000020.00000001.01000000.00000033.sdmp, invcol.exe, 00000045.00000002.2328667240.000000006CC31000.00000020.00000001.01000000.0000003C.sdmp, msvcp100.dll.61.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\FrameworkCore\FrameworkCore.Classic\obj\Release\FrameworkCore.Classic.pdb\O source: ServiceShell.exe, 00000032.00000002.1757884351.0000028EB7892000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: OfflineSetupProvider.pdb source: OfflineSetupProvider.dll.53.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Logger\Logger.Classic\obj\Release\Logger.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1756981070.0000028EB7432000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ServiceModel.Classic\obj\Release\ServiceShell.ServiceModel.Classic.pdb8,R, D,_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1757565087.0000028EB7852000.00000002.00000001.01000000.0000001A.sdmp, ServiceShell.ServiceModel.Classic.dll0.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Telemetry\UpdateTelemetry.Proxy\obj\Release\UpdateTelemetry.Proxy.pdb source: ServiceShell.exe, 00000039.00000002.2517599079.000002AF6BFB2000.00000002.00000001.01000000.00000044.sdmp, UpdateTelemetry.Proxy.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Verification\Verification\obj\Release\Verification.pdb source: ServiceShell.exe, 00000032.00000002.1757767388.0000028EB7882000.00000002.00000001.01000000.0000001C.sdmp, Verification.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1776975385.0000028ED01F2000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\Module\WindowsManagement.Classic\obj\Release\WindowsManagement.Classic.pdb source: ServiceShell.exe, 00000039.00000002.2514903207.000002AF6BD12000.00000002.00000001.01000000.00000041.sdmp, WindowsManagement.Classic.dll0.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb source: ServiceShell.ContinualService.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Storage.Classic\obj\Release\Storage.Classic.pdbL-f- X-_CorDllMainmscoree.dll source: Storage.Classic.dll.12.dr
Source: Binary string: c:\Dev\Esskar\Serialize.Linq\src\Serialize.Linq.Net45\obj\Release\Serialize.Linq.pdb source: ServiceShell.exe, 00000032.00000002.1777354098.0000028ED02C2000.00000002.00000001.01000000.00000026.sdmp, Serialize.Linq.dll0.12.dr
Source: Binary string: OSProvider.pdbGCTL source: DismHost.exe, 00000036.00000002.1728033479.00007FFF22FD6000.00000002.00000001.01000000.0000000E.sdmp, OSProvider.dll.53.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Execution\Execution\obj\Release\Execution.pdb source: ServiceShell.exe, 00000039.00000002.2540143577.000002AF6C782000.00000002.00000001.01000000.00000048.sdmp
Source: Binary string: vcruntime140.amd64.pdb source: InvColPC.exe, 0000003E.00000002.2337266370.0000000000EE0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: FfuProvider.pdbGCTL source: FfuProvider.dll.53.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Scheduler\Scheduler\obj\Release\Scheduler.pdb source: ServiceShell.exe, 00000032.00000002.1785810546.0000028ED0C82000.00000002.00000001.01000000.00000029.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.ContinualService\obj\Release\ServiceShell.ContinualService.pdb source: ServiceShell.exe, 00000032.00000002.1758584715.0000028EB7932000.00000002.00000001.01000000.0000001E.sdmp, ServiceShell.ContinualService.dll0.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Telemetry\UpdateTelemetry.Principal\obj\Release\UpdateTelemetry.Principal.pdb source: ServiceShell.exe, 00000032.00000002.1785970883.0000028ED0CE2000.00000002.00000001.01000000.0000002A.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Verification\Verification\obj\Release\Verification.pdbhK source: ServiceShell.exe, 00000032.00000002.1757767388.0000028EB7882000.00000002.00000001.01000000.0000001C.sdmp, Verification.dll.12.dr
Source: Binary string: DismCorePS.pdbGCTL source: DismHost.exe, 00000036.00000002.1728781104.00007FFF23044000.00000002.00000001.01000000.0000000C.sdmp, DismCorePS.dll.53.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Interop\Interop.Classic\obj\Release\Interop.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757450729.0000028EB7832000.00000002.00000001.01000000.00000019.sdmp, Interop.Classic.dll0.12.dr
Source: Binary string: OSProvider.pdb source: DismHost.exe, 00000036.00000002.1728033479.00007FFF22FD6000.00000002.00000001.01000000.0000000E.sdmp, OSProvider.dll.53.dr
Source: Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.Interfaces\bin\Release\net45\System.Reactive.Interfaces.pdb@4Z4 L4_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1777199207.0000028ED0292000.00000002.00000001.01000000.00000025.sdmp, System.Reactive.Interfaces.dll0.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\FrameworkCore\FrameworkCore.Classic\obj\Release\FrameworkCore.Classic.pdb source: ServiceShell.exe, 00000032.00000002.1757884351.0000028EB7892000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: DpInst.pdbp source: ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\ServiceShell.Logger\obj\Release\ServiceShell.Logger.pdbh> source: ServiceShell.exe, 00000032.00000002.1756309426.0000028EB72F2000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Notifications\obj\Release\ServiceShell.Notifications.pdb source: ServiceShell.exe, 00000032.00000002.1776740754.0000028ED01D2000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: C:\jenkins_prod\workspace\DSIA\IC_Code\Thunderbolt_FW_Reg\Release\ThunderboltRegModule.pdb( source: ThunderboltRegModule.exe.62.dr
Source: Binary string: C:\jenkins_abacus\workspace\UpdateService1.3\Asimov\Source\Service\ServiceShell.Proxy\obj\Release\ServiceShell.Proxy.pdbD7^7 P7_CorDllMainmscoree.dll source: ServiceShell.exe, 00000032.00000002.1786172642.0000028ED0CF2000.00000002.00000001.01000000.0000002B.sdmp, ServiceShell.Proxy.dll.12.dr
Source: Binary string: C:\jenkins_abacus\workspace\DCU_UWPGUI3.1\Asimov\Source\Service\Module\Update.Classic\obj\Release\Update.Classic.pdb source: Update.Classic.dll0.12.dr
Source: Binary string: c:\prod_jenkins\workspace\Platinum-SDK-V1\dotnet\proj\Dell.Pla.P1.Common\obj\Release\Dell.Pla.P1.Common.pdb source: Dell.Pla.P1.Common.dll.12.dr
Source: Binary string: .pdbH source: ServiceShell.exe, 00000032.00000002.1783248118.0000028ED066D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\rx-net\Rx.NET\Source\System.Reactive.Interfaces\bin\Release\net45\System.Reactive.Interfaces.pdb source: ServiceShell.exe, 00000032.00000002.1777199207.0000028ED0292000.00000002.00000001.01000000.00000025.sdmp, System.Reactive.Interfaces.dll0.12.dr
Source: Binary string: indoC:\Windows\Scheduler.pdb source: ServiceShell.exe, 00000039.00000002.2453945924.000000C80B770000.00000004.00000010.00020000.00000000.sdmp
Source: MSIFDEB.tmp.11.drStatic PE information: section name: .orpc
Source: MSI166.tmp.11.drStatic PE information: section name: .orpc
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\Configuration.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismCore.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\Executables\DRVUpdate.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\OfflineSetupProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\UserSettings.Configuration.Classic.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\BIOS_Tool\G7ArTbtPower64.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\SCSI_ODD\SCSIUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Executables\PNPUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\icsvc32.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Executables\SSDUpdate.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Dell.Pla.P1.Common.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Executables\DRVUpdate.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Logger.Classic.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\_isres_0x0409.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\vcruntime140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\System.Net.Http.Formatting.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISRT.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FfuProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismCorePS.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\log4net.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SmiProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\TransmogProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Quartz.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\IBSProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\ImagingProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\AssocProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SysprepProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\App.Core.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.Loader.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Serialize.Linq.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\invcol.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\AssocProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5A14.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\WindowsManagement.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\ServiceShell.ServiceModel.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismProv.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISRT.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\FfuProvider.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv65D5_tmp\icsvc32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\VhdProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\FrameworkCore.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\Storage.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIFCFF.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\CbsProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\GenericProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Loader.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\Update.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIFDEB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\CbsProvider.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\msvcp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\System.Reactive.Interfaces.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIFBC6.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Interfaces.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Logger.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\UnattendProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\UserSettings.Configuration.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Scheduler.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\LogProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Core.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Execution.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\UpdateClient.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SetupPlatformProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\IntlProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Core.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Newtonsoft.Json.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ServiceModel.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ContinualService.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltZeroInv.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OSProvider.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp\icsvc32.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\IntelAMTInvJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Principal.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\FolderProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSID7E3.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\System.Reactive.Core.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Principal.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\Verification.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\ProvProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{5669AB71-1302-4412-8DA1-CB69CD7B7324}\ARPPRODUCTICON.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DismProv.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\SharpBITS.Base.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\UnattendProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Verification.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Common.Logging.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Microsoft.ServiceBus.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp\dsupt32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\Interop.COMAdmin.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\LogProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DmiProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.PlatformServices.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\ProvProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\TransmogProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\WimProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\UpdateClient.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SmiProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Update.Classic.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\msvcp100.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv65D5_tmp\msvcr100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\AppxProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FolderProvider.dll.muiJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\msvcr100.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv65D5_tmp\msvcp100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSIBE3F.tmpJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\_isres_0x0409.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SetupPlatformProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\Serialize.Linq.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Proxy.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp\invcol.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Service\UpdateScheduler.Principal.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DismCore.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\ServiceShell.ContinualService.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Interop.COMAdmin.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Core.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\AppxProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Notifications.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp\msvcp100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Notifications.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\FrameworkCore.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\MsiProvider.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp\msvcr100.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\OSINV\osinv.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\MSI166.tmpJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv65D5_tmp\dsupt32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Common.Logging.Core.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_PCI\DRVUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\TB_Controller_new\DRVUpdate.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\IntlProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\Configuration.RemoteStorage.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\Logger.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\log4net.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Interop.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Configuration.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\Interop.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2ECD.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\ServiceShell.Configuration.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\VhdProvider.dll.muiJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv65D5_tmp\invcol.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Principal.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Configuration.RemoteStorage.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Executables\USBUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltRegModule.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Dell.Pla.P1.MessageClient.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Configuration.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISRT.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\ImagingProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Windows.Threading.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Transfer.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\GUI.Core.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\GenericProvider.dll.muiJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Executables\AppUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\StaticIC\StaticIC.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\SalomonDock\SalomonDock.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Proxy.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Linq.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\dcu-cli.exeJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\dsupt32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DmiProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\Storage.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\OSProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OfflineSetupProvider.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\_isres_0x0409.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SysprepProvider.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\libsmbios\smbiosinfo.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\IBSProvider.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\TBT_Dock_Firmware\GetDockVer32W.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\Scheduler.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\MsiProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\WimProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI2ECD.tmpJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\Executables\DRVUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\BIOS_Tool\G7ArTbtPower64.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\SCSI_ODD\SCSIUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Executables\PNPUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv65D5_tmp\invcol.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\icsvc32.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\msvcp140.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Executables\USBUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Executables\SSDUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltRegModule.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Executables\DRVUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\vcruntime140.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\msvcp100.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv65D5_tmp\msvcr100.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\msvcr100.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv65D5_tmp\msvcp100.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Executables\AppUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\StaticIC\StaticIC.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\SalomonDock\SalomonDock.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp\invcol.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\dsupt32.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltZeroInv.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp\icsvc32.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\IntelAMTInvJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\invcol.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp\msvcp100.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI5A14.tmpJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp\msvcr100.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\OSINV\osinv.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\libsmbios\smbiosinfo.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv65D5_tmp\dsupt32.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\{5669AB71-1302-4412-8DA1-CB69CD7B7324}\ARPPRODUCTICON.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_PCI\DRVUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\TBT_Dock_Firmware\GetDockVer32W.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv65D5_tmp\icsvc32.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\TB_Controller_new\DRVUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp\dsupt32.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile created: C:\Windows\Temp\inv5098_tmp_1\IntelAMTInvJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files\Dell\CommandUpdate\readme.txtJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\Dell\UpdateService\ThirdPartyLicenses.txtJump to behavior
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" config DellClientManagementService start= delayed-auto

Hooking and other Techniques for Hiding and Protection

barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\System32\msiexec.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\msiexec.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\msiexec.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)
Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Service where Name = 'DellClientManagementService'
Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Service.Name="DellClientManagementService"::StopService
Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Service where Name = 'DellClientManagementService'
Query firmware table information (likely to detect VMs)
Source: C:\Windows\Temp\inv5098_tmp_1\invcol.exeSystem information queried: FirmwareTableInformation
Tries to delay execution (extensive OutputDebugStringW loop)
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeSection loaded: OutputDebugStringW count: 218
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMemory allocated: 28EB70C0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMemory allocated: 28ECF960000 memory reserve | memory write watch
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMemory allocated: 2AF52A50000 memory reserve | memory write watch
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMemory allocated: 2AF6B1A0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile opened / queried: C:\Windows\TEMP\inv5098_tmp_1\VMWare\PIEConfig.xml
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile opened / queried: C:\Windows\TEMP\inv5098_tmp_1\VMWare
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile opened / queried: C:\Windows\TEMP\inv5098_tmp_1\VMWare\DrvCfg64.ini
Source: C:\Windows\System32\svchost.exeFile opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile opened / queried: C:\Windows\TEMP\inv5098_tmp_1\VMWare\DrvCfg32.ini
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeFile opened / queried: C:\Windows\TEMP\inv5098_tmp_1\VMWare\PIEInfo.txt
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\msiexec.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeWindow / User API: threadDelayed 7144
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeWindow / User API: threadDelayed 2653
Source: C:\Windows\System32\dllhost.exeWindow / User API: threadDelayed 1787
Source: C:\Windows\System32\msdtc.exeWindow / User API: threadDelayed 2000
Source: C:\Windows\System32\msdtc.exeWindow / User API: threadDelayed 7960
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeWindow / User API: threadDelayed 6788
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeWindow / User API: threadDelayed 2593
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Configuration.Classic.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\Executables\DRVUpdate.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\OfflineSetupProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\UserSettings.Configuration.Classic.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\BIOS_Tool\G7ArTbtPower64.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\SCSI_ODD\SCSIUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Executables\PNPUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Executables\SSDUpdate.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Dell.Pla.P1.Common.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Executables\DRVUpdate.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Logger.Classic.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\_isres_0x0409.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\vcruntime140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\System.Net.Http.Formatting.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISRT.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FfuProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismCorePS.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\log4net.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\TransmogProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SmiProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Quartz.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\ImagingProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\IBSProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SysprepProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\AssocProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\App.Core.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.Loader.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Serialize.Linq.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\AssocProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\WindowsManagement.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI5A14.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\ServiceShell.ServiceModel.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismProv.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISRT.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\FfuProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\VhdProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\FrameworkCore.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Storage.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\CbsProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIFCFF.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\GenericProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Loader.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Update.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIFDEB.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\CbsProvider.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\msvcp140.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIFBC6.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\UnattendProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Logger.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\UserSettings.Configuration.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Scheduler.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\LogProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\ServiceShell.Core.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Execution.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\UpdateClient.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SetupPlatformProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\IntlProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Core.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ServiceModel.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Newtonsoft.Json.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltZeroInv.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ContinualService.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\IntelAMTInvJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OSProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Principal.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\FolderProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSID7E3.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\System.Reactive.Core.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Principal.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Verification.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\ProvProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\{5669AB71-1302-4412-8DA1-CB69CD7B7324}\ARPPRODUCTICON.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DismProv.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\SharpBITS.Base.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\UnattendProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Common.Logging.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Verification.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Microsoft.ServiceBus.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Interop.COMAdmin.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\LogProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DmiProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\ProvProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\TransmogProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\WimProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\UpdateClient.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SmiProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Update.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\AppxProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FolderProvider.dll.muiJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\_isres_0x0409.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSIBE3F.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SetupPlatformProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Serialize.Linq.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Proxy.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Service\UpdateScheduler.Principal.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\ServiceShell.ContinualService.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Core.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Interop.COMAdmin.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\AppxProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Notifications.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\ServiceShell.Notifications.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\MsiProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\FrameworkCore.Classic.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\OSINV\osinv.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\MSI166.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Common.Logging.Core.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_PCI\DRVUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\TB_Controller_new\DRVUpdate.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\IntlProvider.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Configuration.RemoteStorage.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Logger.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\log4net.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Interop.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Configuration.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI2ECD.tmpJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Interop.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\ServiceShell.Configuration.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\VhdProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Principal.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Configuration.RemoteStorage.Classic.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Executables\USBUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltRegModule.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Dell.Pla.P1.MessageClient.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Configuration.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISRT.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\ImagingProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Windows.Threading.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Transfer.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\GUI.Core.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\GenericProvider.dll.muiJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\Executables\AppUpdate.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\SalomonDock\SalomonDock.exeJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\StaticIC\StaticIC.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Proxy.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\dcu-cli.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Linq.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DmiProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\OSProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\Dell\UpdateService\Storage.Classic.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OfflineSetupProvider.dllJump to dropped file
Source: C:\Windows\SysWOW64\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\_isres_0x0409.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SysprepProvider.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\libsmbios\smbiosinfo.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\IBSProvider.dllJump to dropped file
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeDropped PE file which has not been started: C:\Windows\Temp\inv5098_tmp_1\TBT_Dock_Firmware\GetDockVer32W.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files\Dell\CommandUpdate\Scheduler.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\MsiProvider.dll.muiJump to dropped file
Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\WimProvider.dllJump to dropped file
Source: C:\Windows\System32\svchost.exe TID: 7060Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 3312Thread sleep count: 7144 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 3312Thread sleep count: 2653 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 2012Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\dllhost.exe TID: 1092Thread sleep count: 1787 > 30
Source: C:\Windows\System32\dllhost.exe TID: 1092Thread sleep time: -178700s >= -30000s
Source: C:\Windows\System32\msdtc.exe TID: 1108Thread sleep count: 2000 > 30
Source: C:\Windows\System32\msdtc.exe TID: 1108Thread sleep time: -200000s >= -30000s
Source: C:\Windows\System32\msdtc.exe TID: 1108Thread sleep count: 7960 > 30
Source: C:\Windows\System32\msdtc.exe TID: 1108Thread sleep time: -796000s >= -30000s
Source: C:\Windows\System32\msiexec.exe TID: 2128Thread sleep count: 1618 > 30
Source: C:\Windows\System32\msiexec.exe TID: 2128Thread sleep count: 8251 > 30
Source: C:\Windows\System32\msiexec.exe TID: 2188Thread sleep time: -5534023222112862s >= -30000s
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 2932Thread sleep count: 114 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 2932Thread sleep count: 6788 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 812Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 3496Thread sleep count: 233 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 3496Thread sleep count: 86 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 3496Thread sleep count: 33 > 30
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe TID: 812Thread sleep count: 2593 > 30
Source: C:\Windows\Temp\inv5098_tmp\invcol.exe TID: 4196Thread sleep count: 100 > 30
Source: C:\Windows\Temp\inv65D5_tmp\invcol.exe TID: 2664Thread sleep count: 100 > 30
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeFile Volume queried: C:\Windows\System32 FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeThread delayed: delay time: 922337203685477
Source: C:\Windows\System32\msiexec.exeThread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeThread delayed: delay time: 922337203685477
Source: InvColPC.exe, 0000003E.00000002.2335749457.00000000005B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Windows\TEMP\inv5098_tmp_1\VMWarel
Source: InvColPC.exe, 0000003E.00000002.2335749457.00000000005B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Windows\TEMP\inv5098_tmp_1\VMWaregy
Source: svchost.exe, 00000006.00000002.2452877451.0000029ED6265000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: svchost.exe, 00000006.00000002.2452877451.0000029ED6280000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: InvColPC.exe, 0000003E.00000002.2335749457.00000000005B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMWarer
Source: ISRT.dll.13.drBinary or memory string: _GetVirtualMachineType
Source: svchost.exe, 00000002.00000002.2456942545.000002825B82B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0
Source: invcol.exe, 00000045.00000003.2308430146.0000000000FC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMWare.xml9z,
Source: invcol.exe, 00000045.00000003.2308430146.0000000000FC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMWare.xml
Source: ISRT.dll.13.drBinary or memory string: AddIconCallDLLFnComponentViewCreateWindowComponentViewDestroyComponentViewRefreshComponentViewSelectAllComponentViewSetInfoComponentViewSetInfoExCreateFolderDeleteFolderDeleteIconEnableHourGlassEnumFoldersItemsGetCPUTypeGetFontSubGetHandleGetPortsGetSelectedItemStateIsEmptyIsNTAdminIsOSTypeNTIsObjectIsPowerUserLangLoadStringMessageBeepPPathCompactPathPixelPathCrackUrlPathGetDirPathGetDrivePathGetFilePathGetFileExtPathGetFileNamePathGetLongFromShortPathGetPathPathIsValidSyntaxQueryIconReadArrayPropertyReadBoolPropertyReadNumberPropertyReplaceIconShowFolderTextSubSubstituteVerGetFileVersionWriteArrayPropertyWriteBoolPropertyWriteNumberPropertyWriteStringProperty_AppSearch_BrowseForFolder_CCPSearch_CHARArrayToWCHARArray_CalculateAndAddFileCost_CleanupInet_CloseFile_CmdGetHwndDlg_CmdGetMsg_CmdGetParam1_CmdGetParam2_CoGetObject_CompareDWORD_ComponentAddItem_ComponentCompareSizeRequired_ComponentError_ComponentErrorInfo_ComponentFileEnum_ComponentFileInfo_ComponentFilterLanguage_ComponentFilterOS_ComponentGetCost_ComponentGetCostEx_ComponentGetData_ComponentGetItemSize_ComponentGetTotalCost_ComponentGetTotalCostEx_ComponentInitialize_ComponentIsItemSelected_ComponentListItems_ComponentLoadTarget_ComponentMoveData_ComponentPatch_ComponentReinstall_ComponentRemoveAll_ComponentRemoveAllInLogOnly_ComponentSaveTarget_ComponentSelectItem_ComponentSelectNew_ComponentSetData_ComponentSetupTypeEnum_ComponentSetupTypeGetData_ComponentSetupTypeSet_ComponentTotalSize_ComponentTransferData_ComponentUpdate_ComponentValidate_ComponentViewCreate_ComponentViewQueryInfo_CopyBytes_CreateDir_CreateObject_CreateRegistrySet_CreateShellObjects_CtrlGetNotificationCode_CtrlGetParentWindowHelper_CtrlGetSubCommand_CtrlGetUrlForLinkClicked_CtrlSetHtmlContent_CtrlSetMLERichText_DIFxDriverPackageGetPath_DIFxDriverPackageInstall_DIFxDriverPackagePreinstall_DIFxDriverPackageUninstall_DefineDialog_DeleteCHARArray_DialogSetFont_DisableBranding_DisableStatus_Divide_DoInstall_DoSprintf_DotNetCoCreateObject_DotNetUnloadAppDomain_EnableDialogCache_EnablePrevDialog_EnableSkins_EnableStatus_EnableWow64FsRedirection_EndDialog_ExistsDir_ExistsDisk_ExistsFile_ExitInstall_FeatureAddCost_FeatureAddUninstallCost_FeatureGetCost_FeatureInitialize_FeatureSpendCost_FeatureSpendUninstallCost_FileCopy_FloatingPointOperation_GenerateFileMD5SignatureHex_GetByte_GetCurrentDialogName_GetDiskInfo_GetDiskSpaceEx_GetDiskSpaceExEx_GetFont_GetGlobalFlags_GetGlobalMemorySize_GetInetFileSize_GetInetFileTime_GetLine_GetLineSize_GetObject_GetObjectByIndex_GetObjectCount_GetProcessorInfo_GetRunningChildProcess_GetRunningChildProcessEx_GetRunningChildProcessEx2_GetSelectedTreeComponent_GetStandardLangId_GetSupportDir_GetSystemDpi_GetTrueTypeFontFileInfo_GetVirtualMachineType_InetEndofTransfer_InetGetLastError_InetGetNextDisk_InitInstall_IsFontTypefaceNameAvailable_IsInAdminGroup_IsLangSupported_IsSkinLoaded_IsVirtualMachine_IsWindowsME_IsWow64_KillProcesses_ListAddItem_ListAddString_ListCount_ListCreate_ListCurrentIte
Source: ISRT.dll.13.drBinary or memory string: _IsVirtualMachine
Source: svchost.exe, 00000002.00000002.2466058940.0000028260E5D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: svchost.exe, 00000006.00000002.2452877451.0000029ED6265000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: svchost.exe, 00000006.00000002.2448064633.0000029ED620B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcUmRdpServiceDsSvcfhsvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionsvsvcStorSvcWwanSvcvmicvssDevQueryBrokerNgcSvcsysmainNetmanTabletInputServicePcaSvcDisplayEnhancementServiceIPxlatCfgSvcDeviceAssociationServiceNcbServiceEmbeddedModeSensorServicewlansvcCscServiceWPDBusEnumMixedRealityOpenXRSvc
Source: invcol.exe, 00000045.00000003.2310081768.0000000000FE8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMWare
Source: svchost.exe, 00000006.00000002.2450456180.0000029ED622B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: *@\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: svchost.exe, 00000006.00000002.2454546625.0000029ED6302000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll(;K
Source: invcol.exe, 00000045.00000003.2308430146.0000000000FC1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ..\Executables\AppUpdate.exe -i -cDir VMWare -o ..\VMWare.xml
Source: icconfig_user.xml.62.drBinary or memory string: <InvComponent dir="VMWare" type="cli" priority="5" level="0" timeout="30" out="VMWare.xml">..\Executables\AppUpdate.exe -i -cDir VMWare -o ..\VMWare.xml</InvComponent>
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\svchost.exeProcess queried: DebugPort
Source: C:\Windows\System32\svchost.exeProcess queried: DebugPort
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess token adjusted: Debug
Source: C:\Windows\Temp\inv5098_tmp_1\invcol.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeMemory allocated: page read and write | page guard
Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\sc.exe "C:\Windows\System32\sc.exe" config DellClientManagementService start= delayed-auto
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\dismhost.exe {FEA8E85D-CA55-4941-A607-6EF73554AE62}
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -outc=C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeProcess created: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe "C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress
Source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiBinary or memory string: ?OPTYPE_PROGMAN_FIELDSWWW
Source: 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msiBinary or memory string: ISLOG_VERSION_INFO..\..\..\Shared\LogServices2\LogDB.cppOPTYPE_PROGMANISLOGDB_USER_PROPERTIES
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C: VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Configuration.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Configuration.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\UserSettings.Configuration.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Logger.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Core.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\FrameworkCore.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\log4net.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ServiceModel.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Interop.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Loader.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Verification.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Core.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ContinualService.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Interop.COMAdmin.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Update.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Notifications.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Storage.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Configuration.RemoteStorage.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.Loader.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\UpdateScheduler.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Scheduler.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Proxy.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Proxy.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\UpdateClient.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Diagnostics.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Dism\Microsoft.Dism.PowerShell.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Logs\DISM\dism.log VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Windows\Logs\DISM\dism.log VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\AppxProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismCorePS.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismProv.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DmiProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\AppxProvider.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DismCore.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DismProv.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DmiProvider.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FfuProvider.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FolderProvider.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\ImagingProvider.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\LogProvider.dll.mui VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\MsiProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OfflineSetupProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OSProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SmiProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SysprepProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\TransmogProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\UnattendProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\WimProvider.dll VolumeInformation
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\appxStage-{47F959DA-A9A2-41C3-869C-B8431F518AC1}\DellInc.DellCommandUpdate_3.1.58.0_neutral_~_htrsf667h5kn2DCU.Centennial_3.1.58.0_x64.appx VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\appxStage-{47F959DA-A9A2-41C3-869C-B8431F518AC1} VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Configuration.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Configuration.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\UserSettings.Configuration.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Logger.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Logger.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Core.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\FrameworkCore.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\log4net.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ServiceModel.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Interop.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Loader.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Verification.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Core.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ContinualService.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Interop.COMAdmin.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Update.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Notifications.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Storage.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Configuration.RemoteStorage.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Interfaces.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Serialize.Linq.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Update.Custom.Loader.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\UpdateScheduler.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Service\UpdateScheduler.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Scheduler.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Principal.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Proxy.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Proxy.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\UpdateClient.Classic.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Transfer.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\SharpBITS.Base.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeQueries volume information: C:\Program Files (x86)\Dell\UpdateService\Execution.dll VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exeQueries volume information: C:\ VolumeInformation
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Changes security center settings (notifications, updates, antivirus, firewall)
Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cvalJump to behavior
Source: svchost.exe, 00000007.00000002.2455181175.000001FC21302000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Files%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 00000007.00000002.2455181175.000001FC21302000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\503006091D97D4F5AE39F7CBE7927D7D652D3431 Blob
Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		12
Windows Management Instrumentation		12
Windows Service		12
Windows Service		32
Masquerading		OS Credential Dumping1
Query Registry		Remote ServicesData from Local System1
Non-Application Layer Protocol		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Service Execution		1
DLL Side-Loading		12
Process Injection		111
Disable or Modify Tools		LSASS Memory261
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		271
Virtualization/Sandbox Evasion		Security Account Manager2
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
Process Injection		NTDS271
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Rundll32		LSA Secrets1
Application Window Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials11
Peripheral Device Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
File Deletion		DCSync2
File and Directory Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem33
System Information Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1538487 Sample: at.zip Startdate: 21/10/2024 Architecture: WINDOWS Score: 60 97 downloads.dell.com 2->97 99 dellupdater.dell.com 2->99 101 Tries to delay execution (extensive OutputDebugStringW loop) 2->101 9 msiexec.exe 178 118 2->9         started        12 ServiceShell.exe 2->12         started        14 svchost.exe 2->14         started        17 11 other processes 2->17 signatures3 process4 dnsIp5 79 C:\Windows\Installer\...\ARPPRODUCTICON.exe, PE32 9->79 dropped 81 C:\Windows\Installer\MSI5A14.tmp, PE32+ 9->81 dropped 83 C:\Windows\Installer\MSI2ECD.tmp, PE32 9->83 dropped 91 76 other files (none is malicious) 9->91 dropped 20 msiexec.exe 9->20         started        24 msiexec.exe 1 95 9->24         started        26 msiexec.exe 9->26         started        28 msiexec.exe 9->28         started        30 InvColPC.exe 12->30         started        32 InvColPC.exe 12->32         started        34 InvColPC.exe 12->34         started        109 Changes security center settings (notifications, updates, antivirus, firewall) 14->109 36 MpCmdRun.exe 14->36         started        95 127.0.0.1 unknown unknown 17->95 85 C:\Users\user\AppData\Local\...\MSIFDEB.tmp, PE32 17->85 dropped 87 C:\Users\user\AppData\Local\...\MSIFCFF.tmp, PE32 17->87 dropped 89 C:\Users\user\AppData\Local\...\MSIFBC6.tmp, PE32 17->89 dropped 93 3 other files (none is malicious) 17->93 dropped file6 signatures7 process8 file9 67 50 other files (none is malicious) 20->67 dropped 103 Loading BitLocker PowerShell Module 20->103 38 DismHost.exe 20->38         started        69 6 other files (none is malicious) 24->69 dropped 105 Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes) 24->105 49 22 other processes 24->49 71 3 other files (none is malicious) 26->71 dropped 40 ISBEW64.exe 26->40         started        51 9 other processes 26->51 42 sc.exe 28->42         started        73 25 other files (none is malicious) 30->73 dropped 44 invcol.exe 30->44         started        47 conhost.exe 30->47         started        75 5 other files (none is malicious) 32->75 dropped 53 2 other processes 32->53 61 C:\Windows\Temp\inv65D5_tmp\msvcr100.dll, PE32 34->61 dropped 63 C:\Windows\Temp\inv65D5_tmp\msvcp100.dll, PE32 34->63 dropped 65 C:\Windows\Temp\inv65D5_tmp\invcol.exe, PE32 34->65 dropped 77 2 other files (none is malicious) 34->77 dropped 55 2 other processes 34->55 signatures10 process11 signatures12 57 conhost.exe 40->57         started        59 conhost.exe 42->59         started        107 Query firmware table information (likely to detect VMs) 44->107 process13

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Dell\UpdateService\Common.Logging.Core.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Common.Logging.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Configuration.Classic.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Configuration.RemoteStorage.Classic.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Dell.Pla.P1.Common.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Dell.Pla.P1.MessageClient.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Execution.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\FrameworkCore.Classic.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Interop.COMAdmin.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Interop.Classic.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Logger.Classic.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Microsoft.ServiceBus.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Newtonsoft.Json.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Quartz.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Scheduler.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Serialize.Linq.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Configuration.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ContinualService.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Core.Classic.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Loader.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Logger.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Notifications.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Proxy.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ServiceModel.Classic.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe2%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Classic.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Principal.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Service\Update.Classic.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Service\UpdateScheduler.Principal.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Classic.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Principal.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\SharpBITS.Base.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Storage.Classic.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\System.Net.Http.Formatting.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Core.dll2%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Interfaces.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Linq.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\System.Reactive.PlatformServices.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Windows.Threading.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Transfer.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Update.Classic.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Update.Custom.Loader.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Update.Custom.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\UpdateClient.Classic.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Principal.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Proxy.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\UserSettings.Configuration.Classic.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\Verification.dll0%ReversingLabs
C:\Program Files (x86)\Dell\UpdateService\log4net.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\App.Core.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\Configuration.Classic.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\Configuration.RemoteStorage.Classic.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\FrameworkCore.Classic.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\GUI.Core.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\Interop.COMAdmin.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\Interop.Classic.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\Logger.Classic.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\Scheduler.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\Serialize.Linq.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\ServiceShell.Configuration.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\ServiceShell.ContinualService.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\ServiceShell.Core.Classic.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\ServiceShell.Notifications.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\ServiceShell.ServiceModel.Classic.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\Storage.Classic.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\System.Reactive.Core.dll2%ReversingLabs
C:\Program Files\Dell\CommandUpdate\System.Reactive.Interfaces.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\Update.Classic.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\UpdateClient.Classic.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\UserSettings.Configuration.Classic.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\Verification.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\WindowsManagement.Classic.dll0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\dcu-cli.exe0%ReversingLabs
C:\Program Files\Dell\CommandUpdate\log4net.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\AppxProvider.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\AssocProvider.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\CbsProvider.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismCore.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismCorePS.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismProv.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/02/sc/sct0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha10%URL Reputationsafe
http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap0%URL Reputationsafe
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2004/10/wsat/fault0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2004/10/wsat0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey0%URL Reputationsafe
http://www.entrust.net/rpa030%URL Reputationsafe
http://exslt.org/common0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA10%URL Reputationsafe
http://www.symauth.com/cps0(0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2004/08/addressing0%URL Reputationsafe
http://www.symauth.com/rpa000%URL Reputationsafe
http://schemas.xmlsoap.org/wsdl/0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse0%URL Reputationsafe
http://crl.entrust.net/2048ca.crl00%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/02/trust/Renew0%URL Reputationsafe
http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2006/02/addressingidentity0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2004/06/addressingex0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce0%URL Reputationsafe
http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse0%URL Reputationsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%URL Reputationsafe
http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ15100%URL Reputationsafe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd0%URL Reputationsafe
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
dellupdater.dell.com
unknown
unknownfalse
    		unknown
    downloads.dell.com
    		unknown
    		unknownfalse
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      http://schemas.xmlsoap.org/ws/2005/02/sc/sctServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      http://ocsp.suscerte.gob.ve0ServiceShell.exe, 00000032.00000002.1781240151.0000028ED0483000.00000004.00000020.00020000.00000000.sdmpfalse
        		unknown
        http://schemas.datacontract.orgServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmpfalse
          		unknown
          http://dellincca.dell.com/crl/externalissuingca2.crl0PServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmpfalse
            		unknown
            http://logging.apache.org/log4net/release/faq.html#trouble-EventLogServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.drfalse
              		unknown
              http://tempuri.org/ServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmpfalse
                		unknown
                http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://aia.entrust.net/ts1-chain256.cerServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmpfalse
                  		unknown
                  http://www.suscerte.gob.ve/dpc0ServiceShell.exe, 00000032.00000002.1781240151.0000028ED0483000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.jclark.com/xtnode-sethttp://xmlsoft.org/XSLT/namespacexsl:importinvcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.drfalse
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/10/wsat/faultServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/10/wsatServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://schemas.datacontract.org/2004/07/Dell.Asimov.ServiceShell.CoreServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                        		unknown
                        http://schemas.datacontract.org/2004/07/Dell.Asimov.UpdateServiceShell.exe, 00000039.00000002.2469404116.000002AF53680000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53AB0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53A86000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53C8E000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53C1E000.00000004.00000800.00020000.00000000.sdmpfalse
                          		unknown
                          http://crl.entrust.net/ovcs2.crlServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameServiceShell.exe, 00000032.00000002.1758830092.0000028EB7A28000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.flexerasoftware.com0ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msifalse
                              		unknown
                              https://dev.virtualearth.net/REST/v1/Imagery/Copyright/svchost.exe, 00000004.00000002.1367002000.000001F1C043F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366368706.000001F1C0462000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000003.1366516827.000001F1C045A000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.jclark.com/xtmp_1invcol.exe, 00000045.00000002.2327889244.0000000000FEF000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.dell.com/supportreadme.txt.12.drfalse
                                    		unknown
                                    https://www.dell.comMSI2fadb.LOG.12.drfalse
                                      		unknown
                                      http://www.entrust.net/rpa03svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED0786000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1777701885.0000028ED033A000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2468001112.000002AF52C45000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://exslt.org/commoninvcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://exslt.org/commonxsl:sortinvcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, icsvc32.dll.62.drfalse
                                        		unknown
                                        http://www.w3.orServiceShell.exe, 00000032.00000002.1758830092.0000028EB80FC000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB80F0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB80BD000.00000004.00000800.00020000.00000000.sdmp, DismHost.exe, 00000036.00000003.1682274411.000001A27A346000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          http://crl.ver)svchost.exe, 00000002.00000002.2464209907.0000028260E00000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRr2bwARTxMtEy9aspRAZg5QFhagQQUgrrWPZfOn89x6JI3ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              http://www.dell.comServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, SCSIUpdate.exe.62.drfalse
                                                		unknown
                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://schemas.datacontract.org/2004/07/System.ServiceModelServiceShell.exe, 00000039.00000002.2469404116.000002AF53680000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53AB0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53A86000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53C8E000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53C1E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  http://www.symauth.com/cps0(SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msifalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://dev.virtualearth.net/REST/v1/Locationssvchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://downloads.dell.com/svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C3B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.w3.ohServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        http://schemas.dell.com/openmanage/cm/2009/1/1/staticinventory.xsdStaticIC.exe.62.drfalse
                                                          		unknown
                                                          http://schemas.xmlsoap.org/ws/2004/08/addressingServiceShell.exe, 00000032.00000002.1758830092.0000028EB79A0000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF531D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.jclark.com/xtinvcol.exe, 00000041.00000002.2280683509.0000000010094000.00000002.00000001.01000000.00000030.sdmp, invcol.exe, 00000045.00000002.2327889244.0000000000FEF000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.drfalse
                                                            		unknown
                                                            https://dynamic.tsvchost.exe, 00000004.00000002.1367139186.000001F1C0481000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://g.live.com/odclientsettings/Prod-C:svchost.exe, 00000002.00000003.1202943646.0000028260CC3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                http://www.symauth.com/rpa00SCSIUpdate.exe.62.dr, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msifalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://dev.virtualearth.net/REST/v1/Routes/Transitsvchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  http://icl.com/saxoninvcol.exe, 00000045.00000003.2324251088.0000000000FE6000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.drfalse
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/wsdl/ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F00000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    ftp://http://hrefbaseheadhtml%.20s%ddefault%d%.20scopyingThunderboltRegModule.exe.62.drfalse
                                                                      		unknown
                                                                      http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://aia.entrust.net/ovcs2-chain.p7cgServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQYZiPAAGkmN%2BgbjpL0XWVofDLNAQUKgpvMiwpICF2arServiceShell.exe, 00000039.00000002.2529968363.000002AF6C47A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://t0.ssl.ak.dynamic.tiles.virtusvchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            http://crl.entrust.net/2048ca.crl0svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.2470871710.0000028260F49000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4D3000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.Configuration.dll.12.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, Storage.Classic.dll.12.dr, WindowsManagement.Classic.dll0.12.dr, UpdateTelemetry.Proxy.dll.12.dr, BITEE8F.tmp.2.drfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://support.dell.comMSI2fadb.LOG.12.drfalse
                                                                              		unknown
                                                                              https://dev.ditu.live.com/REST/v1/JsonFilter/VenueMaps/data/svchost.exe, 00000004.00000002.1367139186.000001F1C0481000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=svchost.exe, 00000004.00000003.1366533850.000001F1C0449000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  http://crl.entrust.net/g2ca.crl0svchost.exe, 00000002.00000003.2221017736.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2165107510.000002825C15C000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C5D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C411000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE24000.00000004.00000020.00020000.00000000.sdmp, BITEE8F.tmp.2.drfalse
                                                                                    		unknown
                                                                                    https://svn.apache.org/repos/asf/logging/log4net/tags/2.0.8RC1log4net.dll.12.drfalse
                                                                                      		unknown
                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RenewServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://ocsp.entrust.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRRKiO2Poi0XFwdRr1PZXruPzTMZAQU75%2B6ebBz8iUeeJServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://dev.virtualearth.net/REST/v1/Routes/Drivingsvchost.exe, 00000004.00000003.1366482648.000001F1C0458000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://schemas.xmlsoap.org/ws/2006/02/addressingidentityServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://crl.entrust.net/g2ca.crl7ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C521000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            http://dellincca.dell.com/crl/Dell%20Inc.%20Enterprise%20CA.crl0ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmpfalse
                                                                                              		unknown
                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              http://tempuri.org/HServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                http://crl.entrust.net/g2ca.crlEServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  http://schemas.datacontract.org/2004/07/Serialize.Linq.NodesServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    http://schemas.xmlsoap.org/ws/2004/06/addressingexServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    		unknown
                                                                                                    https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=svchost.exe, 00000004.00000002.1366977667.000001F1C042B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      http://crl.entrust.net/csbr1.crlServiceShell.exe, 00000039.00000002.2529968363.000002AF6C514000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2529968363.000002AF6C4EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://www.apache.org/).ServiceShell.exe, 00000032.00000002.1774144820.0000028ED0022000.00000002.00000001.01000000.00000020.sdmp, log4net.dll.12.drfalse
                                                                                                          		unknown
                                                                                                          https://dellupdater.dell.com/non_du/ClientService/Catalog/Platform/ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C1D2000.00000002.00000001.01000000.00000045.sdmpfalse
                                                                                                            		unknown
                                                                                                            http://crl.entrust.net/g2ca.crlMServiceShell.exe, 00000039.00000002.2529968363.000002AF6C578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/NonceServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponseServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://crl.entrust.net/g2ca.crl0;ServiceShell.exe, 00000032.00000002.1784750701.0000028ED074E000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1785537339.0000028ED0AC0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2510179364.000002AF6B9D0000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2516103784.000002AF6BE10000.00000004.00000020.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2517844819.000002AF6C12E000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 0000003D.00000002.2286382085.00000000010F0000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 0000003E.00000002.2336985250.0000000000ED0000.00000004.00000020.00020000.00000000.sdmp, InvColPC.exe, 00000042.00000002.2337144714.00000000010A4000.00000004.00000020.00020000.00000000.sdmp, icsvc32.dll.62.dr, ServiceShell.Configuration.dll.12.dr, invcol.exe.66.dr, UpdateClient.Classic.dll.12.dr, Update.Classic.dll0.12.dr, Verification.dll.12.dr, ServiceShell.ServiceModel.Classic.dll0.12.dr, ServiceShell.Loader.dll.12.dr, ServiceShell.ContinualService.dll.12.dr, ThunderboltRegModule.exe.62.dr, Storage.Classic.dll.12.dr, PNPUpdate.exe.62.dr, osinv.exe.62.drfalse
                                                                                                                		unknown
                                                                                                                http://crl.thawte.com/ThawteTimestampingCA.crl0ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmp, ISBEW64.exe0.13.dr, ISRT.dll.13.dr, 532a59.rbs.12.dr, _isres_0x0409.dll0.13.dr, 532a58.msi.12.dr, E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msifalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://schemas.datacontract.org/2004/07/Serialize.Linq.NodesHServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  http://reactivex.io/0System.Reactive.PlatformServices.dll.12.dr, System.Reactive.Interfaces.dll0.12.drfalse
                                                                                                                    		unknown
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/rolServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      http://dellincca.dell.com/aia/externalissuingca2.crt0ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C342000.00000002.00000001.01000000.00000045.sdmp, ServiceShell.exe, 00000039.00000002.2524867219.000002AF6C2AD000.00000002.00000001.01000000.00000045.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifServiceShell.exe, 00000032.00000002.1758830092.0000028EB7F12000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000032.00000002.1758830092.0000028EB7B07000.00000004.00000800.00020000.00000000.sdmp, ServiceShell.exe, 00000039.00000002.2469404116.000002AF53313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown

                                                                                                                        World Map of Contacted IPs

                                                                                                                        • No. of IPs < 25%
                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                        • 75% < No. of IPs

                                                                                                                        Public IPs

                                                                                                                        IPDomainCountryFlagASNASN NameMalicious

                                                                                                                        Private

                                                                                                                        IP
                                                                                                                        127.0.0.1

                                                                                                                        General Information

                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                        Analysis ID:1538487
                                                                                                                        Start date and time:2024-10-21 11:57:47 +02:00
                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                        Overall analysis duration:0h 8m 4s
                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                        Report type:full
                                                                                                                        Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                        Number of analysed new started processes analysed:69
                                                                                                                        Number of new started drivers analysed:0
                                                                                                                        Number of existing processes analysed:0
                                                                                                                        Number of existing drivers analysed:0
                                                                                                                        Number of injected processes analysed:1
                                                                                                                        Technologies:
                                                                                                                        • EGA enabled
                                                                                                                        • AMSI enabled
                                                                                                                        Analysis Mode:default
                                                                                                                        Analysis stop reason:Timeout
                                                                                                                        Sample name:at.zip
                                                                                                                        Detection:MAL
                                                                                                                        Classification:mal60.evad.winZIP@107/1001@4/1
                                                                                                                        Cookbook Comments:
                                                                                                                        • Found application associated with file extension: .zip

                                                                                                                        Warnings

                                                                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, consent.exe, SIHClient.exe, svchost.exe
                                                                                                                        • Excluded IPs from analysis (whitelisted): 23.202.186.26, 23.32.113.230, 2.21.81.173, 23.210.44.32
                                                                                                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, dellupdater.dell.com.edgekey.net, e13665.g.akamaiedge.net, downloads.dell.com-v2-dd.edgekey.net, fe3cr.delivery.mp.microsoft.com, e16604.g.akamaiedge.net, downloads.dell-cidr.akadns.net, prod.fs.microsoft.com.akadns.net, downloads-regions.dell-cidr.akadns.net, e12616.dscd.akamaiedge.net
                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                        • VT rate limit hit for: at.zip

                                                                                                                        Simulations

                                                                                                                        Behavior and APIs

                                                                                                                        TimeTypeDescription
                                                                                                                        05:58:18API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                        05:58:35API Interceptor45x Sleep call for process: msiexec.exe modified
                                                                                                                        05:58:52API Interceptor3722079x Sleep call for process: ServiceShell.exe modified
                                                                                                                        05:58:57API Interceptor1532x Sleep call for process: dllhost.exe modified
                                                                                                                        05:59:05API Interceptor1x Sleep call for process: DismHost.exe modified
                                                                                                                        05:59:25API Interceptor1x Sleep call for process: MpCmdRun.exe modified
                                                                                                                        05:59:31API Interceptor106915x Sleep call for process: msdtc.exe modified

                                                                                                                        Joe Sandbox View / Context

                                                                                                                        IPs

                                                                                                                        No context

                                                                                                                        Domains

                                                                                                                        No context

                                                                                                                        ASNs

                                                                                                                        No context

                                                                                                                        JA3 Fingerprints

                                                                                                                        No context

                                                                                                                        Dropped Files

                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                        C:\Program Files (x86)\Dell\UpdateService\Common.Logging.dllShareGate.24.2.3.msiGet hashmaliciousUnknownBrowse
                                                                                                                          SaasAntTransactions-Setup (1).exeGet hashmaliciousRedLineBrowse
                                                                                                                            ShareGate.18.0.2.msiGet hashmaliciousUnknownBrowse
                                                                                                                              C:\Program Files (x86)\Dell\UpdateService\Common.Logging.Core.dllShareGate.24.2.3.msiGet hashmaliciousUnknownBrowse
                                                                                                                                SaasAntTransactions-Setup (1).exeGet hashmaliciousRedLineBrowse
                                                                                                                                  ShareGate.18.0.2.msiGet hashmaliciousUnknownBrowse

                                                                                                                                    Created / dropped Files

                                                                                                                                    C:\Config.Msi\532a59.rbs

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):337470
                                                                                                                                    Entropy (8bit):6.080168322230186
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:JgCcB+bVckShH1Qy0GX2ay5BToHgL67PFdSt2+EnArv6gHrvJ8XEQ07YnEDP7xpR:JgCcMSHQy9yHTOu+PFgt2bAljCXid/z
                                                                                                                                    MD5:A70DA7191B020CB2CFD58BE13323D667
                                                                                                                                    SHA1:E3B4BA55B6D65405A9ED01CE7A58089747EF6245
                                                                                                                                    SHA-256:813E00664B2C9CC9B03410406DA9631FDE854AD2704281C22DB43349374AD86D
                                                                                                                                    SHA-512:81E08098C554AD8BE24A31F3A79CAC2CCC4984329157773F3CB484C9DF1A0B5CC68C7D2C81A115D89DC4DBA5459D0540F1C25367F4B229910F2D473FDA035BCD
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:...@IXOS.@.....@Y/UY.@.....@.....@.....@.....@.....@......&.{5669AB71-1302-4412-8DA1-CB69CD7B7324}$.Dell Command | Update for Windows 10,.E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{59C5BCBE-15E4-49AF-BB4B-C5A27E48EEAF}.....@.....@.....@.....@.......@.....@.....@.......@....$.Dell Command | Update for Windows 10......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{841D7A56-8FC2-46C7-8812-C1AF4101079D}&.{5669AB71-1302-4412-8DA1-CB69CD7B7324}.@......&.{0A021260-494A-4E0B-B854-1ED7948FC48B}&.{5669AB71-1302-4412-8DA1-CB69CD7B7324}.@......&.{0EA8AB43-AB11-45E3-9153-4D6488CBF866}&.{5669AB71-1302-4412-8DA1-CB69CD7B7324}.@......&.{7E95C2ED-4208-4F64-B3F3-78AD5A5B0143}&.{5669AB71-1302-4412-8DA1-CB69CD7B7324}.@......&.{52825023-EF3B-4D37-A39A-0933AFEA7320}&.{5669AB71-1302-4412-8DA1-CB69CD7B7324}.@......&.{3D0BC44F-962B-48E9-849F-1848EC36F364}&.{5669AB7

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Common.Logging.Core.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):10240
                                                                                                                                    Entropy (8bit):4.515668005518576
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:Iw2SGGh3mQQQQQbzsESNa0G+xEMMPoLXrYshSkvW:fXXh3JJSNH2PUJSkvW
                                                                                                                                    MD5:1830CD72D0EA37BAB9AF9FDF81FC96DE
                                                                                                                                    SHA1:3480C6662A0E1C0F579DDC0B30D3FF79278FC915
                                                                                                                                    SHA-256:43D21A6EF97B8B9E02994BE1EAEE2D73EAAD10F2DC1FA100FD57636FFAFF446C
                                                                                                                                    SHA-512:1A5D96B92876C796EE6FA1A77F46E202913FFD89939347784F783F664CC11DE880D4627A9D0A4D14AB335ACF29EE8C691EBF06D59B78E7E386F799C53BDEAF1F
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Joe Sandbox View:
                                                                                                                                    • Filename: ShareGate.24.2.3.msi, Detection: malicious, Browse
                                                                                                                                    • Filename: SaasAntTransactions-Setup (1).exe, Detection: malicious, Browse
                                                                                                                                    • Filename: ShareGate.18.0.2.msi, Detection: malicious, Browse
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....~GV...........!.................<... ...@....... ............................... ....@.................................D<..W....@.......................`.......;............................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......&..............@..B.................<......H........ ......................P .........................................S.....d........ei'...!*..P.tpO#.g.Z).._wnST..N.Q.......h...[8./B.~Z9...$sv.H...t..d.P.f%.W.U..O0K0...2.3Q....a...P..:.(......(....*..{....*"..}....*BSJB............v4.0.30319......l.......#~..P.......#Strings............#US.........#GUID...........#Blob...........W.........%3........!...........]...............D.........................................................w.........................

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Common.Logging.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):44544
                                                                                                                                    Entropy (8bit):5.5636356942236285
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:47Fuak/yRoDPqJjW8SDSsR7TuPXj0Hiz4mZ2b8eqrxa:47poD1Gz+pmZ2b9qr4
                                                                                                                                    MD5:7C4C80A7A8B46A7100937018DFF0540E
                                                                                                                                    SHA1:37B979C2A79031AEDF8729ECF46AE1AB9E2B513A
                                                                                                                                    SHA-256:7D4435779924F739DD0ABD0117B380FA4CF63BBA552BC6EB9E0D29E24B85E6D1
                                                                                                                                    SHA-512:28850810683AE532FE7448D43D64B7FCF319374DF889565FD8920B090CD4FDDA4478C7E5D7BE29426DBBCC0B66E49544BDEDB719E144F549CA3274D1B19B6B5D
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Joe Sandbox View:
                                                                                                                                    • Filename: ShareGate.24.2.3.msi, Detection: malicious, Browse
                                                                                                                                    • Filename: SaasAntTransactions-Setup (1).exe, Detection: malicious, Browse
                                                                                                                                    • Filename: ShareGate.18.0.2.msi, Detection: malicious, Browse
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....~GV...........!..................... ........... ....................... ............@.................................L...O.......x............................................................................ ............... ..H............text........ ...................... ..`.rsrc...x...........................@..@.reloc..............................@..B........................H........M...t..................P ......................................_.P....|.x.v..4t....Z.C.W.:q...+.xj.....1...r..........K...h...........2....DK]r..l.=.f.....h..&b.%...n.....g,.PJC).5..9....%>..( ...*..("...*"..(#...*&...($...*&...(%...*....0..........s&...........'...s(...(...+...)...s*...(...+...+...s,...(...+...-...s....(...+.../...s0...(...+...1...s2...(...+...3...s4...(...+*Z~.........(5....o6...*&...(....*..0..J........,C.o7...o8....+...(9.......(:...-...o).....

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Configuration.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):50872
                                                                                                                                    Entropy (8bit):6.073888612682337
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:dc6BcTWGwFUQoQFqtsip90OmMhrnmwNE2Q6hwSa4:d4GUfQFq1irWDm0aP4
                                                                                                                                    MD5:9329F1DEFAFC7221A30C0AF576ABDE30
                                                                                                                                    SHA1:9CA4431602A7D553B820813B2ED45CB41071F2DF
                                                                                                                                    SHA-256:C9C07126A50472DFA748B8C67D906F68D0AA2CA8DBFE1A38563785B8ABA15ACF
                                                                                                                                    SHA-512:ABFF9B6467063C2A7FC9A6FBDDE377B5FEA9DA496248463CE89EC820DD690FE0C6C9E8118C8977CF57022C00C74EEBD554241BD32669DC059800048A29D1BD60
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.................. ........... ....................... ......e.....`.....................................O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......xY...e...........................................................0..]........{....%-S&..{....~3...%-.&~2.........s....%.3...~4...%-.&~2.........s....%.4...(...+%.}.....*....0...........{....%-x&..{....(....o....~5...%-.&~2.........s....%.5...(...+.......s!...(...+~6...%-.&~2.........s"...%.6...(...+(...+%.}.....*...0..]........{....%-S&..(....~7...%-.&~2.........s%...%.7...~8...%-.&~2.........s&...%.8...(...+%.}.....*....0...........('.....}......}......(....o(...~9..

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Configuration.RemoteStorage.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):12992
                                                                                                                                    Entropy (8bit):6.250960928124704
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:RcLO/OMEobMIWcvmGI66OIWqw7LOawAqIWVkS6HLm6ESkmAA1zYJzq6wUgaT:Rcy/O1ofWCxYWnfOaWtXikfQL6
                                                                                                                                    MD5:6AC9C6D5041533058F4D1CDB273011BA
                                                                                                                                    SHA1:FE337B5A06C34D54389E5A31E230C5E025C5D105
                                                                                                                                    SHA-256:22A053244B6942C7F44EBCBB99ACDE37D3ED4B078244765E3AD0FB2089ED3514
                                                                                                                                    SHA-512:B5DABB67882175F5CBC40DA8874356396E00D9D26205CD8A739845C2038CE9B9E3ECEBB2BD78D6E64B57ED20883BE62EA97B889E22B266A10654823CD10A3683
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..............+... ...@....... ..............................H.....`.................................X+..O....@..T....................`...... *............................................... ............... ..H............text........ ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................+......H.......0!...............................................................*b..(.....r...p(....}....*..0..%........{......o...+....o........,..o......*....................0..$........{......o...+.....o.......,..o.....*.................0.."........{......o...+...o.......,..o.....*..................BSJB............v4.0.30319......l.......#~......<...#Strings....X...(...#US.........#GUID.......`...#Blob...........W..........3......................................................=.

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Dell.Pla.P1.Common.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):25792
                                                                                                                                    Entropy (8bit):6.20377414511103
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:4Lo+Aw773bH38nEegdR9ropz1muySBaeTO4XWqoR/fwW0SeWCxYWnfOGW0ufedaO:X/w7DbM6xuytKrWd94WXeQEf5wfKaO
                                                                                                                                    MD5:9732205B7AE83301192A326274E03B7B
                                                                                                                                    SHA1:53015CAC4A6A4D8B9EC4084675864125997113DC
                                                                                                                                    SHA-256:92911BA77C83BACA005C23E1E5F48AA6A547190E680EB6FF9597296AE5893D42
                                                                                                                                    SHA-512:C770B76897592FE39C9441DFC0A21421DF902ADD8BE7975EDDD6CB4B5E369AE1F8E5620A4DEE1B3C97F4A78B412D7AE207E07C275B7F30943796A518E4AA36B6
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...YO.].........." ..0..@..........r_... ...`....... ....................................`................................. _..O....`...............H...............]............................................... ............... ..H............text...x?... ...@.................. ..`.rsrc........`.......B..............@..@.reloc...............F..............@..B................T_......H......../...-..................h].......................................0...........-.r...pr?..ps....zs......."o....&..o@...o....&.."o....&.rI..po....&.oD...-..."o....&...(........(.......&.....:l....oB...rQ..po....9.....oB...rQ..p(........o....s.........+]......+....X.....X........o......Xo....-.......o......o.......1.......o......X.Yo.........X......o....2...o....o......+4..(..........o.....],...oB......XrQ..po ...oC.....X...(!...-...........o".....oB...rU..po....,[.oB...r

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Dell.Pla.P1.MessageClient.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):81600
                                                                                                                                    Entropy (8bit):5.949937570255719
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:qM3+rXA700D1kvzzJDtYIvXB1lbVtJ/JHDQ6FSfY:qitrxsJWI/l/JxHlAfY
                                                                                                                                    MD5:B4015E86F8B5B723BB6047F909585231
                                                                                                                                    SHA1:6FAEC1624BCE067A174A4DB05E67CEDD07B75270
                                                                                                                                    SHA-256:750B0EBDE08F0164E9479BE0EB11E1C93528105DDC7D039525135E4AD039B461
                                                                                                                                    SHA-512:E02950DB9648E646A721BF5E33CEEEEC9A3E4B952CDA57AAAE729BE0B7CB98F0E6F8FEEA8E1BC6326B064EDE8240F7A8E8F86DA94463FF7C92847D1342C50A16
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...YO.].........." ..0..............8... ...@....... ....................................`..................................7..O....@...............".......`.......6............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................7......H.......L........................6........................................{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*2.(....(....*:.(......}....*..{....*:.(......}....*^.{....,..{.....o....*.*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..0...........-..*..\o.......3..(....o....+....o ...(....o.....~!.....(........ .aiA5#.. ;q..;...... t*@..W.. .aiA.`8...... ..z]5... ..rG.[.. ..z]..8...... ..P..t.. x....M8.....r...p("...-h

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Execution.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):16568
                                                                                                                                    Entropy (8bit):6.214503701202033
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:qNGXxlbmb4/HcD98Z0NWRWCxYWnfOhIWmmpufedax:qQX2bXDWRQEfVegfKax
                                                                                                                                    MD5:896F2D5222D255B9C62D818C218A13A5
                                                                                                                                    SHA1:C6BAFF532EB0CE2FF25FA0F557493872745FC2E1
                                                                                                                                    SHA-256:DF36A2402C61463A86BFEAD5E42E013C26336AF2EA7DC9D3CA84F92C29184590
                                                                                                                                    SHA-512:E38A1BAF1BA64F47AF181358D8FF6C6EEB8EB5B54555E4FFB752C294FEB99EAD18785E03D92787729B7C865F8891C3BA3C4203D9BB77DAE7B80CAC6ED4513DB3
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..............;... ...@....... ...............................:....`.................................L;..O....@...............$.......`.......:............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B.................;......H........%..p............................................................0................s.......o....(.........*....................(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*..0..%........{..........(......}.......,..(.....*.....................{....*"..}....*..{....*"..}....*2.{....o....*2.{....o....*..{....*.0..E.........(......%-.&~....(......(.......(.......%-.&~....(.....(......(....*..(....(....,.r...p(....r...ps....z*....0...........{....-.*.{.

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\FrameworkCore.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):415928
                                                                                                                                    Entropy (8bit):6.001968625786018
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:Vy2kE44W5p20f/RCTArlf1ll0zCiCpppspsp56ytlW8VO+5j+U03ENy8Gu:V64W5p5f/g+1byS68z+U0c7Gu
                                                                                                                                    MD5:7E17C1EEB43956209C2993816D380512
                                                                                                                                    SHA1:813B390A0E58951F6311AF02F7F1FC3830D57CB5
                                                                                                                                    SHA-256:DCA5E8BE0BA7E2EC6604F081A2CF7C5B22276186148B0948E71C4482EBD93BB3
                                                                                                                                    SHA-512:77EE0FF7EDC1B62E2005C36BB0F35248C96DE006268D451D6877ADA6BBE1CEF55557892F592CF2263734D856AE339CB5289DC051FD864004E2864C1C5D7AB773
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..4...........O... ...`....... ...............................C....`.................................4O..O....`...............<...............M............................................... ............... ..H............text....3... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............:..............@..B................hO......H.......h....[............................................................{6...*..{7...*V.(8.....}6.....}7...*...0..;........u......,/(9....{6....{6...o:...,.(;....{7....{7...o<...*.*. y.0. )UU.Z(9....{6...o=...X )UU.Z(;....{7...o>...X*.0...........r...p......%..{6....................-.q.............-.&.+.......o?....%..{7....................-.q.............-.&.+.......o?....(@...*.0..Z.......~..........(A...sB.....oC...#.....@.@Z.#......&@.oC...#......(@ZX...(.........,..(D.

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Interop.COMAdmin.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):35000
                                                                                                                                    Entropy (8bit):6.188830167496896
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:RQmpTh4ppZdnsw5k7T1NNKgAsGbT2QEfhGfKaKz:RQLjns3P1NNKgAsGbT2Q6hXa+
                                                                                                                                    MD5:D075459F560E6C19B7AFB29F852E05FA
                                                                                                                                    SHA1:89B3E9FB5FD7A27ED8BCF97E959D8DF3A0A408A6
                                                                                                                                    SHA-256:9DD86D279197E22B478AE0957DE3CD7837201E0A3ECD28872175BE523E9C939B
                                                                                                                                    SHA-512:3AFBDD11A75068E2D34FC46A02ADD389B6022D2131A86B2669F18C836905EBD087C4434775B96D98183F5CCAE077F3C34F7A92532E1C242294C0C91C81685F59
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......]...........!.....d............... ........@.. ....................................@.....................................W.......x............l............................................................... ............... ..H............text....b... ...d.................. ..`.rsrc...x............f..............@..@.reloc...............j..............@..B........................H.......P ..Ta..........................................................BSJB............v4.0.30319......l.......#~.../...(..#Strings.....X......#US..X......#GUID....X..<...#Blob...........W?........%3........................S...................0.......(...*...P..............(..............!./...N./...c.....h./...y./...../............................./...............#./...@./.................................(.......;.....8.......;.....J.......t.....[...%.........i.............

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Interop.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):28344
                                                                                                                                    Entropy (8bit):6.291283658474371
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:ulONTTyooUpjahw/xjrI/wFSzK5vU0v1imc6lgFtYLH2Sj+4WCxYWnfO+WKufedI:ulO9GgG/gS2B3vgpFtqj+4QEfh2fKaz
                                                                                                                                    MD5:C9B28811B663B694EF2933683A963736
                                                                                                                                    SHA1:77691F4222EBC9ECE12E14A2F7A61F303E1EF669
                                                                                                                                    SHA-256:80A12E04B30906D37AF3855CFE3F3EF8E4E66D1550F91936AEA235CE166E68BD
                                                                                                                                    SHA-512:FA100B49C84214AD725D6494BD48AE70A2A57C0D0E0975527E3A5F54999DBA7CD5A55B0102453F529EA82D0260B55E25E44406D5062E3EF1C13C97798AC3C020
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..J..........>i... ........... ...............................>....`..................................h..O....................R...............g............................................... ............... ..H............text...DI... ...J.................. ..`.rsrc................L..............@..@.reloc...............P..............@..B................ i......H.......p!..DF...........................................................0...........s.................................r...ps.........rK..ps.........r...ps.........r...ps.........r)..ps.........rs..ps.........r...ps.........r...ps.........rQ..ps.........r...ps.........r...ps.........*....0..4........... .....(....&.{j......r/..p.{j........(....(....*..(....*BSJB............v4.0.30319......l.......#~..t...L%..#Strings.....;..h...#US.(?......#GUID...8?......#Blob...........W=..

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Logger.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):48312
                                                                                                                                    Entropy (8bit):5.939090369127581
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:wR9SeWOYdo1NS9bnm4MaOk6i1qh1+fUp0uqRGOvSQEfhYfKa55:a9SeWOImBaONgRG6SQ6htan
                                                                                                                                    MD5:6A96A810FC5EE85CE0288D09BDFD1C1A
                                                                                                                                    SHA1:75C14A6459A7D8AF8A250B716C85D3200EBEDBE1
                                                                                                                                    SHA-256:FA9E1E8EBC0885E0A7B0A29BCCE1E76C6456AD58C9AE90064A4373B46E192F51
                                                                                                                                    SHA-512:81B1AE2152A71F50292ED3ADCBBB4F9E1BEDAA51CE15C90ABDCDDEC3392A1D3FCCA0A20D5FDD1D310780CF8291938DF73649049CD0DDDB967BDA1F0DD810425B
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.................. ........... ...............................t....`.....................................O...................................p................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......`P...e..........................................................F.{....o....o....*2.{....o....*2.{....o....*2.{....o....*2.{....o....*2.{....o....*:.(......}....*^.{....o.....o....o....*..{....o.........(.....o......o ...*..{....o.........(.....o......o ...*^.{....o.....o8...o!...*6.{.....o"...*:.{......o#...*6.{.....o$...*:.{......o%...*6.{.....o&...*:.{......o'...*6.{.....o(...*:.{......o)...*6.{.....o*...*:.{......o+...*f.s,...}.....(......}....*..{.....o-....{....

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Microsoft.ServiceBus.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):3560216
                                                                                                                                    Entropy (8bit):5.999122892337014
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24576:hgVPw+cT7YlVGtJWHGNEdTP+mimOxnCidM0sz7nSS2QviaFlmAiQI6WB:hgVPwnHYlSwDjOxnc2yiou
                                                                                                                                    MD5:3670D59B2F9D4C72D5B8B33458F43159
                                                                                                                                    SHA1:0DECF9B024E1625D463272AC429995E493907BC9
                                                                                                                                    SHA-256:0FB99F85A51278B64F296119E78434494F99EC7A5FAA4332510171104799188E
                                                                                                                                    SHA-512:541FD7B71E95F5B3DAA80F1847FA8CC82BBE8DA2A557118A36417220C17281531F2BAFB6E75149E61915F597520CA6DDFBC8C748639593A0F45EE308E1FDC061
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......X.........." ..0...3..(........3.. ... 4...... ........................6.......6...`..................................3.O.... 4..$............6..?...`6.....@.3.............................................. ............... ..H............text...<.3.. ....3................. ..`.rsrc....$... 4..&....3.............@..@.reloc.......`6.......6.............@..B..................3.....H............!..........1.......3.......................................(\...*..(\.....}......}......}.......}....*z.{.....{.....{.....{....s....*.*...0..W........{]....{^....i2).{^....i.Z.......{^.....{]...(_.....}^....{^.....{]......X}]..........*..0...........{^.....{]....Y..}].........*R.{^....{]....Y.....**.{]......*N.......}^....(\...*V.(\.....}......}....*..0..\........o`.....}a.....{b.....}c....{d....{c...oe....{f....{g...oh....{i....{j...ok....{l...,.(m...r...p.{c.

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Newtonsoft.Json.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):653824
                                                                                                                                    Entropy (8bit):5.911899312502532
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:WvS56CuBAXYxeeNvWHc3oY2osSeBTdb+:K07SAIxOhAVeBTdS
                                                                                                                                    MD5:F33CBE589B769956284868104686CC2D
                                                                                                                                    SHA1:2FB0BE100DE03680FC4309C9FA5A29E69397A980
                                                                                                                                    SHA-256:973FD70CE48E5AC433A101B42871680C51E2FEBA2AEEC3D400DEA4115AF3A278
                                                                                                                                    SHA-512:FFD65F6487BC71C967ABCF90A666080C67B8DB010D5282D2060C9D87A9828519A14F5D3A6FE76D81E1D3251C2104A2E9E6186AF0EFFD5F331B1342682811EBF4
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....K............" ..0.................. ... ....... .......................`.......M....`.....................................O.... ..T....................@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...T.... ......................@..@.reloc.......@......................@..B........................H.......Hj......................\.........................................{....*"..}....*..($...*:.($.....}....*"..(%...*..(....*..{ ...*"..} ...*..{!...*"..}!...*..{"...*"..}"...*..{#...*"..}#...*..{$...*"..}$...*..{*...*>..}*.....(....*..{+...*>..}+.....(....*..{%...*"..}%...*..0...........{&......(....-..*..(....*6..s....}&...*.0...........{'......(....-..*..(....*6..s....}'...*.0...........{(......(....-..*..(....*6..s....}(...*.0...........{)......(....-..*..(....*6..s..

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Quartz.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):866816
                                                                                                                                    Entropy (8bit):5.815560440115943
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:AfqvVVLZYKiYlvaUXLz3JLZk2AC8NDtD820m4wpR3F1/JAn:AfqdeUXLz5LZkLC6pf3FpY
                                                                                                                                    MD5:0EFA9CE2782B621D8C113DD452B8BFBC
                                                                                                                                    SHA1:F9A4800BD6CC13C9C40DD4171FBF2234FE75E791
                                                                                                                                    SHA-256:F5BD938375ECE59228670C106EFF5F08CE49FFBC8BA3C3569144E57A27821D09
                                                                                                                                    SHA-512:8319A1F5924E08F4CA2F9C5A44940496B73BAF23E0BB82EE4C92F998C67597A646506F38311629229267448C8F176A5390F79C77B74338E15ED6581B4222FD6C
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Z[............" ..0..2...........P... ...`....... ...............................i....`..................................P..O....`...............................O..T............................................ ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............8..............@..B.................P......H........E..x...........T....t..<O......................................V..}......}.....(6...*.s....*....0..P.......s.......{....o......{....o......{....o......{....o......{....o......{....o.....*Z.(......}......}.....*Z.(......}......}.....*Z.(......}......}.....*Z.(......}......}.....*Z.(......}......}.....*Z.(......}......}.....*Z.(......}......}.....*Z.(......}......}.....*&..}.....*&..}.....*&..}.....*&..}.....*&..}.....*&..}.....*B..0.r...ps7...z*&..}.....*..0..........

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Scheduler.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):28864
                                                                                                                                    Entropy (8bit):6.053565901059561
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:8X89dWaWfWyrdyYP7zhwvWk4OQEfV6ExfY:8X3d5JXOQ6V6yfY
                                                                                                                                    MD5:60BE89178B4CF074F18262D57EB8DCDA
                                                                                                                                    SHA1:9314BA28746299E7F5448238E01A0478FF5A7D03
                                                                                                                                    SHA-256:A3FA5D2E0F5E12CFBB859F0FA75C285DB24A34C304E9B9A158DBE969131FBB51
                                                                                                                                    SHA-512:0B9BDAD4E4A430CE859840C89950AC99BC7663A5C3CC4446F0ACB0B53DD000681CA215EDB19034D0F8538A5F27DCF19029D9A84CA7BD9B23C0763DB4A97FF24E
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..L...........k... ........... ..............................".....`..................................k..O....................T..............Pj............................................... ............... ..H............text....K... ...L.................. ..`.rsrc................N..............@..@.reloc...............R..............@..B.................k......H........8...1..........................................................V.(......(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..0..&........( ...-..($......(.......(....*.{....*...0..x........( ...-h..($......(.......(.....($......(.......(.....($......(.......(......(......(......(....s....s....(%...*..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*...0..........

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Serialize.Linq.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):58880
                                                                                                                                    Entropy (8bit):5.825723955569168
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:8LMCy1B/EySFJnt9vpvYFv7FJXggrCJzQ5hZryDbsGA:8ACynsySFtdWZJv5hVfGA
                                                                                                                                    MD5:F4F377FC8EF4E0459ADD01CB0C5838F4
                                                                                                                                    SHA1:47DFC170B55E22170B1A2AC8A1A97966A0A591AA
                                                                                                                                    SHA-256:D2DC91DB0767CBBC6D61099C1F4F88BF29186B812923E5E8322023CF5DD4F93B
                                                                                                                                    SHA-512:DE62320A15F67957B703ECC4AF64547A0340A2405BBA05DAD225351D8DD957B2CADF93C96B13B856C72492F05F1DB389F129B833FCDD248E6DAF7832A2DFF547
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Y...........!..................... ........... .......................@............`.....................................K.......8.................... ......x................................................ ............... ..H............text........ ...................... ..`.rsrc...8...........................@..@.reloc....... ......................@..B........................H........c.............................................................."..(....*&...(....*Z..(......(......(....*..{....*"..}....*..{....*"..}....*.0..6.......r...p.........(........o........(........(......(....*v.(.....s....}.....s....}....*..{....*"..}....*....0...........(....-..........*.<s....*..(....*..{O...o.....{N...oZ....{O...oD...(....*...0..f.......s.......}O.....}N....{O...-.ro..ps....z.{O...o....oV...(.....{O...oD...(......{............s....o....*...0..L.......

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Configuration.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):32952
                                                                                                                                    Entropy (8bit):5.8446450940235035
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:UYJY1kCe73etTlQMWFjQ0RhlQEfhJXMfKar:UYJilQM2Q0TlQ6hJXRar
                                                                                                                                    MD5:2CACEB276F4E7DE4EBDA8979FAC0E83E
                                                                                                                                    SHA1:7361AAC6F7E457DA3BC7FC6FB33E46DC7276F961
                                                                                                                                    SHA-256:A20A1F4C44EE1420CFA563BFA7C192B554A8979C2CB29C2D98F6278EB775CE7D
                                                                                                                                    SHA-512:C4F82B09E0DB6070FAF6681576678D6C75D9529B48C4349DC2FE539FABC0987F1E3ECC9726789789DA22DC8751E9FA5004E88493DF322B941CEADC9CD0122642
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..Z...........y... ........... ....................................`..................................y..O....................d..............`x............................................... ............... ..H............text....Y... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B.................y......H....... 2..@F...........................................................0..Z.......(......E....................+*..(....-1(.....+)(.....+!..(....-.(.....+.r...pr#..ps....z.*...0..*.................o....r_..p(....(....s.....s....*.rg..pr...p(....(....s.....s....*.('...(....*..0..x.......({...(.....(}...(.....(....(.....(....(......(....-?.(....-7..(....,..(....,......s....Q.*....(....,.......s....Q.*..Q.*.((...(....*.0..C.........6.....+.r...pr...p.s.....s....*r...pr...p.s...

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ContinualService.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):12480
                                                                                                                                    Entropy (8bit):6.1571185937362225
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:KFLAjDoeDMsekMIWcvmGI66OIWqw7LOawAqIW13+6HLm6ESkmAA1zYJzq3I:K1AjDoe4se2WCxYWnfOaW13+Xikfp
                                                                                                                                    MD5:4FB4E59A7D4990A5A376732E590DFE9F
                                                                                                                                    SHA1:E88C153BF81C7FFD81375C59CC3FB845654B5284
                                                                                                                                    SHA-256:654FB6D677453D93D6A4A5F61834E2F7482DCDF78E3EC9196F9950B66CEDC16B
                                                                                                                                    SHA-512:D82842B98F3F9CAAB6DB54E9A558BDB2C009451199D5F1FC6FCBB18E2277A87FFAE5896064319D65DE1A1371454B7426D444F5275A489571CB6DFC64355C0831
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.............b(... ...@....... ....................................`..................................(..O....@..$....................`.......&............................................... ............... ..H............text...h.... ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B................D(......H.......P ..............................................................BSJB............v4.0.30319......l.......#~..\.......#Strings....P.......#US.T.......#GUID...d...$...#Blob...........G..........3....................................................F...........z.q...........Y...).Y.....Y.....Y...f.Y.....Y.....Y.........l.......Y.....................5.......................B...............7.#...........-.#.............#.............G...........G...........G...k.....k.....k.

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Core.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):75448
                                                                                                                                    Entropy (8bit):5.9720013573186845
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:hg1tW/OJL9s8+MXxMAee8t2gitogRuT6WptzmZZuhJV/uHQ6VJar+:hgTAOw8+BALXdogm6WptqPunwZaa
                                                                                                                                    MD5:E4A7A0FD9B792ABA6D30031614778A3D
                                                                                                                                    SHA1:9AABD022A52354DD1904E173CB03DFA312B30F8F
                                                                                                                                    SHA-256:C251FBBEA7A03D61EA05CDC273F6BEAC43232D59759322674945C140490DA1F0
                                                                                                                                    SHA-512:7D2AAD99E8E8C84820D0488C2BE4F7F7ADD9881E9C5B09A90C949530F854C16956486384E57EE36C69D4831C4673ABAA7C42C586AC551A18A8FD1BA3E0E0AABC
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.................. ... ....... .......................`......r.....`.....................................O.... .......................@......x................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......<h..<.............................................................{....*"..}....*..{....*"..}....*2.{....o....*2.{....o....*..*..0...........-.r...ps....z.~....(....,.r...pr...ps....z.{....,.re..ps....z..}......(.....(...........(....(....t......99.....o....( ...(.....o!...~{...%-.&~z.....&...s"...%.{...(...+o$....8.....o%.....o&.....s'............+(...........((...,.......s....o)......X.......i2...o*....1..{.......o+...s....o,.....~|...%-.&~z.....'...s"...%.|...(...+

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Loader.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):23224
                                                                                                                                    Entropy (8bit):6.25712006911074
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:13KQQCTCn3pDhxuM5q715tRQ6tJRn/smwrhEtMINPnslOWCxYWnfO+WIufedarVs:1SCT/JlJ4ZINkAQEfhUfKarW
                                                                                                                                    MD5:948819F62BA0C8FA61553DAA1CEF4E27
                                                                                                                                    SHA1:3AFA08E284AB624223C36776B5F7C7E992CF5254
                                                                                                                                    SHA-256:3B2DF69729782BB21CF438FEB722D22EC5B65961815CCA88EEE90782FC9D1554
                                                                                                                                    SHA-512:9864595143387BDC771447D063B56B1438B1C906CA715D23C26795D4A564D188B2A670E8556AC53F00FF8AB012AA81A3977D079F52D0FAB674AD37B25DD0C32B
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..6...........U... ...`....... ...............................8....`..................................U..O....`...............>..............lT............................................... ............... ..H............text....5... ...6.................. ..`.rsrc........`.......8..............@..@.reloc...............<..............@..B.................U......H.......d-...'...........................................................0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*....0..)........{.........(....t......|......(...+...3.*..{....*..{....*2.{....o....*2.{....o....*..(.....s....}.....s....}.....s....}.....s....}....*..0...........{....,.r...ps....z..}.....{.....o......E........................8......{.......

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Logger.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):17592
                                                                                                                                    Entropy (8bit):6.211573006391698
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:iZ0edv1zkwwyqP4DhesYGWCxYWnfO+WR9ufedaQ:2Rdoh4DhXFQEfhA8fKaQ
                                                                                                                                    MD5:7C7221ACEA5620BA38AAAF0021790A88
                                                                                                                                    SHA1:7032A08E75ACEDF9B3D28C76DA5508A48C564ED1
                                                                                                                                    SHA-256:6CB5AE5742AA9ABD4E4D88A64A2B95062BA89198AC95525C59A630649E8CD2CE
                                                                                                                                    SHA-512:E104BE713763905DB8DC894DDA3D49801E6D46267D9DE56120C72B37C83005E74AFCD14AD48C87217BC4FC5FBAEA065CFCC0BF87F607744F9687B965F2A0F41E
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.. ...........>... ...@....... ..............................>.....`.................................@>..O....@...............(.......`.......=............................................... ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......&..............@..B................t>......H........&...............................................................0...............(....o......#...%.s....%s....o....%o....s....%~....o....o.....%.s....%(....(....o ...% ....j(!...o"...%..o#...%s$...o%...%~....s&...%.o'...o....%o....s(...%~)...o*...%~....o+...o.....%.s......(,...(....o .....o-.....o#.... ....j(!...o"....s$...o%....(....o/....~....%-.&~..........s0...%.....s1.....r...p(2.........%.r...p(2...r'..ps3....%.r/..p(2...r?..ps3....%.rk..p(2...r...ps3....s4...o5

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Notifications.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):20152
                                                                                                                                    Entropy (8bit):6.013315011620034
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:aKHmZ5Ei0mKJoqfyJV2YPe5RIvvxZane8fxZ7KWCxYWnfOhIWBFufedaq:WPEi0mKJDV7MZ+POQEfVQ0fKaq
                                                                                                                                    MD5:B2C17E6BB228B24F7E3AEB451C525038
                                                                                                                                    SHA1:231B8AC6235923CD2D5C8F3728A2756C7731E816
                                                                                                                                    SHA-256:016BCE3532B38F10E0327FB2738EB7CD2BE5327997A165F8319F4F71426C9AB0
                                                                                                                                    SHA-512:96E40AE6954F738A99714DD62AE4B0895F883926F2F402FD26D9FABB6FED5100E5DA69B74A2ADDFB4AD2FA76345CDC1D7903BAC16F1E28D261BBD2D0A5FAE232
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..(...........G... ...`....... ....................................`..................................G..O....`...............2..............XF............................................... ............... ..H............text....'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................G......H........'..\...........................................................B(....r...p(....*Br...p(....(....*.r/..p*....0..........~....rI..p......(....o.......(....,?.o....(....-..o............o....(....+.r...p........o....(.....~....r...p.-.r...p+.r...p(....o.....*f.(....,..(....,..(....*.*r..(....,..*~....r...po.....*..-..+..(....(....-..*~....r?..po.....*...0..J........-..+..(.....(....,..*~....r...po.....(....r...p(....,..*~....r...po.....*...0..........(.......YE..........

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\ServiceShell.Proxy.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):15552
                                                                                                                                    Entropy (8bit):6.2335647900177324
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:pmqRTrn/Pq84hnOoGJZ0WCxYWnfOaWgXikfS:EoadhnOfyQEfVjfS
                                                                                                                                    MD5:3DEA40C1E97BB4AAB3240B81C75EF279
                                                                                                                                    SHA1:1EC0F2D611C5FDAEA5706F98E25B4C3707015779
                                                                                                                                    SHA-256:55C42561C4031EACC2A2D69FFD20A22656222D4C37DFADB94A005F62FB33EA7B
                                                                                                                                    SHA-512:359371DC583769B45DBA935AEFCC0D8027E23AAADF42A99F4DE24C32D8C73448367845DCAE79E4CB53052E324351C12B2FCA9F51CB3B90D152D90CE6DF1CC762
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.............n7... ...@....... ..............................!.....`..................................7..O....@............... .......`.......5............................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P7......H........#..H............................................................0..C........,.~....r...po.....*(....(....,..(....*(....(......(....-..(....*.*..0..........~....rC..po....ru..p(....(...+..-.~....r...po...........(....o.....(.....o.......o....-+~....r&..p.(....o....s....%.o ...%.o!.....4~....rN..po.......!.,..o"......~......o#...o.........*........D.S....................0..........~....r...po....($...(%......~....r...p.......(&...o......~....%-.&~..........s'...%.....

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\ServiceShell.ServiceModel.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):13496
                                                                                                                                    Entropy (8bit):6.15957407647412
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:7OCaNMMUVeOksW4BWCxYWnfO+WcBoufedas:9a+fcO1lBQEfhxpfKas
                                                                                                                                    MD5:06587F609B16FA1F665CCB3A72C4D0B5
                                                                                                                                    SHA1:95F86372AED55B76278B1D15F16CAAEEF37DCA64
                                                                                                                                    SHA-256:EB343A92D5111F95B7577F2DBDD464E281BC1EA9FEAC40832437BB5AD35F59B3
                                                                                                                                    SHA-512:68FF02884F2017CEACAAADCE51852685FE799BF16F449D621CCFDF43112073774027D589509EB4085CD7D87F967375F4C11D88D56F8EAD8FC0980C16274543C8
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.............b,... ...@....... ....................................`..................................,..O....@..D....................`.......*............................................... ............... ..H............text...h.... ...................... ..`.rsrc...D....@......................@..@.reloc.......`......................@..B................D,......H........!................................................................{....*:.(......}....*N.(......o....}....*..0.._...........Q.(....(....o.....+1.o......,'.u....%.-..u....%..,.+.......s....Q+....o....-....,..o......*.........=S........{....*:.(......}....*.BSJB............v4.0.30319......l...(...#~..........#Strings............#US. .......#GUID...0.......#Blob...........W..........3........................................................................................

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):36032
                                                                                                                                    Entropy (8bit):6.116668994836701
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:AYk/MedKOPFNCDJoxIfusAeeMLtQEfVuffV:tk/MeAoxUXtQ6VuffV
                                                                                                                                    MD5:2A955535DD9B5629EE10275B84252252
                                                                                                                                    SHA1:F14751DF294C22986C6C920BB4F6E25F5827309F
                                                                                                                                    SHA-256:B24E45EE0740D5BEDE374D80A2C6CCFE8D8AA1AEACD4BACB226AEA8E977514EF
                                                                                                                                    SHA-512:D17EB367F6996225E6FEA1B5EC9F72C7B4F5ECEFF680FD40F9D43DA92D954090E06967408A362856B151377D20330944B8017EAE9330EFC756B2BA1E78F91240
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........."...0..f..........*.... ........@.. ..............................Gq....`....................................O....................p............................................................... ............... ..H............text...0e... ...f.................. ..`.rsrc................h..............@..@.reloc...............n..............@..B........................H.......@:...G..........0...p...........................................6.(.....(....*...0..-.......(?....(....o1...,.~....r...po....+.~....r;..po.....(....(....-.(....(....9....s......]...s.....(....(....,Hr...p.~"...%-.&~!.....C...s....%."...( ......&...(!....o"....o#...o$...&(....(....,Hr...p.~#...%-.&~!.....D...s....%.#...( ......%...(!....o"....o#...o$...&(%...(....9....~$...%-.&~!.....E...s&...%.$...('...s(....r...p.().......o*...&.........s+...o,........-...s....o/....

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe.Config

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):473
                                                                                                                                    Entropy (8bit):4.802121297437618
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:MMHd41GiNVF7aRe5v5OXrRff2/n3tiMluo4xT:JdO/F79hOXrRn2/nddq
                                                                                                                                    MD5:3CBE0060BDE5F589D0CD16462F871D63
                                                                                                                                    SHA1:23598FB34F376F621841E0DBEAEBF24425CF2835
                                                                                                                                    SHA-256:C5F9EE609BA4D2D59E63246F522E1F10F3D5C213741377542E163EE4E606DA1E
                                                                                                                                    SHA-512:95ECA35E6E06DF23E4FE594C942F252B4C291FDAAAE095BFD33C0ED85E905028D565C3C1C1739F12BAC0E46B009B6611F0B0D69ECD1F8F88F7402E74A4BA6EF2
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-10.0.0.0" newVersion="10.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Service\Assets\LogEntries.xsd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2251
                                                                                                                                    Entropy (8bit):4.496665366969324
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:2dOl9ieTWjnVhH3oYSuF8l8JNxoCw2vFOSldbEPHx:csiqWjTH3rSuF8eXxoCaSldcx
                                                                                                                                    MD5:DE84A7F020A1061DEB09978136AC2E0C
                                                                                                                                    SHA1:AA3BA49B27D4548A28CA30E6CB60ECAA612799E9
                                                                                                                                    SHA-256:0A00864226A4128AED935F5DCCB06BE1923A9DB439B89CB57BCCEA3EC289F10E
                                                                                                                                    SHA-512:F01B6CB379CE079597C20D76A8584911485205319CA4815BE78513C97198CD0096E00BF96194ED8B1225EC7A474FAA0CB562E13B500CD8128196C5E154B17318
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8"?>..<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" attributeFormDefault="unqualified">.. XML Schema Generated from XML Document on Mon Oct 09 2017 16:52:33 GMT-0500 (Central Daylight Time) -->.. with XmlGrid.net Free Online Service http://xmlgrid.net -->.. <xs:element name="LogEntries">.. <xs:complexType>.. <xs:sequence>.. <xs:element name="LogEntry" maxOccurs="unbounded">.. <xs:complexType>.. <xs:sequence>.. <xs:element name="appname" type="xs:string" minOccurs="0" maxOccurs="1" />.. <xs:element name="level" type="xs:string" minOccurs="0" maxOccurs="1" />.. <xs:element name="timestamp" type="xs:string" minOccurs="0" maxOccurs="1" />.. <xs:element name="source" type="xs:string" minOccurs="0" maxOccurs="1" />.. <xs:element name="message" type="xs:string" minOccurs="0" maxOccurs="1" />.. <x

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):4945976
                                                                                                                                    Entropy (8bit):7.971111906019197
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:98304:WqyCOOIoFbO10Z2YICKdxPhIhsJOEgcy30987AjB/46Hg0phep2Fk3J:D40bOYqCSPhI6njp4bckZ
                                                                                                                                    MD5:4BD8BEF0043F64D5CBF6D0DEF23B3665
                                                                                                                                    SHA1:2A7931C07FB4CD18C0A6B114C1F63EEB34377363
                                                                                                                                    SHA-256:59B67E24AE023BA8086E2950474655BFD465EF05E0CCD3A09D4B7F135CC2EB62
                                                                                                                                    SHA-512:7A5A70A4D889DF54B4F5C7AB8FCB7F58F7EF0B5E1B3C3421A67338816AED81FA293063919E73D6110A311FA4AB77E9A5AA9ACC976D2DA23E27A67DFBF0FBF6BA
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........u.?..tl..tl..tl4Z.l..tl.b.l..tl.b.l6.tl..ul..tl.l.l..tl.7~l..tl.b.l..tl.b.l..tl.b.l..tlRich..tl................PE..L...l&.].............................8....... ....@.......................... .......FL......................................z..x.......XO..........x[K.............................................................. ..P............................text...p........................... ..`.rdata...h... ...j..................@..@.data...$=...........t..............@....rsrc...XO.......P..................@..@................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):12992
                                                                                                                                    Entropy (8bit):6.350433343060543
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:cc4TmSOIpT7LHCyLMIWcvmGI66OIWqw7LOawAqIWx6HLm6ESkmAA1zYJzqoBd:ImSOI5HjvWCxYWnfOaWxXikf7d
                                                                                                                                    MD5:7E31100ECFB62D08F4C89F60697A316D
                                                                                                                                    SHA1:7DE30B2FBB95557DCBDA9D1FAD0C51868722B716
                                                                                                                                    SHA-256:2748F133310A48F34ADCD7FBB685C0362E5207A122287BD31FA5CDE3C6B70DDC
                                                                                                                                    SHA-512:566723B04AB795818963DA28F773E47858E432183FC63D2165E0E599B5CA4865628C5B684CC52DFCE02C1483FC80D4725457DE8FD0D4F0FAE2F1958D4EA55A4F
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.............v-... ...@....... ....................................`.................................$-..O....@.......................`.......+............................................... ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................X-......H.......P ..............................................................BSJB............v4.0.30319......l.......#~..@.......#Strings....8.......#US.<.......#GUID...L...P...#Blob...........W..........3....................................".........................y...F.y.....G...........'...^.'...?.'...-.'.....'.....'.....'.....Z.....Z...".'...................................................{.......................d...........M.d........!..;.d.Y.........Q.V.x.T.V.9.T.V...T.V...

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Principal.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):16064
                                                                                                                                    Entropy (8bit):6.107718350587918
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:OSy6N/9Ax4kNVqoFXYT4fPGbL4/XBMIWcvmGI66OIWqw7LOawAWIW4k26HLm6ESF:Bm4kNVDPqUpWCxYWnfO2Wv2Xikf5
                                                                                                                                    MD5:D48B533281C36A1498FFBBA01A32B9ED
                                                                                                                                    SHA1:4432C453EA5685352ED46DAD491B3DB20182F39F
                                                                                                                                    SHA-256:737EDC0016D7AB61CA33525B9C2FCC9FE390082AE50EA331AFF794805DB147CF
                                                                                                                                    SHA-512:8E6A40D85A34476EA9260E7D67686BD51214AD4AFDA9B85B02D3F3B331554B43A03F584DAB58495B461562EF67E9D580A4E64D2AE8EBEA02765A93C85FB22A92
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..............8... ...@....... ....................................`..................................7..O....@...............".......`......|6............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................7......H.......\$.. ............................................................*"..(....*&...(....*".(....&*".(....&*".(....&*..(....*..(....*..{....*..{....*..{....*"..}....*..{....*"..}....*...0.....................(....*:...~....(....*.0..u........o......(...... ..%_5T. .aiA5&. ;q..;..... t*@.;..... .aiA;....8..... ..rG;..... ..z];..... ..%_;....8..... b.&u5#. ..%f.}. s..r;..... b.&u;....8..... ..(..0. ....;..... x...;....8.....r...p(....:....8z....r'..p(....:....8e....r1..p(...

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Service\Update.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):75456
                                                                                                                                    Entropy (8bit):6.089046737680665
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:X+t45q+hXZq+wxi/hrEPb5cFn26DZQ6V6fu:X+epXw+wxi/h4b5Sp7Qfu
                                                                                                                                    MD5:D92CB2776451B10C420802ED901B57B7
                                                                                                                                    SHA1:2B5B1D9AC773748D6BB95F264C7A4EB8A2E26A40
                                                                                                                                    SHA-256:7EE45DA6F151352D0710226C1851802EB3C6731F7539F7FEB776D08813F303BC
                                                                                                                                    SHA-512:A0A115C73AC2E3148660E9E0279B5A0CD0BAEF7D8F2C7FB040561823104A4E0EE382771033BF397862C9D6680B8EBFA28CDA11FBD62AFA5465B2557174F299DB
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.............j!... ...@....... ..............................`7....`..................................!..O....@.......................`....................................................... ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................L!......H........M..D.............................................................{....*"..}....*..{....*"..}....*..(....*V.(......(......(....*..{....*"..}....*:.(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(......(......(......(.......(....*z......%..(.....%..(.....(....*.0..7..........1.u....%.,%.o.....(....(....,..o.....(....(....*.*.*"..(....*...(.......*..{....*"..}....*:.(......(....*"..}....*....0...........{.........'...o....*....0......

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1551040
                                                                                                                                    Entropy (8bit):6.197930889062181
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24576:LRmM8kWTeeIdqaWw1MrZ2tPCSqSpwADf3qNkPGaO:LRsVZa7irZ2tgGDf3qNkOaO
                                                                                                                                    MD5:91A6CB9ABD9D041EE593CC232D9AA8B5
                                                                                                                                    SHA1:0AE9CCDA6CC19D5886F2E0EEAB33CB5984F557AD
                                                                                                                                    SHA-256:D53A624F7B501EA704948020FE7B2299E835408BB702F7224DCFD685E6839684
                                                                                                                                    SHA-512:07F86EB29BFEFE8313972A20545860E5C80F4A671F875EA8EA248316501011D414F69BFA793232AE81EDC9529CB8317627A4C9BAD84158636F0EED45F7234D40
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0................. ........... ...............................R....`.................................x...O...................................@................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H......................pz...)............................................{,...*..{-...*V.(......},.....}-...*...0..;........u......,/(/....{,....{,...o0...,.(1....{-....{-...o2...*.*. k... )UU.Z(/....{,...o3...X )UU.Z(1....{-...o4...X*.0...........r...p......%..{,....................-.q.............-.&.+.......o5....%..{-....................-.q.............-.&.+.......o5....(6...*..{7...*..{8...*V.(......}7.....}8...*...0..;........u......,/(/....{7....{7...o0...,.(1....{8..

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Service\UpdateScheduler.Principal.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):46776
                                                                                                                                    Entropy (8bit):5.96998486670998
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:Mya6RNOPHxDneRdeDU+cIcTi+F/QmfoQEfhg7fKaSu:RadseDU+cRTX/FoQ6h5aSu
                                                                                                                                    MD5:FCA94D9ADC97F5149265C6BDC4B74B75
                                                                                                                                    SHA1:78A80545E8F6A8BCB894B8B7183084DBF4E97F51
                                                                                                                                    SHA-256:22EDCC7F6C2CCF19C676F66A3CD0F561BE1AC8A8616AEB41C75718A9B86BDAED
                                                                                                                                    SHA-512:82E648FE5285CCF34C48C6A533AE4CE26E158172F2069A20AE202EFB6EF0082C25599B474714175441178233A86C26D9892FAF67738B69B5954B298A7B04C145
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0................. ........... ....................................`.....................................O...................................X................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......|H...e............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*R.(....-..(.......*.*..(......(......(......(.......(....*..s....}.....s....}.....(......%-.&s....z}......}....*....0.............{..........(.....{....,..{....o....-.r...ps....z.{....o....,..{....o.....s....}............s....s....}.......,..( .....{....o!....{....o"....O..u....%..,9..o#...~$...%-.&~%.....&...s'...%.$...(

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):122560
                                                                                                                                    Entropy (8bit):6.146491901958506
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:h/+nO5PMEkNK1eZLThC0hoebQj/Ly3dT+J/8v95DBsIv44tRio76dLGISlQ6VRff:QOVQc4X1bb8LytSJ/g5dVSWtIWzf5V
                                                                                                                                    MD5:435E463C00B3615574CF364D5C551234
                                                                                                                                    SHA1:F255137F35CAE43D4DA0C3809745182772F73B11
                                                                                                                                    SHA-256:D61091292C901391C6F91CD7D10A8D2C15FFDAF293705768B1965B2D5C646DD8
                                                                                                                                    SHA-512:A2CBD2B2803FA2E4FF32894CA2CD3BC9CCE272FFD3EAB34D506725445A1E16C3BB4EDCCA96C7634C93D6D88F7543F9E9E3928D4056B93C985EA63BCA3AEA3D90
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.............~.... ........... ....................... ......r.....`.................................,...O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................`.......H........<...............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Principal.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):120512
                                                                                                                                    Entropy (8bit):5.423454178676536
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:smevNG7DKNXUbkWGs6+NG05jzUVmCQ2gaMMFyg/fV:svWkzs6+NGOzyFj/fV
                                                                                                                                    MD5:B60CD40F2285826307FB3D83C9E62B9B
                                                                                                                                    SHA1:36618B6D99D90FCEF8A180FD080C7D73C496D2E7
                                                                                                                                    SHA-256:A101AB5876D097CAC00BF7C9AEA3F34F113407B2002B6F9990FCC551E7570802
                                                                                                                                    SHA-512:56FF7EC9ACC7F971BED0399FD6785B4C73FEFE38D9858595CCFEBC85321734D0220B9BB9EC1707BBA45618B13316AB0146A75CA97556D47FE999313B8D96E65E
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.............&.... ........... ....................... ............`.....................................O.................................................................................... ............... ..H............text...,.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......................................................................V(....(...+(...+s....*^.(....(...+(...+.s....*..(....*...0..C........(.....-..+..o....(....-..o....(.....-..+..o....(....-..o....(....*..0...........(......8......E@......."...?...\...y........................... ...1...B..._...|...........................#...@...Q...n...........)...............................#...@...]...z.......................-...>...O...l...................................)...C...Q...

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\SharpBITS.Base.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):43008
                                                                                                                                    Entropy (8bit):5.6981350197629785
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:MhMBq2Srm9boTSc3Z7+f5A1WAwASkgEQQMnL+SRqnL0JGhaywi:41biETScp7YABgEQQMnSSML0JQwi
                                                                                                                                    MD5:066728150B53A230311988C81501374A
                                                                                                                                    SHA1:D75A28F543537DBCDEF23B0A838931EC2C237FB7
                                                                                                                                    SHA-256:E68D18B236DE98A691B337F410E6AA7F66AE5C669D64690005AA12CDC489DA5B
                                                                                                                                    SHA-512:28E3AC503920263BA31566E38B3879989C977C68EEE807C151013F6D67EF540B10F8104718F16102EA5EF3C03656A6A8018466A0926572897C9735A3132A1E82
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.................. ........... ....................................`.....................................O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......|G...s............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..(.....-.r...pr...ps....z..}......}....*....0..:.......~......{....(....o....o....(......o........{.....o.......*..........#).......0..:.......~......{....(....o....o....(......o........{.....o.......*..........#).......0..&.......~......{......o........{.....o.......*...................0../........{......o.....{.....s.........{.

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Storage.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):12984
                                                                                                                                    Entropy (8bit):6.356067631543624
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:Tc4TmSOIpT7LHzyLMIWcvmGI66OIWqw7LOawAeIWUq6nfhLU66aRozYJzdjB5l:VmSOI5HevWCxYWnfO+WZufedaDl
                                                                                                                                    MD5:52AE1E93AFFDC86886B870BE7E18E580
                                                                                                                                    SHA1:FEB893672892B1A51E244975C36029F8B13B7CA4
                                                                                                                                    SHA-256:16ACEB641B4E039B5072E92FCCB80D703671D8A6F1D3B2E84DFFD7E889ADD898
                                                                                                                                    SHA-512:1F31CB8B0E646DD3C62072BB0DDDF4CEBD77E243D37A07793F3F0C79F43DD5F05F6DDCD1BA5ADD620442A4318FA02D3B89C9A116C2D2F8CD5DB1FFD6F8EA08FE
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.............v-... ...@....... ...............................@....`.................................$-..O....@.......................`.......+............................................... ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................X-......H.......P ..............................................................BSJB............v4.0.30319......l.......#~..@.......#Strings....8.......#US.<.......#GUID...L...P...#Blob...........W..........3....................................".........................y...F.y.....G...........'...^.'...?.'...-.'.....'.....'.....'.....Z.....Z...".'...................................................{.......................d...........M.d........!..;.d.Y.........Q.V.x.T.V.9.T.V...T.V...

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\System.Net.Http.Formatting.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):185544
                                                                                                                                    Entropy (8bit):6.1143984102987075
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:I8eNPCLiHSIZ8gcAx081w88sss9wNACJ1xZ7iOo7EM22PBdc:xeF5HSIwHACRVS9P8
                                                                                                                                    MD5:589E1B764C0DC53BF645054960626AB1
                                                                                                                                    SHA1:A5616537CA4E4AD5EB0BEB48863AE65E9EA91080
                                                                                                                                    SHA-256:1C7FA94DE5E727852934387B6B0094ABC16F660C6C91B38FB3F5BC580CFBDC1F
                                                                                                                                    SHA-512:DFD6924DD7BAF7EB1B8D3CC862FD7FB4A311818EE5684C7A85E3106EAD0F3DAE2A79956AAD9B5404C88A1D2607CAD627D0EFD729E9A9C1C1425B907884FBD1D7
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...E..T...........!..................... ........... ....................... ............`.....................................K...................................h................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H......../..............p...u2..P ......................................d.G..n.y=.v..].....Y...wE...#.".q[...f..N....k.:sj.D...q.`6o.........A..zt..P.6.+..{8....(...'_L[...X....~..yr....Z>/..t.8..0............i...X.........o.............*..0...........u......-..(...+..*..0..$........u......,..*.u......-..s......s....*.0...........u......,..*.s....*..0..$........u......,..*.u......,..o....*.s....*B...o.....Yo ...*....0..<........o!.....E............+..........*..o".....*.

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Core.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):114456
                                                                                                                                    Entropy (8bit):6.181604614594013
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:K7wQ3bOK++uAeSgVSSGuZ7aOIUp7SvYh:3kneSrV67LxS
                                                                                                                                    MD5:20EAFE4DFB007D4321E8BAFC2F793A2E
                                                                                                                                    SHA1:86458208B3E56629D9FE722C8F32354495C78D7A
                                                                                                                                    SHA-256:FC483754462D2219E186A2C174E1CED3A5F30B648F04A3B0A7D1421E63569AF2
                                                                                                                                    SHA-512:371C8FB7D467C86A4415926C7C3DC80AD6453E4F796ACC97351665A2628515F3AB8B6B537852BDE467E0111104A2DB17F667047531C1EB78BB99BCB19E365BA6
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....2X.........." ..0..|............... ........... ...................................@.....................................O.......`................9..........|................................................ ............... ..H............text....z... ...|.................. ..`.rsrc...`............~..............@..@.reloc..............................@..B.......................H.......................D.................................................-.r...ps....z.~....~D...~C...s....o ...*..-.r...ps....z.-.r...ps....z..~D...~C...s....o ...*..-.r...ps....z.-.r...ps....z.-.r...ps....z...~C...s....o ...*..-.r...ps....z.-.r...ps....z.-.r-..ps....z..~D....s....o ...*...0..G........-.r...ps....z.-.r...ps....z.-.r...ps....z.-.r-..ps....z....s....o ...*..-.r...ps....z.-.rE..ps....z...(...+*..-.r...ps....z.~....~D...~C...s.....(...+*..-.r...ps....z.-.r...ps

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Interfaces.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):22808
                                                                                                                                    Entropy (8bit):6.498161703428732
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:fnj+rwTA4EnRteUcDGNMK6jzZBUcDG1BIXFhl:f8QrusDG6KglbDGc1h
                                                                                                                                    MD5:B80E8C6C63A953FC1258D28996B0CA8F
                                                                                                                                    SHA1:161C6845C2663B574D226FDF9BDE0F256D72DDD6
                                                                                                                                    SHA-256:ED6131702DF41A1C2C4AB1027614BC028C61D54C3261D7090D43838A79BD9266
                                                                                                                                    SHA-512:253834FBD6C121674B2AF71CB591E210563D18E29B8511FD854B25EEC52D5137DE66D03BBFD0B79AE7F4A2FFB8398CE7F68D99090F01F9A863E53EDEEC4F4F96
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....2X.........." ..0.............j4... ...@....... ...............................[....@..................................4..O....@..d............ ...9...`.......2............................................... ............... ..H............text...p.... ...................... ..`.rsrc...d....@......................@..@.reloc.......`......................@..B................L4......H.......X ......................`2........................................(....*BSJB............v4.0.30319......l.......#~......x...#Strings....h.......#US.l.......#GUID...|.......#Blob...........G..........3..........................................................................................L...q.L.........}.....V.....?.d.....d.....d...X.d.....d...'.d.....l...+.-...B.3...o.d.....d.....L.....3...u.3...l.3...v.3...&.3...|.3.....3.....3...G.......3.....3...:.3.....3.....3.

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Linq.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):709400
                                                                                                                                    Entropy (8bit):5.922616572201637
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:V4/MNoKcRFi2zQjaQteeYLe/gmJ3EOjvjDjg2RP2tbwPmSiCp1I9JIe3x1KL/O:NNP1te4ImRjvjDjjP2tb2u1U/
                                                                                                                                    MD5:0D6D6C6D42F1F44DFB52CC6DD2271CBC
                                                                                                                                    SHA1:752CEC0AE2CC65466E9497591ADB45578CF17939
                                                                                                                                    SHA-256:19926C7D879A18C6C42C4D3D4689CA51EE2BE7A096E5A49473B0E1DACC099092
                                                                                                                                    SHA-512:EA5498C8F4B9A35342DE48AF81CC4F89A0E54C04CCA20C5749EEDF50842D222DAF18597F6782331B6ADBAFD8E9615D3165D923A42EF197AEA37351075842D6D3
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....2X.........." ..0.............j.... ........... ...............................9....@.....................................O........................9.......................................................... ............... ..H............text...p.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................L.......H...........T..............x...`.........................................(-...*.~....-.r...p.....(....o/...s0........~....*.~....*.......*V(....rE..p~....o1...*V(....r...p~....o1...*V(....r...p~....o1...*V(....r...p~....o1...*V(....rC..p~....o1...*V(....ru..p~....o1...*V(....r...p~....o1...*V(....r...p~....o1...*V(....r'..p~....o1...*V(....r...p~....o1...*V(....r...p~....o1...*V(....r...p~....o1...*V(....r;..p~....o1...*V(....ry..p~....o1...*V(....r...p~....o1...*V(....r...p

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\System.Reactive.PlatformServices.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):38168
                                                                                                                                    Entropy (8bit):6.369747411116108
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:I6jYXUVtRwroMu/jU3m5BDPlwwDG6KgSDG9g1hg:TjYkZwroMu/jPTlRP
                                                                                                                                    MD5:14E9DBCA7A84AD21E47D89470AD4F941
                                                                                                                                    SHA1:5172083E9ECC81E3A7863E998585E6D6DA8ED7F3
                                                                                                                                    SHA-256:69C49BED7B60DA26A620F4584DDEED63A7B98AB5FFF08E3FB44B5A42AC5FC7E7
                                                                                                                                    SHA-512:74965AA925E5DFD015BAD9FEED4D686FC05F585C67B28564B23376D01540704AE705AF3D4B9EF4AF9332EEAA0D7839BF4BD19D9E9058EC16E5F0CAE29AE86DB2
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....2X.........." ..0..R...........p... ........... ....................................@.................................Pp..O....................\...9...........o............................................... ............... ..H............text....P... ...R.................. ..`.rsrc................T..............@..@.reloc...............Z..............@..B.................p......H........5..06...........l.......n........................................(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*V(....ru..p~....o....*:...(....s:...*..~....(....,.r...ps....z.~....(....,..sA...*..s>...*.sD...%.}......E...s.....(....&(....*2.(....( ...*.s2...*..*.sF...%.}....%.}......G...s!...s"...%.o#...o$...*V.~....(....,.~....*.*..~!...%-.&~ .....J...s%...%.!...(....*..0..k........(&....-.r...ps'...z..}.....((...o)...}.....s....}......s*...}.....s

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\System.Reactive.Windows.Threading.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):28440
                                                                                                                                    Entropy (8bit):6.428995894954221
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:tyoFKQWDpK4lanm96HwUcDGNMK6jJVUcDG1EaXFhhX:telfs2DG6KgdDGua1hhX
                                                                                                                                    MD5:0C3D968A8FA7B5E168BCA638B08D6340
                                                                                                                                    SHA1:F68E615CB7E862F182188B848F4CB3D2FA3F6C5A
                                                                                                                                    SHA-256:606543755DED5775922F6529409297673660CBE4F778C87E971264DE8B07F11B
                                                                                                                                    SHA-512:1748ED8F66CE388AC595B10C70B7E4B7BF187ECC83EE29887A1656F74E9156D0334CDC422873ECE7CBF4B441393888110E17ECBDDFDA84444F3653AAD88CB7ED
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....2X.........." ..0..,...........J... ...`....... ..............................G7....@..................................I..O....`...............6...9...........H............................................... ............... ..H............text....*... ...,.................. ..`.rsrc........`......................@..@.reloc...............4..............@..B.................I......H........&..............dF.......H........................................(....*.~....-.r...p.....(....o....s.........~....*.~....*.......*V(....rw..p~....o....*V(....r...p~....o....*..-.r...ps....z.-.r...ps....z..(...+*..-.r...ps....z.-.r...ps....z...(...+*..-.r...ps....z.-.r...ps....z..o.....o....(...+*..-.r...ps....z.-.r...ps....z..o....(...+*..-.r...ps....z.-.r...ps....z..o.....(...+*~.-.r...ps....z.(....o....(...+*..-.r...ps....z.(....o.....(...+*:...s....(...+*6..s....(

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\ThirdPartyLicenses.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):39363
                                                                                                                                    Entropy (8bit):4.838957163206206
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:V6dpRiGL4hHwROjEGYt8r/z2QqpeIIIbukM3IlLtog6l:V6dpRiGchZjSt85q1KkoINE
                                                                                                                                    MD5:C48A088E60C6F7ADFDEED8F8FF5AA52F
                                                                                                                                    SHA1:43E10D253DFE6138E42DDC6F29ABB223ACD3D622
                                                                                                                                    SHA-256:4BF1A146C7ED34EC495ADED3179CF20341BFB5A14D25420420977B8E7315BE77
                                                                                                                                    SHA-512:B18E97088F9626319E868971827B72C46A4FE8D2C4570B41E6815C5E5F46B47147EF1D8E538D2CEC712B3CF827B5ABADDE3415E98F4F6AC8541DE293C1363AEA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:apache-log4net (version 2.0.8)....======================================================================== ..Microsoft patterns & practices (http://microsoft.com/practices)..UNITY..======================================================================== ....Copyright (c) Microsoft. All rights reserved...Microsoft would like to thank its contributors, a list of whom are at ..http://aka.ms/entlib-contributors ....Licensed under the Apache License, Version 2.0 (the "License"); you may ..not use this file except in compliance with the License. You may obtain ..a copy of the License at ....http://www.apache.org/licenses/LICENSE-2.0 ....Unless required by applicable law or agreed to in writing, software ..distributed under the License is distributed on an "AS IS" BASIS, ..WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ..See the License for the specific language governing permissions and ..limitations under the License. ....------------------------------------------

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Transfer.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):40128
                                                                                                                                    Entropy (8bit):6.12820828061544
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:f9xRDK5e5wMGMwmfLsdVJKlLIxR2nKUeAU5whZLd7PQ2UpcPbMLE8ZbOHqZhHFQj:V8Pk+V8KUjxhZdh4q8k/RSQEfV1fq
                                                                                                                                    MD5:DF785580EFF6AF090C5F5C0126CFBF0E
                                                                                                                                    SHA1:F7A241AF00F431A25DE17822D7D15E08E6886089
                                                                                                                                    SHA-256:77859DE561048AC68D01ECC279065FD7FA3479AE6E3A80792086C7A9C1815B30
                                                                                                                                    SHA-512:D845106A7A53635A91BD272C669201B8E53F2DAB1C22977316BA9230FC2366513EFFFEE149E16DCEB06BA9A1B1ACDA49A67DEE4341CA43FF440F4DD79CAA1DE3
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..x..........v.... ........... ....................................`.................................$...O................................................................................... ............... ..H............text....w... ...x.................. ..`.rsrc................z..............@..@.reloc...............~..............@..B................X.......H........C...R...........................................................0...........(......}.....s....}.....s....}.....{...........s....o.....{...........s....o.....{...........s....o.....{...........s....o.....{...........s....o.....{...........s....o....*...0..J........(.....s ...}.....{...........s!...o"....{....#.....@.@o#....{.....o$....*...0..9.......s.......}J.....}G.....}H.....}I...(%..........s&...o'...*F.{....o(...(...+*^..o*...(....%-.&*((...*..0..8.........o*...(

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Update.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):75456
                                                                                                                                    Entropy (8bit):6.088656250914473
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:J+t45q+hXZq+wxi/hrEPb5cFn26DZQ6VHfY:J+epXw+wxi/h4b5Sp7VfY
                                                                                                                                    MD5:1697619B862CD386F2BA138D132D75CB
                                                                                                                                    SHA1:ED6864BC8628AC96DE4B8B47878F23F7D7331829
                                                                                                                                    SHA-256:69734D58041286DE43E28D5A0B0C5E535B48853D6A3442087ED3B0A28796854F
                                                                                                                                    SHA-512:60B0D6991DD7E329165A3D55C45EA2E0BA96D3371261BAA85628B5E6EAD15D4CD100B3571EF8AF9E8AEC26545B8C8E05D5F3CE5000B9E5FE7F63A206B317FD64
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.............j!... ...@....... ....................................`..................................!..O....@.......................`....................................................... ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................L!......H........M..D.............................................................{....*"..}....*..{....*"..}....*..(....*V.(......(......(....*..{....*"..}....*:.(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(......(......(......(.......(....*z......%..(.....%..(.....(....*.0..7..........1.u....%.,%.o.....(....(....,..o.....(....(....*.*.*"..(....*...(.......*..{....*"..}....*:.(......(....*"..}....*....0...........{.........'...o....*....0......

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Update.Custom.Loader.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):17592
                                                                                                                                    Entropy (8bit):6.32513424720969
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:P30tuJRfiCpO2P2EuMYZEWCxYWnfO+WiufedaaX:P30o11P1AEQEfhifKaO
                                                                                                                                    MD5:B3633B247507B8D24040F577ED2ADD17
                                                                                                                                    SHA1:25F1E76B9635C23B7BD60280FD17120F2EA9D8D0
                                                                                                                                    SHA-256:325A404C1FFC2F7538AD052A861456CA660D9FAC954563BD465BAB243EC63B06
                                                                                                                                    SHA-512:783CAA05A5D653FC660FCB21CE17C00EA1F59857827EE47CF36A976902638B1EE7F9026B27AF54C464267025443A090993ADCC6FAC84721CE88B130537C562CC
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.. ...........?... ...@....... ..............................Na....`..................................?..O....@...............(.......`......p>............................................... ............... ..H............text.... ... ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......&..............@..B.................?......H.......\%................................................................{....*"..}....*..{....*"..}....*2.{....o....*2.{....o....*.0...........{....,.r...ps....z..}......(.....(...........(....(....t......9......o....(....(.......o....~....%-.&~..........s....%.....(...+o.....+R.o........o....~....%-.&~..........s....%.....(...+,..-...(....t.....+.rO..ps....z.o ...-....,..o!......}...........~....r...p.(".....o#......*..*.........^....................0............}.......($

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Update.Custom.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):24760
                                                                                                                                    Entropy (8bit):6.171217779080715
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:B8WBDf6awZUKbPC6bfZ1YQhW2p7pWCxYWnfO+W8UufedaL:B8i7uUKNbLhW29pQEfhLfKaL
                                                                                                                                    MD5:B6CE383BD95F7BB4F66A018ECF77D7CA
                                                                                                                                    SHA1:4370FD646F52EAD0FB7B3614A94E371B2A668C4F
                                                                                                                                    SHA-256:AB545CA125D462799876FE4FEE4FCF39560E340D39E6C81C2EF455B6D94C3875
                                                                                                                                    SHA-512:6E43AC5D60B8B7F4B56347C30A1E7DAF2EDE9BA917CEBFDADAEF45733851DC05EECC6BC46E5427F95A43AE9B6FF37580094688A41D4A3D8278EC754B6936C1B6
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..<...........[... ...`....... ..............................6.....`.................................t[..O....`...............D..............<Z............................................... ............... ..H............text....;... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............B..............@..B.................[......H........*..p/............................................................{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*..{....*.0...........(.....(....}......}......}......%-.&r...ps....z}.......%-.&r...ps....z}.......}.......}.......}.......}.......%-.&r'..ps....z}.......}....*.0...........(.....-.r?..ps....z..o....}......o....}......o....}......o....}......o....}......o....}......o....}......o....}......o....}......o....}......o....}....*6..

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\UpdateClient.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):27320
                                                                                                                                    Entropy (8bit):6.1769148907664535
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:VRyvblAu7/9npQSvJ9rk2PAkyNwwtMONfYWCxYWnfO+Wlpufeda0oW:Kv+u7/9nWShBPArrGONgQEfhsgfKavW
                                                                                                                                    MD5:1B84C591D84987E818F9227398BEA1B4
                                                                                                                                    SHA1:604C0846F6CB48A78555610F71E58B36B5BB5EA1
                                                                                                                                    SHA-256:3F1F0104D78D53D6F4E1ACC2FAA55B18CE976926DE2B8C9C1A71CF9E570EDE1A
                                                                                                                                    SHA-512:BC06186401E53AF50156340FA62CF55A386858B2DCDBB2C3F515422DC04318E0CA068942062F604762E90CEA955AD30FEC6D95F549DF6B6FB7E99B680E411260
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..F...........d... ........... ...............................m....`.................................@d..O....................N...............c............................................... ............... ..H............text....D... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B................td......H........2...1...........................................................0..{............(....r...p(...........(....tI...(.....K...(....(......K....K...(....(....(..........%...(...+..........(....r...p(...........(....tI...(.....K...(....(......K....K...(....(....(..........%...(...+..........(....r...p(...........(....tI...(.....K...(....(......K....K...(....(....(..........%...(...+..........(....r...p(...........(....tI...(..........(....( .....!...(....tI...(".........%.

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Principal.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):43712
                                                                                                                                    Entropy (8bit):5.8153276868752375
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:4so4C8QX0yXzaxi4ZQv+UB8NHxrBDOKTQEfVqFfDF:44xUP+xiH+UCBDvTQ6V0fh
                                                                                                                                    MD5:0BD8A49BB30481307A619A9DD5BC52D7
                                                                                                                                    SHA1:B28E137FCFC85F654E1394C944DE4A7AE08ABFE8
                                                                                                                                    SHA-256:C23E1EB76B25E6DE2544A6FAE633E0A2E126793A462D05072580A9BDBAB96820
                                                                                                                                    SHA-512:7F110088CF376C4AE6A4EBF2E85137E216849047B3EB6FE592A200B8231E331E42C3B65666E2BF003D7C9C9075ABF4D700B9224F250B89DB63C76CBAF154A1CD
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.............F.... ........... ....................................`.....................................O.................................................................................... ............... ..H............text...l.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................(.......H........K...W...........................................................r...p*n.(....(....-..(....(....*.*.s....%r+..p.(....s....o....%r;..p.(....s....o....*..{....*"..}....*..{....*"..}....*^rQ..p.(.....(....(....*..(....*.r...p*n.(....(....-..(....(....*.*.s....%r+..p.(....s....o....%r;..p.(....s....o....*..{....*"..}....*..{....*"..}....*^rQ..p.(.....(....(....*.r...p*..(!...(....-&.(#...(....-..(%...(....-..('...(....*.*....0..^.......s....%r+..p.(!...s....o....%r;..p.(#

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Principal.dll.config

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):515
                                                                                                                                    Entropy (8bit):5.06886890621379
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:TMHdGzNFF7ap+5v5OXrL/2/n1FicYoKV7VirJyxm:2duPF7NhOXrT2/nP9kirP
                                                                                                                                    MD5:11582C6B4577A2F5EE23BD615D83ED23
                                                                                                                                    SHA1:B1F375FD21FDCCF57ED1E1D85164E58D9B8669C4
                                                                                                                                    SHA-256:97FAC6B22CE3E34442BD801AD92E81CBAD984D4739E4E6EC469500C99D6DD2B9
                                                                                                                                    SHA-512:06E89BCF3002DC5C97C9CADDAD75B8FEFA6C6CB637D6E9216D5A1341B39F80BBEA2DDD043279AF61916FC9E3AF679B66C8F4F585CE0D3D6F312BF74327AF730A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral"/>.. <bindingRedirect oldVersion="0.0.0.0-10.0.0.0" newVersion="10.0.0.0"/>.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/></startup></configuration>..

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\UpdateTelemetry.Proxy.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):19640
                                                                                                                                    Entropy (8bit):6.105671848692029
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:Irwrybd7rrbcBaunwPQWZpFWCxYWnfOhIWwufedaT:IMWx7r0HwBZpFQEfV2fKaT
                                                                                                                                    MD5:E2E68971B651D19DA06D870E2A18D84A
                                                                                                                                    SHA1:EDCC00585E7F407F6831DC1930BE5DCAF493D23A
                                                                                                                                    SHA-256:2267E724DE3CA4DBBE68707A4D4C17742278F43457D94910F0E1C1EFE726C942
                                                                                                                                    SHA-512:27A80F36A6F8C6D6D36627349E7E0EA8F892B48DD35F3F0A20831384C3D2AE273DDF63348EC67F350F75E829165743913A4BF0792B7F1B6033484D0CA3A0345B
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..(..........>G... ...`....... ...............................F....`..................................F..O....`...............0...............E............................................... ............... ..H............text...D'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc..............................@..B................ G......H.......@(..t............................................................~....*.......*..{....*Z~.....{....o....t&...*J~.....{.....o....*Z~.....{....o....t&...*J~.....{.....o....*Z~.....{....o....t&...*J~.....{.....o....*Z~.....{....o.....'...*^~.....{......'...o....*Z~.....{....o.....(...*..{....*z..}....~.....{.....o....o....*Z~.....{....o....t&...*J~.....{.....o....*.0..........(....o....r...p(....(....(....(....r=..po.........~....r...po.........~....r...po.........~....r

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\UserSettings.Configuration.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):29880
                                                                                                                                    Entropy (8bit):5.9310578296584
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:TtxUyH6DoCJYjv4lox+DL+WBPPjhgOlOHGE/WCxYWnfO+WEufedaPJ:ZxUE+Kj2oxUiiDOmQQEfh4fKax
                                                                                                                                    MD5:504015397414C21DE4A17E8C4E4A8657
                                                                                                                                    SHA1:CA51F2B0CE3CB9C0B9A494872B38DE6745FD1007
                                                                                                                                    SHA-256:8CFF0C81C9C66107C2B2517EF2512842D141C313740F5A808EB6719F4077F9DD
                                                                                                                                    SHA-512:DF1A5C93B126AD65EC9C94DBF37C1E85F2AAD9126808C0C23A8F1623F3116261F4C25B5DB3270550FDA864042908ADF65DB64E78C0C3C9B7A3926F437812A43A
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..N...........m... ........... ..............................^h....`..................................l..O.......D............X...............k............................................... ............... ..H............text....M... ...N.................. ..`.rsrc...D............P..............@..@.reloc...............V..............@..B.................l......H............<..........................................................zr...p(....,..*ra..p(....,..*.*..0..;.......(......E....................+.r...p*r...p*rY..p*r...ps....z..0..9.......(.......YE................+.r...p*r...p*ra..p*r...ps....z......(..........%.(.....s.....(....*F~.....r...po...+*F~.....r...po...+*V~....~....r...po...+*F~.....r...po...+*V~....~....r!..po...+*F~.....r!..po...+*.~....~6...%-.&~5.....O...s....%.6...r7..po...+*Z.....(.....(.........*.~....s....

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\Verification.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):20664
                                                                                                                                    Entropy (8bit):6.336545142863647
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:SWVp5yQ5NWzXpnPNynJzWCxYWnfO+WjufedaY:tV7F2CnJzQEfh7fKaY
                                                                                                                                    MD5:1C056D91A30B98789F6334843E31B0DD
                                                                                                                                    SHA1:84C5387C6D7213BF15B0D718CEA04ACBF5CAC2E2
                                                                                                                                    SHA-256:41AFFA100053D61042AF43ED164BDAD276DDC1EF907EF01EC10D763883BC0617
                                                                                                                                    SHA-512:19AAFEB7AE672A98339A165827F5F9C8803583DEB514614F79260CA04BCC51E88BEE9695F6994A3B85FC0D095394784C6D01EE900D9388BC16E42DA09ADB564A
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..,...........K... ...`....... ..............................6.....`.................................@K..O....`...............4...............J............................................... ............... ..H............text....+... ...,.................. ..`.rsrc........`......................@..@.reloc...............2..............@..B................tK......H........*..P.............................................................(.....-.r...ps....z.(....-.r...p.(....s....z..}....*...0..........s......{....s..........(....rO..p(...........(....(..........%...(...+...........(....}......~....} .....~....}!.....s"...............}#......}$......}%......}&.....~....}'.......((...o).......s*...(+...,?.....(....rO..p(.......,...(....(..........%...(...+..s-.....+..s....................~....}/.....~....}0......}1......}2......}3......(

                                                                                                                                    C:\Program Files (x86)\Dell\UpdateService\log4net.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):276480
                                                                                                                                    Entropy (8bit):5.770362644549105
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:mT7imnjgXkU4PhLMmgCFZySx5BWd3G2aQ+kLTIMgKmDkP+2JXa+9Ed:mymnsXkU4PhLMmgCFZySx5v2aQ+kLTIm
                                                                                                                                    MD5:F64B733EAE44C8C66217386D5A0F2BF0
                                                                                                                                    SHA1:92683E4FB8D3C7A544DCE21E12F24DCC8B600E9C
                                                                                                                                    SHA-256:AF5610C515D2244DB98C662636264C8177E89B1AFE407F88FD18A41D66F6E7E2
                                                                                                                                    SHA-512:74AAE11529AB5EFDBE4C6F7232BA4C24EEF570B3BBFEA94657940450B34F61503C36DFC560E252F35352BB3D8F54A7A317C9E52AD0B60B9BB666B0DD4913B40F
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L.X...........!.................L... ...`....... ...............................N....@.................................4L..W....`...............................J............................................... ............... ..H............text....,... ...................... ..`.rsrc........`.......0..............@..@.reloc...............6..............@..B................pL......H............y..............-..P .......................................~.....u..}....%YU..@...3.Ea\.P.2...r. .X.%.......i....A.R.7_Fx..6[......y.^b.w5........P.5T.....d...s.vo.......g+....;.6.R>.v.(0.....(1...o2...s....}....*...0..7........{....-%~....r...p.{....r9..p(3...(.....(.......(4....*.........//........{....*"..}....*..{....*....0..4..........%...(5....-.~....r?..p(....+...}.......,..(6....*........')........{....*..{....*"..}....*.*..{....*"..}....*.0..........

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\App.Core.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):41656
                                                                                                                                    Entropy (8bit):5.9814249554900485
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:PIhuqL46sdu5s+KCYPR3bXPfB3EqL0QEfhGfKa9A:07fYPJbXWY0Q6hXa9A
                                                                                                                                    MD5:1A406E682E4D7D0C4F1279BDCEB9F370
                                                                                                                                    SHA1:B346BFA41384C7C5BA66894CFFEF4DEC27E3F206
                                                                                                                                    SHA-256:B8B97A626C910EC08910D4398A671778824D492E6019F54FDB792674EB11105C
                                                                                                                                    SHA-512:22977564D732A07DA29F89CFC4723A0D045143072A16ED9381B0FA9DCF56F67CD491FB3F499BDD02A2C2B573F0905C700A27598EEE022762C51DE6FF654C8C9A
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(............" ..0..~..........v.... ........... ..............................6.....`.................................$...O...................................x...8............................................ ............... ..H............text...|}... ...~.................. ..`.rsrc...............................@..@.reloc..............................@..B................X.......H.......P<..(`...........................................................(....*.(....(....*..0..........(....~(...%-.&~'.....r...s....%.(...(...+.(.....~)...%-.&~'.....s...s....%.)...~*...%-.&~'.....t...s....%.*...~+...%-.&~'.....u...s....%.+...(...+(....*.0..C..........o.....+".o......o....-..o...........3......o....-....,..o .....*..........7.......(....*.(....(....*..0..........(....~,...%-.&~'.....v...s....%.,...(...+.(.....~-...%-.&~'.....w...s....%.-...~....%-.&~'.....x

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\Configuration.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):50872
                                                                                                                                    Entropy (8bit):6.073056850091491
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:dc6BcTWGwFUQoQFqtsip90OmMsrnmwNarQ6VVcfou:d4GUfQFq1irfD8dIfX
                                                                                                                                    MD5:43604ED1DF009E176FA6F6468A3A856F
                                                                                                                                    SHA1:E3B166544B4D8CB9B8BF1EFAF562355107843630
                                                                                                                                    SHA-256:2840A8E05A732FB66284B508ED4480E5017C300F7A3FED76D4188010152D7112
                                                                                                                                    SHA-512:8CD7BDA3D7949A1AB817B8DA96C17DE5C8BC7837835C6FB97045BD446FC2C4DA4B39C16D9C6F04892D7E5C92E5E82203A57C12D82AEB701AA8044E39B3BD91B4
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.................. ........... ....................... ............`.....................................O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......xY...e...........................................................0..]........{....%-S&..{....~3...%-.&~2.........s....%.3...~4...%-.&~2.........s....%.4...(...+%.}.....*....0...........{....%-x&..{....(....o....~5...%-.&~2.........s....%.5...(...+.......s!...(...+~6...%-.&~2.........s"...%.6...(...+(...+%.}.....*...0..]........{....%-S&..(....~7...%-.&~2.........s%...%.7...~8...%-.&~2.........s&...%.8...(...+%.}.....*....0...........('.....}......}......(....o(...~9..

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\Configuration.RemoteStorage.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):12992
                                                                                                                                    Entropy (8bit):6.243689643515718
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:SHDJ/OdcvkMIWcvmGI66OIWqw7LOawAqIW9WO26HLm6ESkmAA1zYJzqtev:SH9/OCv2WCxYWnfOaWMPXikft
                                                                                                                                    MD5:C87EC0C5AA1AF649840152065A18ED04
                                                                                                                                    SHA1:9CE0A479D4832AEDDEBC718BED48AEA6A7BB9A5A
                                                                                                                                    SHA-256:5DD13856B665EF55441C3197345C265C14A7BFDA288F32F70BB8BCD75533635F
                                                                                                                                    SHA-512:381727885E5CEB963BED93ADA4FCE484A5B3426700C523665DF2D5309D0193AA606DB0A348B7EEEF3AB02AECABAF0AC4C0980062276FF4B068040430F8914707
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..............+... ...@....... ..............................L.....`.................................X+..O....@..T....................`...... *............................................... ............... ..H............text........ ...................... ..`.rsrc...T....@......................@..@.reloc.......`......................@..B.................+......H.......0!...............................................................*b..(.....r...p(....}....*..0..%........{......o...+....o........,..o......*....................0..$........{......o...+.....o.......,..o.....*.................0.."........{......o...+...o.......,..o.....*..................BSJB............v4.0.30319......l.......#~......<...#Strings....X...(...#US.........#GUID.......`...#Blob...........W..........3......................................................=.

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\FrameworkCore.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):415936
                                                                                                                                    Entropy (8bit):6.001891430796472
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:2y2kE44W5p20f/RCTArlf1ll0zCiCpppspsp56ytlW8VO+54+U04ENy9xKfT:264W5p5f/g+1byS68o+U0POYL
                                                                                                                                    MD5:A009ED608DE9947F3CF8814975316AA6
                                                                                                                                    SHA1:86393C0974BDD9ACC902E0BC0672CE3C13885602
                                                                                                                                    SHA-256:547236014AEF5B75D27F194EE9DFB851EEB2A5A26FA435153C4C8B37E693454B
                                                                                                                                    SHA-512:C4E5987F70B040C17C3FE50A78727978255A6C68B820E128C55262BEED6798670F9E7CAC8225B711EF40CC340017BE66D2345073BD5565FC353636D45AE94E26
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..4...........O... ...`....... ....................................`.................................4O..O....`...............<...............M............................................... ............... ..H............text....3... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............:..............@..B................hO......H.......h....[............................................................{6...*..{7...*V.(8.....}6.....}7...*...0..;........u......,/(9....{6....{6...o:...,.(;....{7....{7...o<...*.*. y.0. )UU.Z(9....{6...o=...X )UU.Z(;....{7...o>...X*.0...........r...p......%..{6....................-.q.............-.&.+.......o?....%..{7....................-.q.............-.&.+.......o?....(@...*.0..Z.......~..........(A...sB.....oC...#.....@.@Z.#......&@.oC...#......(@ZX...(.........,..(D.

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\GUI.Core.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):102592
                                                                                                                                    Entropy (8bit):6.018387410309827
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:Q/B5uctoL/jPp2meibp9aT6AzPKfShaOxuvDW0XQ6V6f/s:y5uVPsmfp9e6jCPsy0psf/s
                                                                                                                                    MD5:D8CF08A790118B37489AF295E3FEAFDC
                                                                                                                                    SHA1:495B2C5687E504345E47B30D19258B67B582EA05
                                                                                                                                    SHA-256:D76A04CF0A2126EE6612612B3D608A417AC8B3B74D0932633E6467583C738276
                                                                                                                                    SHA-512:D9B7093DAF30DF092ADFA5E145BB023DFDAC81E48A009DC61D3CA92510299C42D990C448E2ACF11CEFF670861400950A317BBA8C2EBEA7E64FECECDC56AE6CEB
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..l..........b.... ........... ...............................u....`.....................................O....................t.............................................................. ............... ..H............text...hj... ...l.................. ..`.rsrc................n..............@..@.reloc...............r..............@..B................D.......H........}...............s..X............................................s....(....*..u....,..u.....o....*.u....,..u.....o ...*..0..&........u......,....o!...*.u......,....o"...*...0..&........u......,....o#...*.u......,....o$...*..{....*"..}....*>.{....o.......*..0..9........('.....(%.....(+.....,..o&...-..,..o'...-..,..o&...*.*.*....0...........((....(....-..s....+.(....}......{....o....(....}.....(.....{...........s)...o.....{...........s*...o.....{...........s+...o.....{.

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\Interop.COMAdmin.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):35000
                                                                                                                                    Entropy (8bit):6.186057143426072
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:IQmpTh4ppZdnsw5k7T1NNKgAsGbpXQEfhifKas:IQLjns3P1NNKgAsGbpXQ6hzas
                                                                                                                                    MD5:B4F22C0AAC1BA554510E33CEEEA91582
                                                                                                                                    SHA1:FCB040BC0B1D513127D93E1408D87B5BD21BAC29
                                                                                                                                    SHA-256:EB2404451110C329CAC3AE28D31FBD38DA0A749CDA8CBBDB962124AD112669C3
                                                                                                                                    SHA-512:E08BD9CC752AC4CCC2D2FDBA5994D8940530A5DC2DF9292CA58D4BDEF992879C1223E658A5E73602D347F29F357FC949294129F063F8C20E8F640977821A4171
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#..]...........!.....d............... ........@.. ..............................v.....@.....................................W.......x............l............................................................... ............... ..H............text....b... ...d.................. ..`.rsrc...x............f..............@..@.reloc...............j..............@..B........................H.......P ..Ta..........................................................BSJB............v4.0.30319......l.......#~.../...(..#Strings.....X......#US..X......#GUID....X..<...#Blob...........W?........%3........................S...................0.......(...*...P..............(..............!./...N./...c.....h./...y./...../............................./...............#./...@./.................................(.......;.....8.......;.....J.......t.....[...%.........i.............

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\Interop.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):28352
                                                                                                                                    Entropy (8bit):6.289242604323562
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:blONTTyooUpjah5/xjrI/wFSzK5vU0v1imc6lgFtYH2SjdhWCxYWnfOaWVXikfJd:blO9GjG/gS2B3vgpFtSjdhQEfVgfr
                                                                                                                                    MD5:516B23B7168E0ADA4FA9F45B0886802D
                                                                                                                                    SHA1:861BC007F33767E0F2959126323EBBD6A1118D1C
                                                                                                                                    SHA-256:6D4D465C0171C44E14E2C97C74EF26BFC2A555CFCC6E6D877DBEAFDB23B78E09
                                                                                                                                    SHA-512:1A1F1222056B876925B754269D992013156D8AA19A823603348A823A4DF4EB4C9F800D55F294080744FD486A9EDE9133998721E69B2E7E41BEE6ABAFEE5E59FF
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..J..........>i... ........... ....................................`..................................h..O....................R...............g............................................... ............... ..H............text...DI... ...J.................. ..`.rsrc................L..............@..@.reloc...............P..............@..B................ i......H.......p!..DF...........................................................0...........s.................................r...ps.........rK..ps.........r...ps.........r...ps.........r)..ps.........rs..ps.........r...ps.........r...ps.........rQ..ps.........r...ps.........r...ps.........*....0..4........... .....(....&.{j......r/..p.{j........(....(....*..(....*BSJB............v4.0.30319......l.......#~..t...L%..#Strings.....;..h...#US.(?......#GUID...8?......#Blob...........W=..

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\Logger.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):48312
                                                                                                                                    Entropy (8bit):5.938719237949246
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:OR9SeWOYdo1NS9bnm4MaOk6i1Sh1+fUpWuqRGOH1QEfhQfKaLQ:Y9SeWOImBaONWRGG1Q6hFaLQ
                                                                                                                                    MD5:BF212656F88D004A5485CF7E69806944
                                                                                                                                    SHA1:DDA5D827243F416A9D605B186FFB3A62A07038C5
                                                                                                                                    SHA-256:A0AFA9402970C0D06244DD56B89D13EE291C3FA99FAFBA0BF005393E9B1A048E
                                                                                                                                    SHA-512:D18B8C77CEDC52C0F8FECC1F62C91CE56247793D954E9913BE48385C5365FA81C687F1C171522582745A96C86C682A8AFBB73E05B7E705B1A00CC896EA9605C1
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.................. ........... ...............................Y....`.....................................O...................................p................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......`P...e..........................................................F.{....o....o....*2.{....o....*2.{....o....*2.{....o....*2.{....o....*2.{....o....*:.(......}....*^.{....o.....o....o....*..{....o.........(.....o......o ...*..{....o.........(.....o......o ...*^.{....o.....o8...o!...*6.{.....o"...*:.{......o#...*6.{.....o$...*:.{......o%...*6.{.....o&...*:.{......o'...*6.{.....o(...*:.{......o)...*6.{.....o*...*:.{......o+...*f.s,...}.....(......}....*..{.....o-....{....

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\Scheduler.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):28864
                                                                                                                                    Entropy (8bit):6.054885250572881
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:uX89dWaWfWyrdyYP7z2wvLk1oQEfVS4fRb:uX3d5u/oQ6VS4fZ
                                                                                                                                    MD5:0EE6E11A898DBF1BC9E843E2C2447B4D
                                                                                                                                    SHA1:045DD0F0A7FB15E2E6C32260EDF42BEBCB8348C2
                                                                                                                                    SHA-256:A3AAB9EA58648689C11B3DBC0FA2C2723D3E60562ADDD821AC16D473DBA41BDF
                                                                                                                                    SHA-512:AA3814F57D718CF2AC61A2D2F988F724B3F0858EDA0ACB15583CFF7437D3AC272A4F6CFC7692F4B3855C72FE96C55E13CFC84FBBD2CA2D86B13A89B904826CB9
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..L...........k... ........... ..............................[(....`..................................k..O....................T..............Pj............................................... ............... ..H............text....K... ...L.................. ..`.rsrc................N..............@..@.reloc...............R..............@..B.................k......H........8...1..........................................................V.(......(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..0..&........( ...-..($......(.......(....*.{....*...0..x........( ...-h..($......(.......(.....($......(.......(.....($......(.......(......(......(......(....s....s....(%...*..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*...0..........

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\Serialize.Linq.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):58880
                                                                                                                                    Entropy (8bit):5.825723955569168
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:8LMCy1B/EySFJnt9vpvYFv7FJXggrCJzQ5hZryDbsGA:8ACynsySFtdWZJv5hVfGA
                                                                                                                                    MD5:F4F377FC8EF4E0459ADD01CB0C5838F4
                                                                                                                                    SHA1:47DFC170B55E22170B1A2AC8A1A97966A0A591AA
                                                                                                                                    SHA-256:D2DC91DB0767CBBC6D61099C1F4F88BF29186B812923E5E8322023CF5DD4F93B
                                                                                                                                    SHA-512:DE62320A15F67957B703ECC4AF64547A0340A2405BBA05DAD225351D8DD957B2CADF93C96B13B856C72492F05F1DB389F129B833FCDD248E6DAF7832A2DFF547
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Y...........!..................... ........... .......................@............`.....................................K.......8.................... ......x................................................ ............... ..H............text........ ...................... ..`.rsrc...8...........................@..@.reloc....... ......................@..B........................H........c.............................................................."..(....*&...(....*Z..(......(......(....*..{....*"..}....*..{....*"..}....*.0..6.......r...p.........(........o........(........(......(....*v.(.....s....}.....s....}....*..{....*"..}....*....0...........(....-..........*.<s....*..(....*..{O...o.....{N...oZ....{O...oD...(....*...0..f.......s.......}O.....}N....{O...-.ro..ps....z.{O...o....oV...(.....{O...oD...(......{............s....o....*...0..L.......

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\ServiceShell.Configuration.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):32952
                                                                                                                                    Entropy (8bit):5.845394813352563
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:9YJY1kCe73etTlTMWFjQ0RquQEfhoUDfKaX:9YJilTM2Q0AuQ6hxeaX
                                                                                                                                    MD5:F570387FBB827AA975E25A16EBDC61BA
                                                                                                                                    SHA1:58F81252F2A527D45AB920689B680CACF8A0A669
                                                                                                                                    SHA-256:24E21BF760F578F8BE71B1F33D5875FC72A8EA4BE13539EAE498223A0FF41A2F
                                                                                                                                    SHA-512:3D29207808B5C827253BA1BBFB3F9C646B3ED968EFF26EE701067F035F7D11B43C4307C2BC6ED5DC6B8F1F7C0D5B43EC03127FCEC058F21ECA692F362B99C811
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..Z...........y... ........... ....................................`..................................y..O....................d..............`x............................................... ............... ..H............text....Y... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B.................y......H....... 2..@F...........................................................0..Z.......(......E....................+*..(....-1(.....+)(.....+!..(....-.(.....+.r...pr#..ps....z.*...0..*.................o....r_..p(....(....s.....s....*.rg..pr...p(....(....s.....s....*.('...(....*..0..x.......({...(.....(}...(.....(....(.....(....(......(....-?.(....-7..(....,..(....,......s....Q.*....(....,.......s....Q.*..Q.*.((...(....*.0..C.........6.....+.r...pr...p.s.....s....*r...pr...p.s...

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\ServiceShell.ContinualService.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):12472
                                                                                                                                    Entropy (8bit):6.163790615133606
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:MFuAjDGHeSrorecMIWcvmGI66OIWqw7LOawAeIWCwUe6nfhLU66aRozYJzdWoB1:MoAjDGHedreOWCxYWnfO+Wfufedaz
                                                                                                                                    MD5:33DA1B461C649D40F81BB368BA7D5ED6
                                                                                                                                    SHA1:7FC60BD41FBE5DAD7F1C0058CD1ED99D67CB777B
                                                                                                                                    SHA-256:AD0E0584CF91868171C13792BDAF478FE9118BBDD05DBBFBF8C1628197144E98
                                                                                                                                    SHA-512:873DD4C593587EE68A8D5366FC190A41A4F98C5C8EFEBF736B5878BC5FC5608101F5A5EB3F80BCB43F8050CDECB006A498BDA1176A5CA07A633FEE458D8D4B14
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.............b(... ...@....... ..............................]8....`..................................(..O....@..$....................`.......&............................................... ............... ..H............text...h.... ...................... ..`.rsrc...$....@......................@..@.reloc.......`......................@..B................D(......H.......P ..............................................................BSJB............v4.0.30319......l.......#~..\.......#Strings....P.......#US.T.......#GUID...d...$...#Blob...........G..........3....................................................F...........z.q...........Y...).Y.....Y.....Y...f.Y.....Y.....Y.........l.......Y.....................5.......................B...............7.#...........-.#.............#.............G...........G...........G...k.....k.....k.

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\ServiceShell.Core.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):75448
                                                                                                                                    Entropy (8bit):5.9732253601507646
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:hg1tW/OJL9s8+MXxMAee8t2gieogRuT6WptzmZcuhJV/McQ6h7za3:hgTAOw8+BALXOogm6WptqmunKis3
                                                                                                                                    MD5:E9443199C51C7EA0FB117C30454869A0
                                                                                                                                    SHA1:C6BD5ACAA5D0905A6AFE3A938CC2ACF4BBCE91CE
                                                                                                                                    SHA-256:0755B6A5F1A4F501A2DE36ADA8DEBF112088ED04C0F567778F6BC191BF3C38E1
                                                                                                                                    SHA-512:6BD3EF576A409847411D8DC667FA42C1BB8A42BECEE83B628AD26A1C2F2B22A7A5AA06FC64EB3C15C69639A8762CABE06CF6B79286A76D3E87B419223747C4BE
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.................. ... ....... .......................`......g.....`.....................................O.... .......................@......x................................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......<h..<.............................................................{....*"..}....*..{....*"..}....*2.{....o....*2.{....o....*..*..0...........-.r...ps....z.~....(....,.r...pr...ps....z.{....,.re..ps....z..}......(.....(...........(....(....t......99.....o....( ...(.....o!...~{...%-.&~z.....&...s"...%.{...(...+o$....8.....o%.....o&.....s'............+(...........((...,.......s....o)......X.......i2...o*....1..{.......o+...s....o,.....~|...%-.&~z.....'...s"...%.|...(...+

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\ServiceShell.Notifications.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):20152
                                                                                                                                    Entropy (8bit):6.011932258729717
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:dKHmZ5Ei0mKJcqfyJV2YPe5RIvvxZa3e8fR67vWCxYWnfO+W0VufedaYX2r0:xPEi0mKJfV7MZK4rQEfhlkfKaYX24
                                                                                                                                    MD5:5B70ED8680499580ACF675815B5DA531
                                                                                                                                    SHA1:093C6D1E7EA668CDE204B62B53E3CBC96026F696
                                                                                                                                    SHA-256:5625832499D50F87F58D00E9A62E000F0FE47068B7C94E86CBD4231883F81F12
                                                                                                                                    SHA-512:2E28B28CF52453957DDB00E76C84837D45B70D958F6F3254296A6CBA2A39FDC5B7AAB054C9CCD0E2B2557CF594772CD8ABEF754BF6C879ED28A30EAC011EC496
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..(...........G... ...`....... ..............................l.....`..................................G..O....`...............2..............XF............................................... ............... ..H............text....'... ...(.................. ..`.rsrc........`.......*..............@..@.reloc...............0..............@..B.................G......H........'..\...........................................................B(....r...p(....*Br...p(....(....*.r/..p*....0..........~....rI..p......(....o.......(....,?.o....(....-..o............o....(....+.r...p........o....(.....~....r...p.-.r...p+.r...p(....o.....*f.(....,..(....,..(....*.*r..(....,..*~....r...po.....*..-..+..(....(....-..*~....r?..po.....*...0..J........-..+..(.....(....,..*~....r...po.....(....r...p(....,..*~....r...po.....*...0..........(.......YE..........

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\ServiceShell.ServiceModel.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):13504
                                                                                                                                    Entropy (8bit):6.155105918214394
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:eOCasMMTVeOB7WsWCxYWnfOaWjXikfDr0:QaPMcONdQEfVGfk
                                                                                                                                    MD5:71516E137BA1F7151326A71659D1DB00
                                                                                                                                    SHA1:DBE8BE782722321D1EB93D30303541D5A1378701
                                                                                                                                    SHA-256:1F0487E6041F3AE603E3D523201CBC4F3353FBD1ED7AEEE2543E226D1A8D8D3F
                                                                                                                                    SHA-512:FE27309A151644F49773FA0C4E5908A4BBD1AFE87DEA3638C34FFDD949850921F3D4AC208C3D6E73AD7DF142DAB1836CECFE343796AC87E7AC1334BE44E6E5C1
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.............b,... ...@....... ...............................>....`..................................,..O....@..D....................`.......*............................................... ............... ..H............text...h.... ...................... ..`.rsrc...D....@......................@..@.reloc.......`......................@..B................D,......H........!................................................................{....*:.(......}....*N.(......o....}....*..0.._...........Q.(....(....o.....+1.o......,'.u....%.-..u....%..,.+.......s....Q+....o....-....,..o......*.........=S........{....*:.(......}....*.BSJB............v4.0.30319......l...(...#~..........#Strings............#US. .......#GUID...0.......#Blob...........W..........3........................................................................................

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\Storage.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):12984
                                                                                                                                    Entropy (8bit):6.352110686000017
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:Dc4T9bOIpi7L/ZWMIWcvmGI66OIWqw7LOawAeIWlx6nfhLU66aRozYJzdBE5h:F9bOI8xcWCxYWnfO+WLufedaeh
                                                                                                                                    MD5:C870B05B492AC4620651AB2430969B41
                                                                                                                                    SHA1:5B61CDF60D380BBC410DA97E2C6DA1EF45336526
                                                                                                                                    SHA-256:26072D1FFCDC5A2AB33D650AB24C6241CD16BCCF87C1821CA132CDC9A4DECE9F
                                                                                                                                    SHA-512:9B5B85318F3971097749DB78A572C762749A3B6B054E725D0D5803E5025EBFD99377A77805DB046DC1AF6D479F2DA190D09A3421866A46F3F9214DA07F09CA60
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.............v-... ...@....... ..............................._....`.................................$-..O....@.......................`.......+............................................... ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................X-......H.......P ..............................................................BSJB............v4.0.30319......l.......#~..@.......#Strings....8.......#US.<.......#GUID...L...P...#Blob...........W..........3....................................".........................y...F.y.....G...........'...^.'...?.'...-.'.....'.....'.....'.....Z.....Z...".'...................................................{.......................d...........M.d........!..;.d.Y.........Q.V.x.T.V.9.T.V...T.V...

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\System.Reactive.Core.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):114456
                                                                                                                                    Entropy (8bit):6.181604614594013
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:K7wQ3bOK++uAeSgVSSGuZ7aOIUp7SvYh:3kneSrV67LxS
                                                                                                                                    MD5:20EAFE4DFB007D4321E8BAFC2F793A2E
                                                                                                                                    SHA1:86458208B3E56629D9FE722C8F32354495C78D7A
                                                                                                                                    SHA-256:FC483754462D2219E186A2C174E1CED3A5F30B648F04A3B0A7D1421E63569AF2
                                                                                                                                    SHA-512:371C8FB7D467C86A4415926C7C3DC80AD6453E4F796ACC97351665A2628515F3AB8B6B537852BDE467E0111104A2DB17F667047531C1EB78BB99BCB19E365BA6
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 2%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....2X.........." ..0..|............... ........... ...................................@.....................................O.......`................9..........|................................................ ............... ..H............text....z... ...|.................. ..`.rsrc...`............~..............@..@.reloc..............................@..B.......................H.......................D.................................................-.r...ps....z.~....~D...~C...s....o ...*..-.r...ps....z.-.r...ps....z..~D...~C...s....o ...*..-.r...ps....z.-.r...ps....z.-.r...ps....z...~C...s....o ...*..-.r...ps....z.-.r...ps....z.-.r-..ps....z..~D....s....o ...*...0..G........-.r...ps....z.-.r...ps....z.-.r...ps....z.-.r-..ps....z....s....o ...*..-.r...ps....z.-.rE..ps....z...(...+*..-.r...ps....z.~....~D...~C...s.....(...+*..-.r...ps....z.-.r...ps

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\System.Reactive.Interfaces.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):22808
                                                                                                                                    Entropy (8bit):6.498161703428732
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:fnj+rwTA4EnRteUcDGNMK6jzZBUcDG1BIXFhl:f8QrusDG6KglbDGc1h
                                                                                                                                    MD5:B80E8C6C63A953FC1258D28996B0CA8F
                                                                                                                                    SHA1:161C6845C2663B574D226FDF9BDE0F256D72DDD6
                                                                                                                                    SHA-256:ED6131702DF41A1C2C4AB1027614BC028C61D54C3261D7090D43838A79BD9266
                                                                                                                                    SHA-512:253834FBD6C121674B2AF71CB591E210563D18E29B8511FD854B25EEC52D5137DE66D03BBFD0B79AE7F4A2FFB8398CE7F68D99090F01F9A863E53EDEEC4F4F96
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....2X.........." ..0.............j4... ...@....... ...............................[....@..................................4..O....@..d............ ...9...`.......2............................................... ............... ..H............text...p.... ...................... ..`.rsrc...d....@......................@..@.reloc.......`......................@..B................L4......H.......X ......................`2........................................(....*BSJB............v4.0.30319......l.......#~......x...#Strings....h.......#US.l.......#GUID...|.......#Blob...........G..........3..........................................................................................L...q.L.........}.....V.....?.d.....d.....d...X.d.....d...'.d.....l...+.-...B.3...o.d.....d.....L.....3...u.3...l.3...v.3...&.3...|.3.....3.....3...G.......3.....3...:.3.....3.....3.

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\Update.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):75456
                                                                                                                                    Entropy (8bit):6.0883417295974285
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:E+t45q+hXZq+wxi/hrEPb5cFh2XGjQ6NdfT:E+epXw+wxi/h4b5AlF/fT
                                                                                                                                    MD5:9EBF73EB38D8B103AEFAD9C050B997C6
                                                                                                                                    SHA1:E3BD1FB03B8C2ED008D42EA55B78CAD47709A94E
                                                                                                                                    SHA-256:BABB4046DEDDEFC1E95396FEA4738096B3DF789685A2AC664F56E6AD8AC9DA7A
                                                                                                                                    SHA-512:A324F7D240127B1730783ADFEEE4AD21552AF6753363C2F7F2E34867E1D7C41F014240065DB47FC0A11C64D635A537549C2785B3FA8109320EA101CC4561CD9C
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.............j!... ...@....... ....................................`..................................!..O....@.......................`....................................................... ............... ..H............text...p.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................L!......H........M..D.............................................................{....*"..}....*..{....*"..}....*..(....*V.(......(......(....*..{....*"..}....*:.(......(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(......(......(......(.......(....*z......%..(.....%..(.....(....*.0..7..........1.u....%.,%.o.....(....(....,..o.....(....(....*.*.*"..(....*...(.......*..{....*"..}....*:.(......(....*"..}....*....0...........{.........'...o....*....0......

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\UpdateClient.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):27320
                                                                                                                                    Entropy (8bit):6.1770133364038555
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:eRyvblAu7/9npQOvJ9rk2PAkyNJwtMOgf/WCxYWnfO+W7PXufedaq:Nv+u7/9nWOhBPAr2GOgHQEfh2WfKaq
                                                                                                                                    MD5:4F15C58E61D2B0CD22552CDB0EE26D24
                                                                                                                                    SHA1:34AD40121B9F27D1127FE05A1244ACBC95FC4EF2
                                                                                                                                    SHA-256:63E33D4AFAA41F2941362B1A85D32D56CB10579F6584F2277DA94435716CF242
                                                                                                                                    SHA-512:E19129E832731FE8E30C97829B0FE533EBDF6EFF8258FCD286EB470860E51FE8807012CD545F0B6B5E115FFC44403685603CEBDF0EA4E4B5566DA609ED5F26BB
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..F...........d... ........... ..............................).....`.................................@d..O....................N...............c............................................... ............... ..H............text....D... ...F.................. ..`.rsrc................H..............@..@.reloc...............L..............@..B................td......H........2...1...........................................................0..{............(....r...p(...........(....tI...(.....K...(....(......K....K...(....(....(..........%...(...+..........(....r...p(...........(....tI...(.....K...(....(......K....K...(....(....(..........%...(...+..........(....r...p(...........(....tI...(.....K...(....(......K....K...(....(....(..........%...(...+..........(....r...p(...........(....tI...(..........(....( .....!...(....tI...(".........%.

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\UserSettings.Configuration.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):29888
                                                                                                                                    Entropy (8bit):5.930867754956095
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:utxUyH6DoCJYjv4lUx+DL+WBPPjhgOtOptE0WCxYWnfOaWFBXikfI:GxUE+Kj2UxUiivOT7QEfV6fI
                                                                                                                                    MD5:2D3A690803DCEB2A399FE77B01B1CBDD
                                                                                                                                    SHA1:2188A7242BC5F63FC997E8198E008035A52962B9
                                                                                                                                    SHA-256:A873E3E3BAC8619E9F14D4B2F5B8E42A7FC455987FD6ECB9435347BFFDB62BA6
                                                                                                                                    SHA-512:474FFA60B18206B1A33A15AF210FB13BF0A1F25C9B54B32A0A686CD5E5FC42AED65FBD0163485FBF29B836FD9D92982B76DC0FAD7E9021C073E82B1D8D120FD8
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..N...........m... ........... ..............................+B....`..................................l..O.......D............X...............k............................................... ............... ..H............text....M... ...N.................. ..`.rsrc...D............P..............@..@.reloc...............V..............@..B.................l......H............<..........................................................zr...p(....,..*ra..p(....,..*.*..0..;.......(......E....................+.r...p*r...p*rY..p*r...ps....z..0..9.......(.......YE................+.r...p*r...p*ra..p*r...ps....z......(..........%.(.....s.....(....*F~.....r...po...+*F~.....r...po...+*V~....~....r...po...+*F~.....r...po...+*V~....~....r!..po...+*F~.....r!..po...+*.~....~6...%-.&~5.....O...s....%.6...r7..po...+*Z.....(.....(.........*.~....s....

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\Verification.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):20664
                                                                                                                                    Entropy (8bit):6.335959965018028
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:3WVp5yQkNWzXpGPNynVRWCxYWnfOhIWfaufedaO/d:GV7c2tnVRQEfVCbfKaQ
                                                                                                                                    MD5:3AB22BECE4D9007CCBCBB9FD749D81B1
                                                                                                                                    SHA1:EDDC4DBB076E4E946418ACB681C533A7356694DB
                                                                                                                                    SHA-256:AE66FE530CBAF1356F2995D38BE16F69158C68713EC36ABF5BE2EB17BD51E218
                                                                                                                                    SHA-512:226E45724EA44B510D67DB6A835F2EB7C480B67679DAD124FEDAEBAF10E5EFD13FE033DCB18304EED466016F4A8F03A379329E0F9E49860FBE00045A03D36109
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0..,...........K... ...`....... ....................................`.................................@K..O....`...............4...............J............................................... ............... ..H............text....+... ...,.................. ..`.rsrc........`......................@..@.reloc...............2..............@..B................tK......H........*..P.............................................................(.....-.r...ps....z.(....-.r...p.(....s....z..}....*...0..........s......{....s..........(....rO..p(...........(....(..........%...(...+...........(....}......~....} .....~....}!.....s"...............}#......}$......}%......}&.....~....}'.......((...o).......s*...(+...,?.....(....rO..p(.......,...(....(..........%...(...+..s-.....+..s....................~....}/.....~....}0......}1......}2......}3......(

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\WindowsManagement.Classic.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):122552
                                                                                                                                    Entropy (8bit):6.145884253301112
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:d/+nO5PMEkNK1eZLThC0hoebQj/LyCdT+J/8v95DBsIv44rIio76dLGVcQ6VLaY:UOVQc4X1bb8LyCSJ/g5dVpWtVioY
                                                                                                                                    MD5:192EB8BCA28242C3DE7DA67F1704E05D
                                                                                                                                    SHA1:C051EC48FF749CBCEC2A773CEE0669A3DA95A5D0
                                                                                                                                    SHA-256:B032BBA81247188A64DFCB0AB40E1A5A4EB54C7F51811AA06F4F6C85E66C0B68
                                                                                                                                    SHA-512:0A5F539847494CA94680ECC7003A4FDDFA79184FBD75432FBDE015A758C70E7ED010ADEB30A9CF898872EF996F9849C190229471570A4AD9B82B255446D823AF
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......].........." ..0.............~.... ........... ....................... .......j....`.................................,...O.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................`.......H........<...............................................................{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..(....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"..}....*..{....*"

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\dcu-cli.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):216248
                                                                                                                                    Entropy (8bit):5.613513606650634
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:caA/7a/G3uUYKjqPgpIxVcWe9W1k/2UUu2AoZr+YpfBZsJQZO8PU+nl3K:Ga/FhKjupfBOaZl/l3K
                                                                                                                                    MD5:52B8E633A096AC8ACDCA5FB318218209
                                                                                                                                    SHA1:7058E7A784CD6935736E4A2E66E68A7356CC6287
                                                                                                                                    SHA-256:A40D300C078192A3EA70356A9DD36E394ACEFB88C7FDB6D62F343644962F4790
                                                                                                                                    SHA-512:967C903721D218189423B7230204A7F459828990D142A98BCF50C93CD29F36ABC167D16EA97B654B01FA6428F2CAC25D981D8322C99F7A83B5AE9A732AB1AB87
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K-............"...0..@...........]... ...`....@.. ...............................g....`..................................]..O....`...............0.......`.......\..8............................................ ............... ..H............text....>... ...@.................. ..`.rsrc........`.......B..............@..@.reloc.......`......................@..B.................]......H.......,..........[....................................................0..&.........r...p..9.....~....%-.&~......B...s....%.....(...+~....%-.&~......C...s....%.....~....%-.&~......D...s....%.....(...+...~....%-.&~......E...s....%.....(...+9.....~....%-.&~......F...s....%.....(...+9.....~....%-.&~......G...s....%.....(...+....( .....(!...-..o"....@1.r...p..(.....k(b....~....%-.&~......H...s....%.....(...+,j.~....%-.&~......I...s....%.....(...+....( ......~....%-.&~......J...

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\log4net.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):276480
                                                                                                                                    Entropy (8bit):5.770362644549105
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:mT7imnjgXkU4PhLMmgCFZySx5BWd3G2aQ+kLTIMgKmDkP+2JXa+9Ed:mymnsXkU4PhLMmgCFZySx5v2aQ+kLTIm
                                                                                                                                    MD5:F64B733EAE44C8C66217386D5A0F2BF0
                                                                                                                                    SHA1:92683E4FB8D3C7A544DCE21E12F24DCC8B600E9C
                                                                                                                                    SHA-256:AF5610C515D2244DB98C662636264C8177E89B1AFE407F88FD18A41D66F6E7E2
                                                                                                                                    SHA-512:74AAE11529AB5EFDBE4C6F7232BA4C24EEF570B3BBFEA94657940450B34F61503C36DFC560E252F35352BB3D8F54A7A317C9E52AD0B60B9BB666B0DD4913B40F
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....L.X...........!.................L... ...`....... ...............................N....@.................................4L..W....`...............................J............................................... ............... ..H............text....,... ...................... ..`.rsrc........`.......0..............@..@.reloc...............6..............@..B................pL......H............y..............-..P .......................................~.....u..}....%YU..@...3.Ea\.P.2...r. .X.%.......i....A.R.7_Fx..6[......y.^b.w5........P.5T.....d...s.vo.......g+....;.6.R>.v.(0.....(1...o2...s....}....*...0..7........{....-%~....r...p.{....r9..p(3...(.....(.......(4....*.........//........{....*"..}....*..{....*....0..4..........%...(5....-.~....r?..p(....+...}.......,..(6....*........')........{....*..{....*"..}....*.*..{....*"..}....*.0..........

                                                                                                                                    C:\Program Files\Dell\CommandUpdate\readme.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):3943
                                                                                                                                    Entropy (8bit):4.498040983407239
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:jY9GAA+DD7yeOtcHWgGo0E4HMD/LjM19WfSqL:YGAA2D7/fR1bVL
                                                                                                                                    MD5:A6FDBC4253A05161076D24FDDBC8F4DA
                                                                                                                                    SHA1:1E5BEC3BE85029ADC64DCE3E386E19AFB368D5FF
                                                                                                                                    SHA-256:1E31908E9DA600A4AEBF2ED5627A832DE15929C593F1BDF0F68EC82A040AB170
                                                                                                                                    SHA-512:03A745E9039552A659757CEBBCF4F0EF0456F7EDC0358FB10ED6A26555414AAF1D7A1DF0FFBC03D6003B896925CD209E5E75F08D2A20F4113C11A0F3B0C732FD
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:********************************************************************************....DELL COMMAND | UPDATE for WINDOWS 10..VERSION 3.1 README....********************************************************************************....Dell Command | Update is installed as a standalone application on a..business client supported platform to provide a Windows update..experience for systems software released by Dell. This application is..installed locally on the target systems and simplifies BIOS, firmware,..driver, and application update experience on Dell Client Hardware. This..application can also be used to install drivers after the Operating..System and network drivers are installed based on the system identity.....Dell Command | Update is primarily targeted at customers who want to..manage systems on their own. The tool is designed to allow users to..specify their update preferences and apply updates based on the..critiuserty. Alternatively, end users can use the scheduling option to..keep

                                                                                                                                    C:\ProgramData\Dell\InventoryCollector\Log\ICDebugLog.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\Temp\inv5098_tmp\invcol.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):90
                                                                                                                                    Entropy (8bit):3.8980685120588383
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:jHFse9gCe+3Fse9gCe+3Fse9gCv:j2eQ+meQ+meF
                                                                                                                                    MD5:4E4448E01295A5D2C28238F6781B96BD
                                                                                                                                    SHA1:53D7337F61005BBB7992ECC41385BF2ECD1B858F
                                                                                                                                    SHA-256:376BE01E992466EA1CCA268247CAC832562E1E62C4C2E56B32AE6FE84D630C32
                                                                                                                                    SHA-512:8B2F493292D4A932A7063676AF010B912E01265B4A420340B39C00B37881525E4F746A459F42F398321A0F420D95118D826181CD6BCF2A7E9A42021797D16A83
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:Starting Inventory collector..Starting Inventory collector..Starting Inventory collector..

                                                                                                                                    C:\ProgramData\Dell\UpdateService\Clients\CommandUpdate\Scheduler.dat

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                    Category:modified
                                                                                                                                    Size (bytes):2225
                                                                                                                                    Entropy (8bit):5.123530770420628
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:AO8R18ubYFqPYUt3c/ubYFZPouU3c5ubYFqPYoMn7cwFb0gbZP6uMn3s:KnYFqgUWUYFZHxyYFqgoBU0sZNr
                                                                                                                                    MD5:3C6C61A538350C10A089512336D2AE7A
                                                                                                                                    SHA1:DF91E376166C9F0C56963409D8B1E163715B1276
                                                                                                                                    SHA-256:FBCCF47C23E6EC374F4EE84EE811DF6611FDC2D71A4A12D7B1BEB46FD8924C8B
                                                                                                                                    SHA-512:529AE14AD7A936813F7B96456173E76D42A03A9331FF7B5D706C27056C143B6B283C25B4E7409D2B55485169CAB5F0D2B353B5CE996FFB9B9512D4722C8593F8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<?xml version="1.0"?>..<DellSchedulerXml xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">.. <EventList>.. <Event>.. <AppID>DellCommandUpdate</AppID>.. <EventID>1</EventID>.. <Hour>6</Hour>.. <Minute>0</Minute>.. <Second>49</Second>.. <RecurrenceType>EveryNumberOfDays</RecurrenceType>.. <ExactTime xsi:nil="true" />.. <DayInterval>3</DayInterval>.. <Day xsi:nil="true" />.. <DayOfWeek xsi:nil="true" />.. <CreateTime>2024-10-21T06:00:49.3140613-04:00</CreateTime>.. <LastTriggeredTime>2024-10-25T13:12:55.589456-04:00</LastTriggeredTime>.. </Event>.. <Event>.. <AppID>DellCommandUpdate</AppID>.. <EventID>2</EventID>.. <Hour>6</Hour>.. <Minute>0</Minute>.. <Second>49</Second>.. <RecurrenceType>OneTimeOnly</RecurrenceType>.. <ExactTime>2024-10-24T06:00:49</ExactTime>.. <DayInterval xsi:nil="true" />.. <Day xsi:nil="true" />..

                                                                                                                                    C:\ProgramData\Dell\UpdateService\Log\Activity.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):8188
                                                                                                                                    Entropy (8bit):3.48160504494148
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:Yhpp4oU++w4L6RaIo4D4Kpp4LU++w4I5Yec+o4Enl:bx0/nl
                                                                                                                                    MD5:C48C41ADB5BB3F35879FD93411E234C0
                                                                                                                                    SHA1:71C1E11D117589038D78262391DACEF845E94459
                                                                                                                                    SHA-256:0C73CAE0AA2FFC7644AB9C00EE40D7AB40D1634676C9D4AD5CDD101F914B5487
                                                                                                                                    SHA-512:440730C80C505EC71870A597E00B2435A128DEEABA93E7101F084C03E4B1359948D4803D2AE39052C63B3C450FD1EF92B948E2394F82E2C12870245020C58904
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.....<.L.o.g.E.n.t.r.i.e.s. .v.e.r.s.i.o.n.=.".1...0.". .a.p.p.n.a.m.e.=.".D.e.l.l. .C.o.m.m.a.n.d. .|. .U.p.d.a.t.e.". .a.p.p.v.e.r.s.i.o.n.=.".3...0.".>..... . .<.L.o.g.E.n.t.r.y.>..... . . . .<.a.p.p.n.a.m.e.>.D.e.l.l.C.o.m.m.a.n.d.U.p.d.a.t.e.<./.a.p.p.n.a.m.e.>..... . . . .<.l.e.v.e.l.>.N.o.r.m.a.l.<./.l.e.v.e.l.>..... . . . .<.t.i.m.e.s.t.a.m.p.>.2.0.2.4.-.1.0.-.2.1.T.0.6.:.0.0.:.4.6...1.8.9.0.6.1.-.0.4.:.0.0.<./.t.i.m.e.s.t.a.m.p.>..... . . . .<.s.o.u.r.c.e.>.D.e.l.l...U.p.d.a.t.e.S.e.r.v.i.c.e...U.p.d.a.t.e.S.c.h.e.d.u.l.e.r...U.p.d.a.t.e.S.c.h.e.d.u.l.e.r...S.t.a.r.t.<./.s.o.u.r.c.e.>..... . . . .<.m.e.s.s.a.g.e.>.S.t.a.r.t.i.n.g. .t.h.e. .u.p.d.a.t.e. .s.c.h.e.d.u.l.e.r...<./.m.e.s.s.a.g.e.>..... . . . .<.t.r.a.c.e.>.<./.t.r.a.c.e.>..... . . . .<.d.a.t.a. ./.>..... . .<./.L.o.g.E.n.t.r.y.>..... . .<.L.o.g.E.n.t.r.y.>..... . . . .<.a.p.p.n.a.m.e.>.D.e.l.l.C.o.m.m.a.n.d.U.p.d.a.t.e.<./.a.p.p.n.a.m.e.

                                                                                                                                    C:\ProgramData\Dell\UpdateService\Log\Service.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):15007
                                                                                                                                    Entropy (8bit):5.324380701216844
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:GAymIEL+hU2PSg1VHwRa86Ugl0FHXwICxGT7d:TRRWlwgI3T5
                                                                                                                                    MD5:E59B393084881E367B37B95EF2E9C168
                                                                                                                                    SHA1:FF5F231A7FB8705D5BC28E20609B3D8EFBBE9D33
                                                                                                                                    SHA-256:A0DEA2DE1F6F2AD936116AC7BEBB5459513494DC6719A7F8B06E9F9EA8DD266B
                                                                                                                                    SHA-512:8558D8C924FED2C7609AF310093E1AEA6A17975F2795CAE1FE9A50C975E1973722B6780B7072CEE2E7B15F296C12D76BDAB5242F7A4588CE8207C8D0DF33B0D5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[2024-10-21 05:58:51] {Dell.UpdateService.ServiceShell.Main->INFO} ServiceShell trigger renewed..[2024-10-21 05:59:02] {Dell.UpdateService.ServiceShell.ModuleManager->INFO} 'C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Principal.dll' module registration is requested (autoUnregister = False)..[2024-10-21 05:59:50] {Dell.UpdateService.ServiceShell.ModuleManager->INFO} 'C:\Program Files (x86)\Dell\UpdateService\Service\WindowsManagement.Principal.dll' is registered..[2024-10-21 05:59:50] {Dell.UpdateService.ServiceShell.ModuleManager->INFO} 'C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll' module registration is requested (autoUnregister = False)..[2024-10-21 06:00:19] {Dell.UpdateService.ServiceShell.ModuleManager->INFO} 'C:\Program Files (x86)\Dell\UpdateService\Service\Update.Principal.dll' is registered..[2024-10-21 06:00:19] {Dell.UpdateService.ServiceShell.ModuleManager->INFO} 'C:\Program Files (x86)\Dell\UpdateService\Service\Storage.Pr

                                                                                                                                    C:\ProgramData\Dell\UpdateService\Temp\BIT908F.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                    File Type:Microsoft Cabinet archive data, single, 364648 bytes, 1 file, at 0x44 +A "CatalogIndexPC.xml", flags 0x4, number 1, extra bytes 20 in head, 115 datablocks, 0x1 compression
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):375672
                                                                                                                                    Entropy (8bit):7.978631802919166
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:THTUfUnbGlIaIezlGXLD/iKMWE/JrSjZXLv5VpD8BfTittLFdoazEDTN4XnUI0gq:THT2Unb/aIezi32/KZX7by94tEazEDT5
                                                                                                                                    MD5:A6343D9FD845E2D839CE11614404E37A
                                                                                                                                    SHA1:98FF085DC77EC6E057F0449BB6348863FD6EA5BD
                                                                                                                                    SHA-256:FB8D2247D88DAD4F4FB431D1C737A7302B7FE0B6DBABABB97ABDAA27C1CA7019
                                                                                                                                    SHA-512:D9666F429BDDAB360277DF2C0419AACD8B2144A9FAA55B2840B20E46FCE079B398690E90345059C0953A71003D7A05B7BA9A1D7B760F131464101B61927343BE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MSCF....h.......D...........................h....+..........g...s....F9.......RY<. .CatalogIndexPC.xml..!......CK..o...........\.w{.....z9/;1b.MQ..=m..-XN..o;..!%[.$*'.....=.fggg.;3.....D_D.D..h+.9..it...^G....%.v.....y..r........)z...D..e........qT.5Gr....E_.^'.H9..;..GRV+...=......+..e.T...{%.m.~.-.P.....>z&.....rB..2...-.|...g.u...D.x....90-g.r.)..cW.Z.}.=....7..J.....:....s*.^...R._/<=.._...&:.E..t-..G...c......|v...\.hy..........h.W...R..{&GO.......f.z..={....v...R.7..-.^3m.p.S.?a.XZ <eK..?..i.....shI.m.{...c*e......9.O.PZ.&....(|...."...p'<)..L.L.[......r...??...........?..T..Q!<+..Y.O[}.BO.."Oz../e...~*....Q..$.:...9=......\..${.r....)..,.-..2...@..h.i[..:~..M.j..Lk.... ./d...r..z.WH.K........v.7.K.y...G+...X.S9W..=.x%....T.:........?.c;R...nJ.S.bW.........R>N.....X.i..B.....).D...K........^..A.....|.RJ.y.jo.:%.'<.~(G..G+..P.6.c9.x.....x|.].....A..Rz.y.Y ..^u}.[F.R.Q....Q.c.C..$...7BO.5.l...-R..+.....K..S<...6.}....O...rG-./w.

                                                                                                                                    C:\ProgramData\Dell\UpdateService\Temp\BITAC74.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                    File Type:Microsoft Cabinet archive data, single, 364648 bytes, 1 file, at 0x44 +A "CatalogIndexPC.xml", flags 0x4, number 1, extra bytes 20 in head, 115 datablocks, 0x1 compression
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):375672
                                                                                                                                    Entropy (8bit):7.978631802919166
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:THTUfUnbGlIaIezlGXLD/iKMWE/JrSjZXLv5VpD8BfTittLFdoazEDTN4XnUI0gq:THT2Unb/aIezi32/KZX7by94tEazEDT5
                                                                                                                                    MD5:A6343D9FD845E2D839CE11614404E37A
                                                                                                                                    SHA1:98FF085DC77EC6E057F0449BB6348863FD6EA5BD
                                                                                                                                    SHA-256:FB8D2247D88DAD4F4FB431D1C737A7302B7FE0B6DBABABB97ABDAA27C1CA7019
                                                                                                                                    SHA-512:D9666F429BDDAB360277DF2C0419AACD8B2144A9FAA55B2840B20E46FCE079B398690E90345059C0953A71003D7A05B7BA9A1D7B760F131464101B61927343BE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MSCF....h.......D...........................h....+..........g...s....F9.......RY<. .CatalogIndexPC.xml..!......CK..o...........\.w{.....z9/;1b.MQ..=m..-XN..o;..!%[.$*'.....=.fggg.;3.....D_D.D..h+.9..it...^G....%.v.....y..r........)z...D..e........qT.5Gr....E_.^'.H9..;..GRV+...=......+..e.T...{%.m.~.-.P.....>z&.....rB..2...-.|...g.u...D.x....90-g.r.)..cW.Z.}.=....7..J.....:....s*.^...R._/<=.._...&:.E..t-..G...c......|v...\.hy..........h.W...R..{&GO.......f.z..={....v...R.7..-.^3m.p.S.?a.XZ <eK..?..i.....shI.m.{...c*e......9.O.PZ.&....(|...."...p'<)..L.L.[......r...??...........?..T..Q!<+..Y.O[}.BO.."Oz../e...~*....Q..$.:...9=......\..${.r....)..,.-..2...@..h.i[..:~..M.j..Lk.... ./d...r..z.WH.K........v.7.K.y...G+...X.S9W..=.x%....T.:........?.c;R...nJ.S.bW.........R>N.....X.i..B.....).D...K........^..A.....|.RJ.y.jo.:%.'<.~(G..G+..P.6.c9.x.....x|.].....A..Rz.y.Y ..^u}.[F.R.Q....Q.c.C..$...7BO.5.l...-R..+.....K..S<...6.}....O...rG-./w.

                                                                                                                                    C:\ProgramData\Dell\UpdateService\Temp\BITEE8F.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                    File Type:Microsoft Cabinet archive data, single, 364648 bytes, 1 file, at 0x44 +A "CatalogIndexPC.xml", flags 0x4, number 1, extra bytes 20 in head, 115 datablocks, 0x1 compression
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):375672
                                                                                                                                    Entropy (8bit):7.978631802919166
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:THTUfUnbGlIaIezlGXLD/iKMWE/JrSjZXLv5VpD8BfTittLFdoazEDTN4XnUI0gq:THT2Unb/aIezi32/KZX7by94tEazEDT5
                                                                                                                                    MD5:A6343D9FD845E2D839CE11614404E37A
                                                                                                                                    SHA1:98FF085DC77EC6E057F0449BB6348863FD6EA5BD
                                                                                                                                    SHA-256:FB8D2247D88DAD4F4FB431D1C737A7302B7FE0B6DBABABB97ABDAA27C1CA7019
                                                                                                                                    SHA-512:D9666F429BDDAB360277DF2C0419AACD8B2144A9FAA55B2840B20E46FCE079B398690E90345059C0953A71003D7A05B7BA9A1D7B760F131464101B61927343BE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MSCF....h.......D...........................h....+..........g...s....F9.......RY<. .CatalogIndexPC.xml..!......CK..o...........\.w{.....z9/;1b.MQ..=m..-XN..o;..!%[.$*'.....=.fggg.;3.....D_D.D..h+.9..it...^G....%.v.....y..r........)z...D..e........qT.5Gr....E_.^'.H9..;..GRV+...=......+..e.T...{%.m.~.-.P.....>z&.....rB..2...-.|...g.u...D.x....90-g.r.)..cW.Z.}.=....7..J.....:....s*.^...R._/<=.._...&:.E..t-..G...c......|v...\.hy..........h.W...R..{&GO.......f.z..={....v...R.7..-.^3m.p.S.?a.XZ <eK..?..i.....shI.m.{...c*e......9.O.PZ.&....(|...."...p'<)..L.L.[......r...??...........?..T..Q!<+..Y.O[}.BO.."Oz../e...~*....Q..$.:...9=......\..${.r....)..,.-..2...@..h.i[..:~..M.j..Lk.... ./d...r..z.WH.K........v.7.K.y...G+...X.S9W..=.x%....T.:........?.c;R...nJ.S.bW.........R>N.....X.i..B.....).D...K........^..A.....|.RJ.y.jo.:%.'<.~(G..G+..P.6.c9.x.....x|.].....A..Rz.y.Y ..^u}.[F.R.Q....Q.c.C..$...7BO.5.l...-R..+.....K..S<...6.}....O...rG-./w.

                                                                                                                                    C:\ProgramData\Dell\UpdateService\Temp\CatalogIndexPC.cab (copy)

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                    File Type:Microsoft Cabinet archive data, single, 364648 bytes, 1 file, at 0x44 +A "CatalogIndexPC.xml", flags 0x4, number 1, extra bytes 20 in head, 115 datablocks, 0x1 compression
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):375672
                                                                                                                                    Entropy (8bit):7.978631802919166
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:THTUfUnbGlIaIezlGXLD/iKMWE/JrSjZXLv5VpD8BfTittLFdoazEDTN4XnUI0gq:THT2Unb/aIezi32/KZX7by94tEazEDT5
                                                                                                                                    MD5:A6343D9FD845E2D839CE11614404E37A
                                                                                                                                    SHA1:98FF085DC77EC6E057F0449BB6348863FD6EA5BD
                                                                                                                                    SHA-256:FB8D2247D88DAD4F4FB431D1C737A7302B7FE0B6DBABABB97ABDAA27C1CA7019
                                                                                                                                    SHA-512:D9666F429BDDAB360277DF2C0419AACD8B2144A9FAA55B2840B20E46FCE079B398690E90345059C0953A71003D7A05B7BA9A1D7B760F131464101B61927343BE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MSCF....h.......D...........................h....+..........g...s....F9.......RY<. .CatalogIndexPC.xml..!......CK..o...........\.w{.....z9/;1b.MQ..=m..-XN..o;..!%[.$*'.....=.fggg.;3.....D_D.D..h+.9..it...^G....%.v.....y..r........)z...D..e........qT.5Gr....E_.^'.H9..;..GRV+...=......+..e.T...{%.m.~.-.P.....>z&.....rB..2...-.|...g.u...D.x....90-g.r.)..cW.Z.}.=....7..J.....:....s*.^...R._/<=.._...&:.E..t-..G...c......|v...\.hy..........h.W...R..{&GO.......f.z..={....v...R.7..-.^3m.p.S.?a.XZ <eK..?..i.....shI.m.{...c*e......9.O.PZ.&....(|...."...p'<)..L.L.[......r...??...........?..T..Q!<+..Y.O[}.BO.."Oz../e...~*....Q..$.:...9=......\..${.r....)..,.-..2...@..h.i[..:~..M.j..Lk.... ./d...r..z.WH.K........v.7.K.y...G+...X.S9W..=.x%....T.:........?.c;R...nJ.S.bW.........R>N.....X.i..B.....).D...K........^..A.....|.RJ.y.jo.:%.'<.~(G..G+..P.6.c9.x.....x|.].....A..Rz.y.Y ..^u}.[F.R.Q....Q.c.C..$...7BO.5.l...-R..+.....K..S<...6.}....O...rG-./w.

                                                                                                                                    C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\Temp\inv5098_tmp_1\invcol.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text
                                                                                                                                    Category:modified
                                                                                                                                    Size (bytes):296
                                                                                                                                    Entropy (8bit):3.5907458479152092
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:QFulcLk04/5p89cWJUlgFAfEzkwasi0lUZxPql+dyKAl2k2owOn:QF/LX4xp87qlVczxasilPPRd+oDO
                                                                                                                                    MD5:AAD2B6D56D0F0CA9ACD32D5E0DF653B7
                                                                                                                                    SHA1:9A853045BF2DEF1EEDFE34880845FA8214AD1DF5
                                                                                                                                    SHA-256:A8F89B39DD7A426B3777CE6EBEA34B6191CCAA4A0D873AB75F06F6D2DE47F2CF
                                                                                                                                    SHA-512:5A9E4C53341DC4DBAC2B83E1608F4CBA8A6E614A3A6AEE8BEC0386A256CAB48BD9462A72B0EB6A8A3B55FA84B39C27A51A5ED91584F0DECA6B45218C060B21D0
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.........<.S.V.M.I.n.v.e.n.t.o.r.y. .l.a.n.g.=.".e.". .s.c.h.e.m.a.V.e.r.s.i.o.n.=.".1...0.". .t.i.m.e.S.t.a.m.p.=.".2.0.2.4.-.1.0.-.2.1.T.0.6.:.0.0.:.0.9.". .i.n.v.c.o.l.V.e.r.s.i.o.n.=.".8...1...5...0."./.>.........

                                                                                                                                    C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1310720
                                                                                                                                    Entropy (8bit):0.8871355039403274
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:yJjAgNE4Pj5vHcjTcyBP9UjaaQ/ka4qWsi:QAgN8nj/ka4f
                                                                                                                                    MD5:88C4729EE1E328DF5C1515B842BC3139
                                                                                                                                    SHA1:3F080D69FD58B7D38EBBC22829BD14D06DCF82C4
                                                                                                                                    SHA-256:BEBFB473A649637C8A3FC188AD5F3931D5B01E37AF3CABB7FFD682DC70AEA8E1
                                                                                                                                    SHA-512:49E750B8F4F3FD69CF299809644F1EB2F242BD74B0FAA7970A6B4029510A32F1C65FD613B4ED6E2C8C071972BE6CD562559EA91FD2B6BA198E40D59D18BE3761
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..6.........@..@.....{...;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@....................................d6d6.#.........`h.................h.......6.......X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                    C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                    File Type:Extensible storage engine DataBase, version 0x620, checksum 0xb3c1c652, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1310720
                                                                                                                                    Entropy (8bit):0.7864608296282892
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:zSB2ESB2SSjlK/6vDfi5Wy10MctJ+t9ka4XQ0/Ykr3g16L2UPkLk+kyt4eCu3uZB:zazaovh7uka4Es2U1RFNp3pvHzrHBHz
                                                                                                                                    MD5:0E21992796484E292C881889B6425B1C
                                                                                                                                    SHA1:3F1B3BADD612C8C00A659DF222B740366C2BEE1D
                                                                                                                                    SHA-256:24F3A06CBC03A90F96621FB2C55DCBF8E060F90CE7CFCF20514ADF6161B28E46
                                                                                                                                    SHA-512:BE9C181DCF6F50472B5523FC61F98D35AAF54FF570B1BBEB756F9465D0E75712A5208847173FEF2C8260CF342935A20C6CF39466547D10AF1ACDECF5F428215B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:...R... ...............X\...;...{......................0.z...... ...{...:...|=.h.|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............{...............................................................................................................................................................................................2...{.................................. xL..:...|=9.................[...:...|=..........................#......h.|.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):16384
                                                                                                                                    Entropy (8bit):0.08134823233117672
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:CxSXKYeAESXsTMsjv/Ss/IGYZX/134AllSdLvl+/rS56/:CxyKzy8QsYd34AQN0e
                                                                                                                                    MD5:FA7787A7B3B56D838EE3BDC7C530F88B
                                                                                                                                    SHA1:C8EBE059BECCB3E2476972C371D38CB8985B607C
                                                                                                                                    SHA-256:14CF6C12D5F523490CF8CD8DAC6B253D73DD5A7175EB1DE3E2B47C51C3F896F4
                                                                                                                                    SHA-512:243E33F053AA72410050B79855EED165CABFAFEE781A4B3DF0D6F37E87A7FC8B0F48C2E42EF6955013399ECC2F99075215232576F932AF5BC5B7201F52A38C00
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:.fM......................................;...{...:...|=.. ...{........... ...{... ...{..#.#.. ...{.|.................[...:...|=.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\ProgramData\Microsoft\Windows\ClipSVC\Install\Apps\dellinc.dellcommandupdate_htrsf667h5kn2.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe
                                                                                                                                    File Type:ASCII text, with very long lines (2676), with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2676
                                                                                                                                    Entropy (8bit):5.942047559545302
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:l8hZZT0IgbZMgY2TRUqIcER5CqDh6QvL3+1NtEMtpg4kVAnDaD6SCG5:mZZT0IgbygpTyqSRXL2tJWVADOKG5
                                                                                                                                    MD5:30C764A1B4A33B5DB7422B4D2012D9BB
                                                                                                                                    SHA1:C5FCC94746B63213F57D547727D204BDB4BB2B53
                                                                                                                                    SHA-256:144724710BAC1F118852FA6EFD55A12DE4C470CEC563B44DF4343E009B8215B4
                                                                                                                                    SHA-512:FFEAB68AB0AFE11D0E94A86C94C668B26B1BD425860E7E0F6B3BA4E2F49711C6372E0A0FC9F3C290922B0CBC0C563D239D2D3BF703212E8E6489AEFF2ECE73AF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<License xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="07380496-c415-4d0f-8536-990eb4846f70" LicenseID="a437a09d-cb9d-c512-7439-f35705474e64" ContentID="11b6e70d-5a83-d49f-ea77-9244209b7f66" Version="3" xmlns="urn:schemas-microsoft-com:windows:store:licensing:ls"><Binding Binding_Type="Machine"><ProductID>9N0K4B9PJT60</ProductID><PFM>dellinc.dellcommandupdate_htrsf667h5kn2</PFM><LicenseInstanceID>488ca431-1ed7-48c3-a66a-557ce9b0a73c</LicenseInstanceID><RequestorID>9897b18e-89c7-5167-c951-af280046fed1</RequestorID><LeaseRequired>False</LeaseRequired></Binding><LicenseInfo Type="Full" LicenseUsage="Offline" LicenseCategory="OEM"><IssuedDate>2019-11-15T13:48:35.3689926Z</IssuedDate><LastUpdateDate>2019-11-15T13:48:35.3836502Z</LastUpdateDate><BeginDate>2019-11-15T13:48:35.3836502Z</BeginDate></LicenseInfo><SPLicenseBlock>FAAAALgAAADJAAAACgAAAAMAAQCzrM5dAgDLAAAAEAAAAJ2gN6SdyxLFdDnzVwVHTmTOAAAAUAAAAGQAZQBsAGwAaQBuAGMALgBkAGUAbABsAGMAb

                                                                                                                                    C:\Users\user\AppData\Local\Temp\209d7fd5-7f39-4c9c-9f3a-e00d3859c78a\AddAppxProvisionedPackage.ps1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1372
                                                                                                                                    Entropy (8bit):5.004635385668888
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:4sLbEMgEkOakibOdZiHjSEZu201jegUNCEl3IaVogzDoE+AvCE8oEGR8jeg6NHGv:pETEJbi8iHWMCFe7UmIXwx0eFdeJ
                                                                                                                                    MD5:761EE09981FE74F2078C929AA7A8F9DD
                                                                                                                                    SHA1:23B51437E32519773005E94E22769F02BD0C81F3
                                                                                                                                    SHA-256:3A4B0993A2ADFE91D47E9EA8F97A9CA31D57A7FD02CAC6140BC03699D32472CE
                                                                                                                                    SHA-512:6A5D092040C218D404E41B249584BEEA48C2B5B2C322DF28D9124D866045084864F51BF204F3BC1DD25BC418E661B4DB3B5DBC99E293DF048C5D362BFEA8F744
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:trace-info -LogMessage "Installing signed APPX file"....$appxFile='DellCommandUpdate.appxbundle'..$licenseFile='DellCommandUpdate_License1.xml'..$sdir=Get-Property -name CustomActionData....trace-info -LogMessage $sdir..$appxPath=Join-Path $sdir -ChildPath $appxFile..trace-info -LogMessage $appxPath..$licensePath=Join-Path $sdir -ChildPath $licenseFile..trace-info -LogMessage $licensePath....# $logMessage="Adding Package via: Add-AppxPackage -Path " + $appxPath..# trace-info -LogMessage $logMessage....# Add-AppxPackage -Path $appxPath....# if( -not $? )..# {.. # $logMessage="Error encountered while adding APPX package: " + $Error[0].Exception.Message...# trace-info -LogMessage $logMessage.. # exit(1)..# }..# else..# {...# trace-info -LogMessage "Successfully added APPX package"..# }....# Start-Sleep -Seconds 2....$logMessage="Adding Provisioned Package via: Add-AppxProvisionedPackage -Online -PackagePath " + $appxPath + " -LicensePath " + $licensePath..trace-info -LogMessage $log

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\AppxProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):596832
                                                                                                                                    Entropy (8bit):5.9026869938224085
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:aYZPiHu7ipQRpswJ764ojr4bhLhZpxKZSYkDnqHvF5ifCTv7mNVq4AIbnd:FPiKZ+4a8PxKENDnAvF5/CYId
                                                                                                                                    MD5:9228D77A9FF8E4CB74FEB73253C27874
                                                                                                                                    SHA1:7A7BF2879E2C7ABFA6AECF0EBDA59D8C69B005DF
                                                                                                                                    SHA-256:FE5AFCD3CDC8F9E9845D990680411476C4DB9E0E2130EA5E874BDF824777AFFE
                                                                                                                                    SHA-512:CE66A75D0BA3BCDD8DA583C526E6743A87C3648A623AE60AAD528C2CACE1D193761113A8EF4F9B3E9519FDCF7A7F7F37D289356EC9BB37594237693EF5F3FE89
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........X..]9..]9..]9..TA2.U9..IR..^9..IR..N9..IR..R9..IR..O9..]9..'8..IR..\9..IR...9..IR^.\9..IR..\9..Rich]9..................PE..d......*..........",.....$...................................................@.......>....`A........................................@....................]......L,......`%...0.........p............................I...............o......(...`....................text....".......$.................. ..`.rdata.......@.......(..............@..@.data....L...@...B..................@....pdata..L,...........^..............@..@.didat.. ...........................@....rsrc....].......^..................@..@.reloc.......0......................@..B................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\AssocProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):115528
                                                                                                                                    Entropy (8bit):5.653542371123077
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:yV9TBLzWvVZtglIDIQdgDbEyuh9UHsTj2HUWli7HlzuTPxwQ:yH1uL6IdgDWjUHeEhyuTx
                                                                                                                                    MD5:94DC379AA020D365EA5A32C4FAB7F6A3
                                                                                                                                    SHA1:7270573FD7DF3F3C996A772F85915E5982AD30A1
                                                                                                                                    SHA-256:DC6A5930C2B9A11204D2E22A3E8D14C28E5BDAC548548E256BA7FFA79BD8C907
                                                                                                                                    SHA-512:998FD10A1F43024A2398491E3764748C0B990B37D8B3C820D281296F8DA8F1A2F97073F4FD83543994A6E326FA7E299CB5F59E609358CD77AF996175782EEACA
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._.I4..'g..'g..'g..$f..'g..#f..'g..&g..'g..&f..'g.."f..'g..'f..'g../f..'g...g..'g..%f..'gRich..'g................PE..d...|1............",.....................................................................`A........................................0W.......W.......... "..............H!..............p...........................`...............x................................text...P........................... ..`.rdata.............................@..@.data....'...p..."...L..............@....pdata...............n..............@..@.rsrc... ".......$...z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\CbsProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):896848
                                                                                                                                    Entropy (8bit):5.860053592097925
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:kqe4tO+jP4PZxP2gv4MefWfN3bGJ0mqs7xBU99l7gghi000U:ko4+UP3P2pMefWfN3bGJpv7QLl7hi0M
                                                                                                                                    MD5:6AD0376A375E747E66F29FB7877DA7D0
                                                                                                                                    SHA1:A0DE5966453FF2C899F00F165BBFF50214B5EA39
                                                                                                                                    SHA-256:4C9A4AB6596626482DD2190034FCB3FAFEBE88A961423962AD577E873EF5008F
                                                                                                                                    SHA-512:8A97B2CC96EC975188E53E428D0FC2C562F4C3493D3C354E316C7F89A0BD25C84246807C9977F0AFDDA3291B8C23D518A36FD967D8F9D4D2CE7B0AF11B96EB18
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7..V..V..V...&.V..=..V..=..V..V..W..=..V..=..V..=..V..=...V..=J.V..=..V..Rich.V..........................PE..d....c............",.....8...X.......................................................7....`A................................................\...........x.......\:......P!..............p............................................................................text....7.......8.................. ..`.rdata.......P.......<..............@..@.data....[...0...V..................@....pdata..\:.......<...h..............@..@.rsrc...x...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismCore.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):411984
                                                                                                                                    Entropy (8bit):5.723251840207755
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:2pFC8Q92GEAjR53dcPFj2loO4KwbPnRKQo2:2pxQ92QjR5tEKCkK
                                                                                                                                    MD5:B1F793773DC727B4AF1648D6D61F5602
                                                                                                                                    SHA1:BE7ED4E121C39989F2FB343558171EF8B5F7AF68
                                                                                                                                    SHA-256:AF7F342ADF5B533EA6978B68064F39BFB1E4AD3B572AE1B7F2287F5533334D4E
                                                                                                                                    SHA-512:66A92BFF5869A56A7931D7ED9881D79C22BA741C55FB42C11364F037E1EC99902DB2679B67A7E60CBF760740D5B47DCF1A6DCFAE5AD6711A0BD7F086CC054EED
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........vs... ... ... . ... ...!... ...!... ... ... ...!... ...!... ...!... ...!... ... ... ...!... Rich... ........PE..d...2.~...........",.........>...............................................p............`A.........................................o.......p.......... s......<....(..P!...`......p...p.................... ..(...p................ ...............................text............................... ..`.rdata...y.......z..................@..@.data....(...........p..............@....pdata..<........ ..................@..@.rsrc... s.......t..................@..@.reloc.......`......."..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismCorePS.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):188752
                                                                                                                                    Entropy (8bit):4.508300536375996
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:+A5jhBxzUbYKx/GK1hipbOWQHvkwGrwjPynNazEs:+A5jCbYKL1hipLQPkt8j6NaZ
                                                                                                                                    MD5:CE4079087DBC8D4D6262781530F973CD
                                                                                                                                    SHA1:7234A6DCD4ED090A14EFE54CB207CDBD34763D0E
                                                                                                                                    SHA-256:22928A593A43D029E5AC789CC38AFE5FFE5007099E0D39A2B4A0761559A157D4
                                                                                                                                    SHA-512:BA191FCF54D5FFCB4FD8D0D4396B4663C1632E540471C8016B0D75CD8E17A60281C4CC68974B11A35B45874B34A47860132BFBE5F81C23CDFE60B72ACD4C42D0
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........n..L..DL..DL..DEwLDN..DXd.EN..DXd.EG..DL..Ds..DXd.EE..DXd.EM..DXd.E{..DXd DM..DXd.EM..DRichL..D........................PE..d...-..s.........." ....."...........%...............................................~....`A........................................`.......( ..x.......................P%......P6......p............................................................................text....!.......".................. ..`.rdata..x....@.......&..............@..@.data....s...0...n..................@....pdata...............|..............@..@.rsrc................~..............@..@.reloc..P6.......8..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):146256
                                                                                                                                    Entropy (8bit):5.876226321950238
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:16iNEP0SZpv0aVyo0rbRmiUwhjgPp9X6E79KfmeCUhNs4+Au0ceacoM1f/TnbsnG:1rEME0FgH6ERKf3/lb/Rw2siUuaqR
                                                                                                                                    MD5:E5D5E9C1F65B8EC7AA5B7F1B1ACDD731
                                                                                                                                    SHA1:DBB14DCDA6502AB1D23A7C77D405DAFBCBEB439E
                                                                                                                                    SHA-256:E30508E2088BC16B2A84233CED64995F738DEAEF2366AC6C86B35C93BBCD9D80
                                                                                                                                    SHA-512:7CF80D4A16C5DBBF61FCB22EBE30CF78CA42A030B7D7B4AD017F28FBA2C9B111E8CF5B3064621453A44869BBAED124D6FB1E8D2C8FE8202F1E47579D874FA4BC
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................I.......................................................%.............Rich............................PE..d......I.........."......R..........PB.........@.............................p......5]....`..........................................................P.......0..........P!...`......0...T............................u...............v...............................text...BQ.......R.................. ..`.rdata..`....p.......V..............@..@.data...............................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismProv.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):261456
                                                                                                                                    Entropy (8bit):5.761527139443976
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:cKvrcFu+XXythARfaBAUGNDBOZlUsJY/xL6LyzH7vt/MEhpw9nF:kFBXytcaCUGbOZlUsJaxO2z7vtxhK
                                                                                                                                    MD5:490BE3119EA17FA29329E77B7E416E80
                                                                                                                                    SHA1:C71191C3415C98B7D9C9BBCF1005CE6A813221DA
                                                                                                                                    SHA-256:EF1E263E1BCC05D9538CB9469DD7DBA5093956AA325479C3D2607168CC1C000A
                                                                                                                                    SHA-512:6339B030008B7D009D36ABF0F9595DA9B793264EBDCE156D4A330D095A5D7602BA074075EA05FEF3DDE474FC1D8E778480429DE308C121DF0BF3075177F26F13
                                                                                                                                    Malicious:false
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........l.B...B...B...K...@...V...F...V...Q...B...k...V...S...V...N...V...C...V...n...V...C...V...C...RichB...........................PE..d.....B...........",.....0.......... ....................................................`A........................................@h.......h..........P$......X.......P!..............p...........................`U..............xV..p............................text...B........0.................. ..`.rdata...=...@...>...4..............@..@.data....+......."...r..............@....pdata..X...........................@..@.rsrc...P$.......&..................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DmiProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):425800
                                                                                                                                    Entropy (8bit):5.777006069743426
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:Hx/vIsFo3S/cEeMykrx++h0kra+gIEmHK:Hx/vrs0FeGxf7ZVK
                                                                                                                                    MD5:EA8488990B95CE4EF6B4E210E0D963B2
                                                                                                                                    SHA1:CD8BF723AA9690B8CA9A0215321E8148626A27D1
                                                                                                                                    SHA-256:04F851B9D5E58ED002AD768BDCC475F22905FB1DAB8341E9B3128DF6EAA25B98
                                                                                                                                    SHA-512:56562131CBE5F0EA5A2508F5BFED88F21413526F1539FE4864ECE5B0E03A18513F3DB33C07E7ABD7B8AAFFC34A7587952B96BB9990D9F4EFA886F613D95A5B1B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............w..w..w.....w...t..w...s..w..v..w...v..w...r..w...w..w......w.....w...u..w.Rich.w.........................PE..d...w.)x..........",.....|...........Q....................................................`A................................................L........0...P......`....^..H!..............p...........................0..................x......@....................text....z.......|.................. ..`.rdata..............................@..@.data....O.......H..................@....pdata..`........ ..................@..@.didat....... ......................@....rsrc....P...0...P..................@..@.reloc...............V..............@..B........................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\FfuProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):633856
                                                                                                                                    Entropy (8bit):6.099385363317381
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:Dl7JmNA6s7wJzYlfa4QsFIKDys3NvGvcIKifgRw/zJkwT/F0MOAYIfsA46ItKata:Dld6A67qjFVKVSw/au2A4DclSZkL
                                                                                                                                    MD5:DF785C5E4AACAEE3BD16642D91492815
                                                                                                                                    SHA1:286330D2AB07512E1F636B90613AFCD6529ADA1E
                                                                                                                                    SHA-256:56CC8D139BE12E969FFF3BBF47B1F5C62C3DB887E3FB97C79CF7D285076F9271
                                                                                                                                    SHA-512:3566DE60FE76B63940CFF3579DA94F404C0BC713F2476BA00B9DE12DC47973C7C22D5EED1FD667D20CEA29B3C3C4FA648E5F44667E8369C192A4B69046E6F745
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............Q...Q...Q..@Q...Q...P...Q...P...Q...Q...Q...P...Q...P...Q...P...Q...P...Q..,Q...Q...P...QRich...Q........PE..d....7............",................................................................B.....`A....................................................h........,...`...4..............P....5..p...........................0................................................text...0........................... ..`.rdata...S.......T..................@..@.data....J.......D..................@....pdata...4...`...6...8..............@..@.didat...............n..............@....rsrc....,...........p..............@..@.reloc..P...........................@..B........................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\FolderProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):61264
                                                                                                                                    Entropy (8bit):5.816654445853513
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:sexLd+GGpAR1uFs4mrYNjTURz6dZiFj1EOt4Pf2:skUG+EIFRb9TURz8iFJEOt4n2
                                                                                                                                    MD5:4F3250ECB7A170A5EB18295AA768702D
                                                                                                                                    SHA1:70EB14976DDAB023F85BC778621ADE1D4B5F4D9D
                                                                                                                                    SHA-256:A235317AB7ED89E6530844A78B933D50F6F48EA5DF481DE158EB99DD8C4BA461
                                                                                                                                    SHA-512:E9CE6CCED5029D931D82E78E7E609A892BFE239096B55062B78E8FF38CCE34CE6DD4E91EFB41C4CD6ECF6017D098E4C9B13D6CB4408D761051468EE7F74BC569
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........E..Y$..Y$..Y$..P\..[$..MO..[$..MO..V$..Y$...$..MO..T$..MO..S$..MO..X$..MO..M$..MOw.X$..MO..X$..RichY$..........PE..d....<...........",.....j...f.......d....................................... ............`A........................................P....... ...................D.......P!..............p...........................p................................................text....i.......j.................. ..`.rdata...C.......D...n..............@..@.data...............................@....pdata..D...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\GenericProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):153416
                                                                                                                                    Entropy (8bit):5.813654122242925
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:WvIVEykJhkBPNN9/Y/6xOi/xHVpbe01cPKZoq:WvsEyChkBPNN9NNDbeacPLq
                                                                                                                                    MD5:EF7E2760C0A24453FC78359AEA3D7869
                                                                                                                                    SHA1:0EA67F1FD29DF2615DA43E023E86046E8E46E2E1
                                                                                                                                    SHA-256:D39F38402A9309DDD1CBA67BE470EDE348F2BC1BAB2F8D565E8F15510761087A
                                                                                                                                    SHA-512:BE785BA6B564CC4E755B4044AE27F916C009B7D942FCD092AED2AE630B1704E8A2F8B4692648EED481A5EB5355FD2E1EF7F94F6FB519B7E1FF6FC3C5F1AAA06F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.....................m....................................................................Rich...................PE..d.....4:..........",.....4...........$....................................................`A................................................p........P..(....0..8....6..H!...p..D.......p............................]..............._..0............................text....2.......4.................. ..`.rdata..0....P.......8..............@..@.data... +.......$..................@....pdata..8....0......................@..@.rsrc...(....P......................@..@.reloc..D....p.......0..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\IBSProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60744
                                                                                                                                    Entropy (8bit):5.745931323822961
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:hANsBtL+LsOHEeZMG8c4cWamUMvyARy0VnrI3Lebvdqvp7UYr6wD1PQb8/:UmsLsOkeacfmDjZriSTU22P28/
                                                                                                                                    MD5:120F0A2022F423FC9AADB630250F52C4
                                                                                                                                    SHA1:826DF2B752C4F1BBA60A77E2B2CF908DD01D3CF7
                                                                                                                                    SHA-256:5425382AAA32FFC133ADB6458FF516DB0E2AD60FAC52DD595D53C370F4BA6FA0
                                                                                                                                    SHA-512:23E50735C06CEF93D11873FC8E5E29FC63DCF3F01DC56822A17C11CA57BBFB10D46FAC6351F84BA30050A16D6BD0744A08A4042A9743A6DF87AC8A12E81E2764
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.aTu.aTu.aTa.bUw.aTa.eUz.aTu.`T..aTa.`Uz.aTa.dU..aTa.aUt.aTa.iUa.aTa..Tt.aTa.cUt.aTRichu.aT................PE..d.....TG..........",.....`...p.......Z....................................................`A........................................0...................................H!......\.......p...........................pw...............x...............................text....^.......`.................. ..`.rdata...C...p...D...d..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..\...........................@..B................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\ImagingProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):224080
                                                                                                                                    Entropy (8bit):5.7756833092024085
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:SR2jvbWvfuzAWkVUtqlk7AlP1GB2wNBG6:SR2ymvkm2wNf
                                                                                                                                    MD5:35E989A1DF828378BAA340F4E0B2DFCB
                                                                                                                                    SHA1:59ECC73A0B3F55E43DACE3B05FF339F24EC2C406
                                                                                                                                    SHA-256:874137EE906F91285B9A018735683A0DD21BDEAF2E340CBC54296551CCF8BE2D
                                                                                                                                    SHA-512:C8D69E37C918881786A8FDAB2A2C5D1632411B1F75082AEB3EB24A8BA5F93DCB39B3F4000E651F95452263525D98FD1D3CB834DE93BED16FA6F92EF271C3A92A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=...\.J.\.J.\.J.$!J.\.J.7.K.\.J.7.K.\.J.\.JO\.J.7.K.\.J.7.K.\.J.7.K.\.J.7.K.\.J.7MJ.\.J.7.K.\.JRich.\.J........PE..d...!0S...........",.........t............................................................`A......................................................... ..XJ...........J..P!...p.......N..p...........................`...............x................................text............................... ..`.rdata..&...........................@..@.data..../.......*..................@....pdata..............................@..@.rsrc...XJ... ...L..................@..@.reloc.......p.......F..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\IntlProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):303952
                                                                                                                                    Entropy (8bit):5.775842770224239
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:D20d1ONlCQZ8RWbKJqHVp13hbTPaTUMPo+WKOLv:K0d1O7CQuRhJGjgUYWHLv
                                                                                                                                    MD5:510E132215CEF8D09BE40402F355879B
                                                                                                                                    SHA1:CAE8659F2D3FD54EB321A8F690267BA93D56C6F1
                                                                                                                                    SHA-256:1BB39F3389AA4258A923FA265AFA2279688E6CDB14FF771F1621A56B03DDCF52
                                                                                                                                    SHA-512:2F7B2EC0E94738838F755759CD35E20AB2138B8ECA023EE6EF630AB83A3DE1BC0792F12EA0D722ABE9A6953626CBDDF8BA55EA32FC794D2DF677A0625E498AB0
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./...k..k..k..b.x.e.....o.....x..k.......b.....e.....j.....[......j.....j..Richk..........PE..d...._.j..........",.....D...D......`...............................................+.....`A................................................|........0...t..............P!...........]..p............................................................................text....B.......D.................. ..`.rdata...s...`...t...H..............@..@.data...X/.......&..................@....pdata..............................@..@.rsrc....t...0...v..................@..@.reloc...............r..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\LogProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):79184
                                                                                                                                    Entropy (8bit):5.830056745680413
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:X9mLBNlc4Rd1wbNA7elgn0+r+GEJ8a0qMX0Igx7DAJoNxPyCp:XMLlBRd1kSels+T8a0qMX0Igx7DAJoN7
                                                                                                                                    MD5:815A4E7A7342224A239232F2C788D7C0
                                                                                                                                    SHA1:430B7526D864CFBD727B75738197230D148DE21A
                                                                                                                                    SHA-256:A9C8787C79A952779ECA82E7389CF5BBDE7556E4491B8BFCFD6617740AC7D8A2
                                                                                                                                    SHA-512:0C19D1E388ED0855A660135DEC7A5E6B72ECBB7EB67FF94000F2399BD07DF431BE538055A61CFB2937319A0CE060898BB9B6996765117B5ACDA8FC0BAD47A349
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l..I(...(...(...!...*...<..+...<..'...(......<..'...<..$...<..)...<..4...<.m.)...<..)...Rich(...........PE..d.../`...........",.........................................................P............`A......................................................... ..................P!...@......p...p........................... ...............8................................text...P........................... ..`.rdata...O.......P..................@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\MsiProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):212792
                                                                                                                                    Entropy (8bit):5.837196341211069
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:lAHjL5MM39qnOOL1QZaFsrMQ72dmTcWI+fByuc+RAuI/bB0MoutygIQlUoMIVWE:lAHfyMkraaSrGwnjfBIXbdtyyx
                                                                                                                                    MD5:9A760DDC9FDCA758501FAF7E6D9EC368
                                                                                                                                    SHA1:5D395AD119CEB41B776690F9085F508EAADDB263
                                                                                                                                    SHA-256:7FF3939E1EF015DA8C9577AF4EDFDD46F0029A2CFE4E3DAC574D3175516E095F
                                                                                                                                    SHA-512:59D095246B62A7777E7D2D50C2474F4B633A1AE96056E4A4CB5265CCF7432FED0EA5DF9B350F44D70B55A726241DA10F228D8B5CBEE9B0890C0B9DC9E810B139
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......`...$..$..$..0..&..0..5..$....0..7..0..)..0..%..0.....0...%..0..%..Rich$..........PE..d......Y..........",.........r..............................................`............`A............................................................A..............8!...P..H....6..p...........................P...............h...H............................text.............................. ..`.rdata..............................@..@.data....'......."..................@....pdata..............................@..@.rsrc....A.......B..................@..@.reloc..H....P......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OSProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):153424
                                                                                                                                    Entropy (8bit):5.891282339866484
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:mT/wD4tK821qqa4SzpVYJyAu27gH3MgDXGy:mTasK6LpVObgH9DX
                                                                                                                                    MD5:DB4C3A07A1D3A45AF53A4CF44ED550AD
                                                                                                                                    SHA1:5DEA737FAADF0422C94F8F50E9588033D53D13B3
                                                                                                                                    SHA-256:2165D567AA47264ABE2A866BB1BCB01A1455A75A6EA530B1B9A4DDA54D08F758
                                                                                                                                    SHA-512:5182B80459447F3C1FB63B70AD0370E1DA26828A7F73083BEC0AF875B37888DD12EC5A6D9DC84157FC5B535F473AD7019EB6A53B9A47A2E64E6A8B7FAE4CDDDE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:YL.~8".~8".~8".w@..|8".jS!.}8".jS&.q8".~8#.w9".jS#.m8".jS'.r8".jS"..8".jS*.Q8".jS..8".jS ..8".Rich~8".........................PE..d....5u...........",.....D...........7..............................................bz....`A........................................P................`.......P.......6..P!...p..X.......p............................i...............j...............................text....C.......D.................. ..`.rdata.......`.......H..............@..@.data........0......................@....pdata.......P......................@..@.rsrc........`.......*..............@..@.reloc..X....p.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\OfflineSetupProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):186696
                                                                                                                                    Entropy (8bit):5.827121051077359
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:Ys8F4zlDtDlWY32LCG3F4l96gsFYryk/5FS7mo6FYx36RtPJjU1JJ:Ys8OzljW3CoSl9eOmkFs5ZiPEJJ
                                                                                                                                    MD5:A4D7231E111ECEBDEB4713362D0B433B
                                                                                                                                    SHA1:6A8470E5750D4F11A4172A12A877DE282BBD421D
                                                                                                                                    SHA-256:B1AB348B596A74DD4F9F5A571F12ECAB413F58DFD098C3B957C174012DC305A7
                                                                                                                                    SHA-512:AFE786417C9ECC44DB3B6B0BA77AEBB76C8AA4160AD274F2974FF42CCB572ACFF1D8B7F0EC07CFD7DC529A91E23A8C813F7EBEC31AE9DA149C12278EB2843D27
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u..u..u.....u.....u.....u..u..^u.....u.....u.....u.....u...|.u.....u..Rich.u..........PE..d....*qE..........",.........,.......w..............................................^<....`A........................................ u.......u..........h...............H!...... .......p...........................0...............p...p....s..`....................text............................... ..`.rdata..8...........................@..@.data...P!...........z..............@....pdata..............................@..@.didat..8...........................@....rsrc...h...........................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\ProvProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):771920
                                                                                                                                    Entropy (8bit):6.2896606284298
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:X/ck9AStILSQfhJI1UOAibcu978/ftYEGVRU8rbcgWte6QP:PckaLSQpJI1UeUKEKFfetTQP
                                                                                                                                    MD5:70C34975E700A9D7E120AAECF9D8F14B
                                                                                                                                    SHA1:E24D47F025C0EC0F60EC187BFC664E9347DC2C9C
                                                                                                                                    SHA-256:A3E652C0BBE2082F2E0290DA73485FB2C6E35C33AC60DAA51A65F8C782DBD7A7
                                                                                                                                    SHA-512:7F6A24345F5724D710E0B6C23B3B251E96D656FAC58EA67B2B84D7D9A38D7723EAE2C278E6E218E7F69F79D1CCE240D91A8B0FD0D99960CACC65D82EB614A260
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T8C.:kC.:kC.:kJ.kA.:kW.9jF.:kW.>jP.:kC.;k.:kW.;jX.:kW.?jN.:kW.:jB.:kW.2j..:kW..kB.:kW.8jB.:kRichC.:k........PE..d................",................@................................................v....`A........................................ ........................p..@D......P!......<....<..p............................................................................text...{........................... ..`.rdata...S.......T..................@..@.data....O... ...@..................@....pdata..@D...p...F...@..............@..@.rsrc...............................@..@.reloc..<...........................@..B................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SetupPlatformProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):163656
                                                                                                                                    Entropy (8bit):5.729304201136489
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:Z5h05CD/pmthkAKPXzXDhfjCN6XbU7focR/lMmrcAK7kG0:Z5T+4Q+b4t1rb
                                                                                                                                    MD5:1AE66F4524911B2728201FFF6776903C
                                                                                                                                    SHA1:68BEA62EB0F616AF0729DBCBB80DC27DE5816A83
                                                                                                                                    SHA-256:367E73F97318B6663018A83A11019147E67B62AB83988730EBBDA93984664DD3
                                                                                                                                    SHA-512:7ABF07D1338E08DC8B65B4F987EAFF96D99AA46C892B5D2D79684CA7CF5F139D2634D9B990E5F6730F7F8A647E4FBB3D5905F9F2A5680250852671599F15EE69
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........,...B...B...B......B...A...B...F..B...C...B...C..B...G..B...B...B...J..B......B...@...B.Rich..B.........PE..d...h.w...........",.....<...&.......-..............................................5.....`A........................................`.......4........`..X....P.......^..H!.............p...........................p_...............`...............................text....:.......<.................. ..`.rdata.......P.......@..............@..@.data....*... ...$..................@....pdata.......P.......0..............@..@.rsrc...X....`.......@..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SmiProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):282448
                                                                                                                                    Entropy (8bit):6.259257485243976
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:MDFmCoJGNd5selCnJ+TRbhNMiX/0MQT5H:MDFmC0/eaJ+T33/0t5H
                                                                                                                                    MD5:3F03928EAAAF53AD570004AD2E5EB52E
                                                                                                                                    SHA1:70FCDE582278A469D3609487A57F71845876455C
                                                                                                                                    SHA-256:68D09EA970534114F5D2444A400B5B3F5FAA1F6E6EED62E6CF8F64696C0FCC4F
                                                                                                                                    SHA-512:155BBA9F9740CF25BA8FF31647E2F9CD5585637F89B89A754D38C13DD82144ED2944268EB3E27A2518378CBD87A0731A0819F162EAB6EB26F8F8E309988BEE62
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........TV...V...V..._.y.T...B...U...B...F...V...a...B...E...B...]...B...W...B...k...B...W...B...W...RichV...........PE..d....:.J..........",................p........................................p............`A................................................l........P..X....0..D....*..P%...`..........p...........................`8..............x9..0............................text...4........................... ..`.rdata..^.... ......................@..@.data...............................@....pdata..D....0......................@..@.rsrc...X....P......................@..@.reloc.......`.......$..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\SysprepProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):797512
                                                                                                                                    Entropy (8bit):5.990258756483751
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:LxNAWynmU7aAbLZPrrAQGGhYMb39YDNWUzWfpI9WSj:LxNAHVRXlrrNGGhYEYDMU06
                                                                                                                                    MD5:8BD67D87DBDCF881FB9C1F4F6BF83F46
                                                                                                                                    SHA1:10BD2E541B6A125C29F05958F496EDF31FF9ABB1
                                                                                                                                    SHA-256:F9B4D0AFE87F434E8319556961B292DDC7D3A8C6FC06B8A08A50B5A96E28A204
                                                                                                                                    SHA-512:258A4075A3149669CCD6FF602F71A721B195C9D15DEA22D994D4D3E35CDF27BEB0B8B8F5DA8F52914F769642F89EDBB1D9D857087778BE713A874571A2EC6F89
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.{........................................"...............................J..................Rich....................PE..d....".~..........",.........................................................@.......Z....`A................................................p....................G......H!... ..........p....................|..(....{..............@|...............................text............................... ..`.rdata..$...........................@..@.data....... ......................@....pdata...G.......H..................@..@.rsrc...............................@..@.reloc....... ... ..................@..B........................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\TransmogProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1342832
                                                                                                                                    Entropy (8bit):5.162647147106856
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:rTIWdFF8/b4WK9zGJrpvs+7x2BfIiHxbuzi4mJvQcKokquaiyNu0OONLxWJnNckQ:rTTQ/b4W2+YfIiRJR1CazWA3B1tvxBr
                                                                                                                                    MD5:0C0AAF257C40A6B3E634423389EFFE17
                                                                                                                                    SHA1:991CDB81A789B265C403AAF601C274FDB7270025
                                                                                                                                    SHA-256:24F8E78353DC8E5234724D2AB76FE6F9FF7AAA8F51D8C90AC9DA4AEFF3D9B2DE
                                                                                                                                    SHA-512:078B7F3CC6D30E9F12E876BBDB088BD100CCDAB00A5ACA563B79CD12647E2DE0CA8DA65892BF66AE336EA6533D4F0BBFEF611CA14EDCB72C12DA5FC6D628202A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........2..\...\...\..._...\...X...\...]...\...]...\...Y...\...\...\...T...\.......\...^...\.Rich..\.........PE..d...Q.............",................P...............................................2.....`A................................................p............C.......-...X..p%...`...2......p...........................`...............x... ............................text............................... ..`.rdata..............................@..@.data....,.......$..................@....pdata...-..........................@..@.rsrc....C.......D..................@..@.reloc...2...`...4...$..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\UnattendProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):234320
                                                                                                                                    Entropy (8bit):6.130374157512007
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:U5RPXs5dU+8lC5XR1fxASaatsXYtRJJedgkEfxveZLCpbb31nAQ5mM3iLa:U5VXs5dU+H5B1mSP2qR6C5eZ+tdF33
                                                                                                                                    MD5:F7BD21C4170B1397EB098FA18EF45D4B
                                                                                                                                    SHA1:05D36ABC4853EDA468EAB68D289337962C76195F
                                                                                                                                    SHA-256:05DA5AF89FAFE492ADF5255A7DBF16468BE6D130EE8A9D713AB2182C72346DB0
                                                                                                                                    SHA-512:8A804BFE27F25B9D7C87CFB6951E1F1254E984FF9EADA0B1547C30352397438D2C9E2F1C3B42C2DB43F693B08224E0C7B7A17CD0B21CED893E12C330B91355FF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........c...0...0...0.P0...0..1...0..1...0...0%..0..1...0..1...0..1...0..1...0.<0...0..1...0Rich...0................PE..d......e..........",.....\...........N...............................................Y....`A........................................0........................`.......r..P!......`...p...p...........................p...................8............................text....[.......\.................. ..`.rdata..d....p.......`..............@..@.data...x*...0...$..................@....pdata.......`.......>..............@..@.rsrc................V..............@..@.reloc..`............l..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\VhdProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):573752
                                                                                                                                    Entropy (8bit):6.128334425987524
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:lMGhMClUooBhkCcBrFRvLR5VJV8zZPhj/:lnVl9of0k1hj/
                                                                                                                                    MD5:C6488A9B3569230669C72F3239CBC108
                                                                                                                                    SHA1:87B9B2AB5DE52F246C1936480463BD402AD519B9
                                                                                                                                    SHA-256:4ED23B46188DAE12523F96A2755434C0574CD27584F9921133B0B4C1017B8A36
                                                                                                                                    SHA-512:47AE886893032306E9B69B2D1C736CE23061B5BE7552D2ED1D680B91E45FE0225B5ACB12B83F6D572EF0B270DBAA47AF3320516F4BFADB0A2889A9FFED45A66F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|...h...h...h..e....h..vk...h..vl...h...i...h..vi...h..vm...h..vh...h..v`.*.h..v....h..vj...h.Rich..h.........PE..d...~\............",......................................................................`A.............................................................$...`..d/......8!......8....T..p...........................0...................x...P...@....................text...P........................... ..`.rdata..\g.......h..................@..@.data...H6... ...0..................@....pdata..d/...`...0...:..............@..@.didat...............j..............@....rsrc....$.......&...l..............@..@.reloc..8...........................@..B........................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\WimProvider.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):603472
                                                                                                                                    Entropy (8bit):6.002184263887932
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:5DRxJyz+Fy8XVXNjHSUrSA9Jzs1KOUnZyiZ:5DRxQz+xXBdrr999uvUEiZ
                                                                                                                                    MD5:229DF404D67E69E57F9E284A66F2ADEB
                                                                                                                                    SHA1:7F4F703DBE8C274F5104D4D104DAFCADF0C3857B
                                                                                                                                    SHA-256:8B7821A1FB9170C6AA1EC25EEA378F43661812EBA25064BB95999156B472C377
                                                                                                                                    SHA-512:917912CDFCF1D46F691CADC6E7AAAE1A302A66721BEEC0E9B22E394592B290605CAF410221045F2CE89896E5D9602EE4946202F2DE9390E92C8AAA5A609B3A54
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........~-...~...~...~...~...~.......~.......~...~...~.......~.......~.......~.......~...~...~.......~Rich...~................PE..d......X..........",.........2......`........................................`......t:....`A................................................\............|.......0......P!...P..T...P...p........................... ................%..h...(...@....................text............................... ..`.rdata..~...........................@..@.data...0j.......b..................@....pdata...0.......2...V..............@..@.didat..H...........................@....rsrc....|.......~..................@..@.reloc..T....P......................@..B................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\AppxProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):23040
                                                                                                                                    Entropy (8bit):3.5118610313709158
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:WqLBjDHbtptJt5MNxWJtrtutAtKt0tptj/eCk6tf6voFeSMoLH7/x9Wg+WA:WqLJDrLpMyYWbWoFelCH7Z9Wg+WA
                                                                                                                                    MD5:BD0DD9C5A602CB0AD7EABC16B3C1ABFC
                                                                                                                                    SHA1:CEDE6E6A55D972C22DA4BC9E0389759690E6B37F
                                                                                                                                    SHA-256:8AF0073F8A023F55866E48BF3B902DFA7F41C51B0E8B0FE06F8C496D41F9A7B3
                                                                                                                                    SHA-512:86351DC31118FC5A12FAD6F549AA60C45EBE92B3CE5B90376E41F60D6D168A8A9F6C35320FC2CDCC750E67A5751651657FE64CF42690943500AFD0D1DAE2CD0C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........X......................................................Lg....@.......................................... ..0U..............................8............................................................................rdata..............................@..@.rsrc....`... ...V..................@..@....L.9.........T...8...8.......L.9.........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01....."..`S...rsrc$02.... ....!d....Q..#.N...... .|..)..L.9.........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\AssocProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):8192
                                                                                                                                    Entropy (8bit):3.4159513395039682
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:x/Akc8dT8EC1y/vYsCAFdUTFLrNmAYKkA48UGtqWKKWr:TtsRbIWKKWr
                                                                                                                                    MD5:8833761572F0964BDC1BEA6E1667F458
                                                                                                                                    SHA1:166260A12C3399A9AA298932862569756B4ECC45
                                                                                                                                    SHA-256:B18C6CE1558C9EF6942A3BCE246A46557C2A7D12AEC6C4A07E4FA84DD5C422F5
                                                                                                                                    SHA-512:2A907354EC9A1920B9D1D2AEB9FF7C7314854B36A27F7D88ACA17825E74A87413DBE7D1C3FDE6A2410B5934F8C80A76F8BB6B7F12E7CFC643CE6622CA516D9B8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................@............@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc.... ... ......................@..@................T...8...8...................$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....!.......rsrc$02.... .........?.A.~YHU&c.iwi....K.R............................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\CbsProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):54272
                                                                                                                                    Entropy (8bit):3.5516861949805887
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:s34QoxGHbXqhu7dCJ6zoROa9fOLBzZoL/ug:s34QoxGHb6huJCJ6zoROa9fou/ug
                                                                                                                                    MD5:6C51A3187D2464C48CC8550B141E25C5
                                                                                                                                    SHA1:A42E5AE0A3090B5AB4376058E506B111405D5508
                                                                                                                                    SHA-256:D7A0253D6586E7BBFB0ACB6FACD9A326B32BA1642B458F5B5ED27FECCB4FC199
                                                                                                                                    SHA-512:87A9E997D55BC6DBD05AF1291FB78CD02266641D018CCFEB6826CB0DE205AAF8A57B49E587462DBB6DF2B86B54F91C0C5D3F87E64D7DBB2AEA75EF143C5447BA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.................................................................=....@.......................................... ..(...............................8............................................................................rdata..............................@..@.rsrc........ ......................@..@......BC........T...8...8.........BC........$...................8....rdata..8...x....rdata$zzzdbg.... ..p....rsrc$01....p$.......rsrc$02.... ...Z.?.D..G;..x.\.?#m...Bjqt;.&..BC........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DismCore.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):7680
                                                                                                                                    Entropy (8bit):3.651691702827636
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:w4aiiiWwdwCg/PCpQcBK8Cq9ovnwEWDOWwo:JpaJWDOWn
                                                                                                                                    MD5:7A15F6E845F0679DE593C5896FE171F9
                                                                                                                                    SHA1:0C923DFAFFB56B56CBA0C28A4EACB66B1B91A1F4
                                                                                                                                    SHA-256:F91E3C35B472F95D7B1AE3DC83F9D6BFDE33515AA29E8B310F55D9FE66466419
                                                                                                                                    SHA-512:5A0373F1FB076A0059CAC8F30FE415E06ED880795F84283911BEC75DE0977BAF52432B740B429496999CEDF5CCA45EFD6EF010700E2D9A1887438056C8C573CA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................@.......@....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc.... ... ......................@..@....X?L.........T...8...8.......X?L.........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01..... ..@....rsrc$02.... ...../...R...j.....y..j.+..I>@X?L.........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DismProv.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2560
                                                                                                                                    Entropy (8bit):3.314936478754192
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:eH1GSA6f7jCAuf2DZmIZW0LCYNuUFjc35WWdPPYPNy3:ySzIEIZW4Cmu0jy5WwHgu
                                                                                                                                    MD5:7D06108999CC83EB3A23EADCEBB547A5
                                                                                                                                    SHA1:200866D87A490D17F6F8B17B26225AFEB6D39446
                                                                                                                                    SHA-256:CF8CC85CDD12CF4A02DF5274F8D0CDC625C6409FE80866B3052B7D5A862AC311
                                                                                                                                    SHA-512:9F024AA89392FBBBABE62A58857E5AD5250E05F23D7F78FC9A09F535463446796DD6E37AAB5E38DFC0BF5B15533844F63B3BDDCB5CB9335901E099F65F9D8002
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................0......n8....@.......................................... ..d...............................8............................................................................rdata..............................@..@.rsrc........ ......................@..@......$.........T...8...8.........$.........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01..... .......rsrc$02.... ........).Q2..JF.'.L..Z...O..E)..$.........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\DmiProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):17920
                                                                                                                                    Entropy (8bit):3.565601266615839
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:C53q+0W6eHJr6dVD4hN2J63092HdHUcbR1b0apWuzWRvWt:g6eHJr6dVwH3J9bbvbHpfzWRvWt
                                                                                                                                    MD5:B7252234AA43B7295BB62336ADC1B85C
                                                                                                                                    SHA1:B2C42A5AF79530E7CF9BCF54FD76AE9D5F234D7F
                                                                                                                                    SHA-256:73709C25DC5300A435E53DF97FC01A7DC184B56796CAE48EE728D54D26076D6C
                                                                                                                                    SHA-512:88241009B342EB1205B10F7725A7CB1EC2C7135606459D038C4B8847EFD9D5E0AD4749621F8DF93746DD3BA8AB92D1B0F513ED10E2BA712A7991716F4C062358
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........D...............................................p............@.......................................... ...@..............................8............................................................................rdata..............................@..@.rsrc....P... ...B..................@..@....MnP.........T...8...8.......MnP.........$...................8....rdata..8...x....rdata$zzzdbg.... ..`....rsrc$01....`"..p>...rsrc$02.... ...$...'...rht.9..a..G.Q.,:..n.MnP.........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FfuProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):9728
                                                                                                                                    Entropy (8bit):3.525502348221328
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:/9Ulo7nI+5XnEhLADlDS+d4LfS65Xocb1CEdWcCWn:DLI+5XQL+d4LfS65XJBCEdWcCWn
                                                                                                                                    MD5:DC826A9CB121E2142B670D0B10022E22
                                                                                                                                    SHA1:B2FE459EDE8BA99602AE6EA5FA24F0133CCA2BC9
                                                                                                                                    SHA-256:BA6695148F96A5D45224324006AE29BECFD2A6AA1DE947E27371A4EB84E7451A
                                                                                                                                    SHA-512:038E9ABFF445848C882A71836574DF0394E73690BC72642C2AA949C1AD820C5CBB4DEDC4EE7B5B75FD5AC8A43813D416F23D28973DE7A7F0E5C3F7112DA6FE1B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........$...............................................P...........@.......................................... ..|!..............................8............................................................................rdata..............................@..@.rsrc....0... ..."..................@..@....g..i........T...8...8.......g..i........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....!... ...rsrc$02.... ....g.*....q....,....z.l.l/..3.g..i........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\FolderProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2560
                                                                                                                                    Entropy (8bit):3.2653448476690556
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:eH1GSA50JhCM5HXyBtMeIZW0ibbNuB33qc35WWdPPYPNym:yQTUyb9IZWxtuB3qy5WwHgX
                                                                                                                                    MD5:22B4A3A1EC3B6D7AA3BC61D0812DC85F
                                                                                                                                    SHA1:97AE3504A29EB555632D124022D8406FC5B6F662
                                                                                                                                    SHA-256:C81A992ECEBD9260FF34E41383AACA1C64A9FA4706A4744AC814F0F5DAA1E105
                                                                                                                                    SHA-512:9329B60A60C45B2486000ED0AFF8D260FDAC3D0A8789823EAA015EAB1A6D577012F9D12502F81BAD9902E41545C3C3E77F434BC1A753B4F8430D01DB2CDBE26C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................0............@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@...... {........T...8...8......... {........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01..... .......rsrc$02.... .....n&...[...pw._Ely+....R.w.. {........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\GenericProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):5120
                                                                                                                                    Entropy (8bit):3.6206475889051504
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:ycW8d55p3lDPjLULeCH8C/FcWNlGHQlzQttIZWO9u8bK5WwHgw:l3lD3COWAcQLEWAeWwf
                                                                                                                                    MD5:D6B02DAF9583F640269B4D8B8496A5DD
                                                                                                                                    SHA1:E3BC2ACD8E6A73B6530BC201902AB714E34B3182
                                                                                                                                    SHA-256:9102FA05ED98D902BF6E95B74FDBB745399D4CE4536A29607B2156A0EDFEDDF0
                                                                                                                                    SHA-512:189E87FCC2902E2A8E59773783D80A7D4DD5D2991BD291B0976CBD304F78BD225B353703735B84DE41B5F59C37402DB634C4ACC805D73176CDE75CA662EFFF50
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................0......#?....@.......................................... ..T...............................8............................................................................rdata..............................@..@.rsrc........ ......................@..@....[..v........T...8...8.......[..v........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....!.......rsrc$02.... .......rS>4...c....tN.Ku..8..s[..v........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\IBSProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2560
                                                                                                                                    Entropy (8bit):3.3218649079737763
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:eH1GSAo6QjXWCqzoP2QtFKIZW0x0Nufq4oU35WWdPPYPNy5:y5fd/P2QtMIZWiiuvoK5WwHgY
                                                                                                                                    MD5:D4B67A347900E29392613B5D86FE4AC2
                                                                                                                                    SHA1:FB84756D11BFD638C4B49268B96D0007B26BA2FB
                                                                                                                                    SHA-256:4CCFE7883BCE7785B1387AD3872230159899A5337D30A2F81A937B74BCBC4CE5
                                                                                                                                    SHA-512:AF0A2A3F813E1ADFFF972285C9655F50CE6916CAAEFF5CB82F6C7D76491FFC9B365A47F19750FC02D7122182BF65AAE79ED167886C33F202D5A781AB83D75662
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................0....... ....@.......................................... ..p...............................8............................................................................rdata..............................@..@.rsrc........ ......................@..@....d<.-........T...8...8.......d<.-........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01..... .......rsrc$02.... .........\:t]8.......B;&,R.4d<.-........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\ImagingProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):18432
                                                                                                                                    Entropy (8bit):3.613344057370429
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:WEPs6ATPNW8mc8jRd9kPQ/ih6uXJeEkWblWk:WEPs6MFW8l8jr9L/ihcEZJ
                                                                                                                                    MD5:F2E2BA029F26341158420F3C4DB9A68F
                                                                                                                                    SHA1:1DEE9D3DDDB41460995AD8913AD701546BE1E59D
                                                                                                                                    SHA-256:32D8C8FB9A746BE209DB5C3BDAD14F361CF2BEF8144C32E5AF419C28EFD35DA3
                                                                                                                                    SHA-512:3D45D7BCF21D5DF56B516FC18F7DC1BF80E44258B0C810B199A7BC06047A547060956C9D79575B82D9B6992FB5FE64F5B0EF1E408363887AE81A64B6FF9FA03E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........F...............................................p.......c....@.......................................... ...B..............................8............................................................................rdata..............................@..@.rsrc....P... ...D..................@..@................T...8...8...................$...................8....rdata..8...x....rdata$zzzdbg.... .. ....rsrc$01.... #...?...rsrc$02.... ......J...w].W..d..o..q..G+..............................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\IntlProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):28160
                                                                                                                                    Entropy (8bit):3.4375943744382083
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:FmXnvvMzYr9Hw2PWJh0nCI2rFvAp2ZHwdg/nGaZ5XJVFLdcgUrWLD/QWQ0QdQJWC:FOn3MMbnGjGClJVFa0bQWQ0QdQJWZ4Wq
                                                                                                                                    MD5:2EB303DB5753EB7A6BB3AB773EEABDCB
                                                                                                                                    SHA1:44C6C38E6AE5F9CE9D7CA9D45A3CC3020B1353E4
                                                                                                                                    SHA-256:AA43B64DB4FDCD89E56BA5309F3BA2FFAC2663BA30514E87C160687F4314221F
                                                                                                                                    SHA-512:DF1C8CEFED4B5EF5A47F9BC0C42776611B3AF709938A0900DB79C6C9F4FAE21ACBBB6C4B1CAD3C5A2051B622FE7E6E01486D34622742A981623FED933F1B1427
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........l.......................................................#....@.......................................... ...i..............................8............................................................................rdata..............................@..@.rsrc....p... ...j..................@..@......n.........T...8...8.........n.........$...................8....rdata..8...x....rdata$zzzdbg.... ..@....rsrc$01....@(...a...rsrc$02.... ......rE.i..}..4g.............n.........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\LogProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):6144
                                                                                                                                    Entropy (8bit):3.5595695509068244
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:zXM6czix6RXToVSHvoXBD3LXnvoJnoN6yvG8vIUEWNrWwv:LMniIh0IHAXB7DnAJoN6yO8wFWNrWA
                                                                                                                                    MD5:8933C8D708E5ACF5A458824B19FD97DA
                                                                                                                                    SHA1:DE55756DDBEEBC5AD9D3CE950ACBA5D2FB312331
                                                                                                                                    SHA-256:6E51AF7CFDA6BE5419F89D6705C44587556A4ABFFD388020D7F19E007E122CD6
                                                                                                                                    SHA-512:EAD5017D9D024A1D7C53634AE725438EA3A34EED8C9056EBBC4EBE5AAB2055C0E67687CE7608724E4F66F55AA486A63024967B76A5638CDE3DD88B3D3432CA1F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................@.......9....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc.... ... ......................@..@....S.?........T...8...8.......S.?........$...................8....rdata..8...x....rdata$zzzdbg.... ..@....rsrc$01....@!.......rsrc$02.... ....]R.?a.5V.yCy.8M.....A.T..}S.?........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\MsiProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):15872
                                                                                                                                    Entropy (8bit):3.6313143380846133
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:2TRzAa2VDHWUt1qaoe3em2G6BHWPrem2vopuLcvy6em2bxVoa/b1mA5ICHH00H0X:2TRSDzRXQdoa/5ICH/AbQZL8ZK1WcoWc
                                                                                                                                    MD5:C5E60EE2D8534F57FDDB81FFCE297763
                                                                                                                                    SHA1:78E6B0E03C8BF5802B3EF429B105D7AE3092A8F2
                                                                                                                                    SHA-256:1EC7B04A8C25812DB99ABEC82C7B7BF915AE3F7594C5D071231CAFAB9C1FA145
                                                                                                                                    SHA-512:CE654295E8B16DA7BD004453AE4A422FE8296A8C2343E56D819883B835C391A02537ECF4D155A281A9D38F2291EE0004506B7FD48A99C0F8881FF1E38AE8EBCC
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........<...............................................`.......d....@.......................................... ...8..............................8............................................................................rdata..............................@..@.rsrc....@... ...:..................@..@....C:..........T...8...8.......C:..........$...................8....rdata..8...x....rdata$zzzdbg.... ..`....rsrc$01....`"...5...rsrc$02.... ...5..^nI?........./n.#-G.GKC:..........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\OSProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):3072
                                                                                                                                    Entropy (8bit):3.5503376779673155
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:eH1GSArGx9CJph/6/iWomRKgTjg6IZW0ZmbNuq0Tcc35WWdPPYPNyN:y5kJphiToOttIZW6Uuqucy5WwHgk
                                                                                                                                    MD5:0633E0FCCD477D9B22DE4DD5A84ABE53
                                                                                                                                    SHA1:E04FB5C3ACB35D128C1EA6EE6FB0E9B3FE90D5A9
                                                                                                                                    SHA-256:B6758ABA17F6CD74923CA0976DD580222851EF6435CD16B3B2B04E85280CE706
                                                                                                                                    SHA-512:E95ED1D8069D6F200F0A2EA8DD7688404AF9DB9CE5E229AFCB625A1F9EB46AC9E7A1C2C4C5CE156B190514415679E82E213732E8E890ED1A89AF9026E4E73FE3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................0......z.....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@....5.'.........T...8...8.......5.'.........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01..... .......rsrc$02.... ...=k......c[.+C.w*.w^.R..d...(5.'.........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\OfflineSetupProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2560
                                                                                                                                    Entropy (8bit):3.217971817931633
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:eH1GSAg/APCSw0tkcOIZW0iWNuPZKc35WWdPPYPNyS:ytSwUgIZWxIuRKy5WwHg/
                                                                                                                                    MD5:015271D46AB128A854A4E9D214AB8A43
                                                                                                                                    SHA1:2569DEFF96FB5AD6DB924CEE2E08A998DDC80B2A
                                                                                                                                    SHA-256:692744CE4BBA1E82AD1A91AB97EEC2BAC7146BC995E8E8ED59BC2C7D366AF7EC
                                                                                                                                    SHA-512:6BA678DA0475A6B1872C2E2C151B395A4D97390BED4671D3F918AAB5E69CBC9CEAFE72C3100BA060AC6586FD37682499FDEEF7D7B1AB10F5EC2411C1438ED438
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................0......E6....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....j.e........T...8...8........j.e........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01..... .......rsrc$02.... ....._[.(.(...Z*..u_o.Z5..zvY".j.e........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\ProvProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):4608
                                                                                                                                    Entropy (8bit):3.576767542641416
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:aQt9FbyFAMLhFAgd+J8W8kyMLLyDEWQWSZWwA:aQt9wDlYOKWQWSZW/
                                                                                                                                    MD5:B8A8C6C4CD89EEDA1E299C212DC9C198
                                                                                                                                    SHA1:F88C8A563B20864E0FC6F3D63FADDA507AA2E96E
                                                                                                                                    SHA-256:50AD19E21B6425D12AA57CD4656748877DB1F147189EC44ABB19BA90BE8505EA
                                                                                                                                    SHA-512:4A6F0DAC5B3B18E4942CE5F51B566CE3BA465BAA43457384EE785D1C0E7C33F9B9396A143AAC0398A34E4E2F7D704BA06D3CC68761FD3CB6F53F4043A906E475
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................0...........@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@................T...8...8...................$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....!..(....rsrc$02.... ...n.%L..y.kO$....I.l.......V.............................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SetupPlatformProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):5632
                                                                                                                                    Entropy (8bit):3.6306103130960947
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:pZlYgKFEK42hK+UKd2K0bKGSnk5KABKzSnku7jh7rUC47j797UOSEW6XWwZ:JH3UgRlI6rjzp543pDW6XWK
                                                                                                                                    MD5:73E78FBBF6E6679FA643441C66628D37
                                                                                                                                    SHA1:57B70E6226C0CF3F8BC9A939F8B1EC411DEDEFF5
                                                                                                                                    SHA-256:5D4DFC9BDE18BE1EC0B3834A65DE6ABAB581E04C8C4F66EE14A62FB4B1B4CD06
                                                                                                                                    SHA-512:A045A6CDF9CA989B3ED9A50CDA208AFFA17372F65B1D86E1BF4C10B5D5E3FEE58C5D4B8EC0749A54E2E2156ED0E9776B59A8D3B78F062349873CB574AB3F77FA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................@.......%....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc.... ... ......................@..@......h.........T...8...8.........h.........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....!.......rsrc$02.... .......... .<....2,\...).r.Yx{..h.........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SmiProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2560
                                                                                                                                    Entropy (8bit):3.306604127662469
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:eH1GSAgLuC7hqCN12t0WIZW0rlArNuf94dU35WWdPPYPNya:y99rz6dIZWQlAxu+dK5WwHgH
                                                                                                                                    MD5:F32E38247D0B21476BBFB49989478F7E
                                                                                                                                    SHA1:B950FD72EA2A6A94EE049454DF562AED79CA1E35
                                                                                                                                    SHA-256:A1A302E940F6D6718700737B787AF7A2053EF68B5EA2EC61497E7AE2444C5835
                                                                                                                                    SHA-512:F483807D790A4BC3E68D6D1F986BD4A57B4A67C91FB3DBEF88220A4B510F11D1190CDD98A857EB1937E921E668DFF2BCB5E4A7DF640B1F3639CE6D2239FF8106
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................0.......M....@.......................................... ..|...............................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....E..........T...8...8........E..........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01..... .......rsrc$02.... ....uw.Nj(........h..x..!B.Z!.E..........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\SysprepProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):3072
                                                                                                                                    Entropy (8bit):3.6292476817724197
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:yXPrBdBISeZviUttIZWO6fZukv+evTK5WwHg6:yPretLEWdfnGe+Wwt
                                                                                                                                    MD5:93D076056DD01DFC64D95D4C552A2DFF
                                                                                                                                    SHA1:A90FD06A62C6D63D87E00F5F7E9646B44D2C726A
                                                                                                                                    SHA-256:4389362A9DC662AA3C7A1D830498472BC586E00F0D269A8541975A34B03A1AA4
                                                                                                                                    SHA-512:B089574D4BE0CCAE205219C9E256DE34C039081A547F05ACFE4165D036B175DE5D9676160EFFC3C19D87BBB41D0F415DA598E507ED8F7B302CDBFDFB81F694EE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................0......$c....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc........ ......................@..@................T...8...8...................$...................8....rdata..8...x....rdata$zzzdbg.... .. ....rsrc$01.... !.......rsrc$02.... ...Q.f..`.&..Q../%..3..#}q..!\S............................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\TransmogProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):16384
                                                                                                                                    Entropy (8bit):3.5540292287074453
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:fwVXFYiKdshYuUljq9ZBjEx2F2u00yta8drwz5Kfo9IT5p9bfL0rdrBhrPZgmvwZ:fwVXFYiKdshYuUljYZBjExk2u00yta8R
                                                                                                                                    MD5:2138FDA89B1A5A18B32AED1D8762CDE5
                                                                                                                                    SHA1:A476F7DC86E62C7DC0EDF27BB778174348CAC566
                                                                                                                                    SHA-256:A75288F9E83CCCF2A6A644FF78E6C26DADD5772A2626F80120B81975664E7DAB
                                                                                                                                    SHA-512:D7CBF569B5D57730C81FC121E92E1042A37E07922C02F36EFAC3769622F40234C70DAFE9ED88A659D90C3855B5240F67F99B55DDECC46EEA0E28E5B80ECC820B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........>...............................................`............@.......................................... ...:..............................8............................................................................rdata..............................@..@.rsrc....@... ...<..................@..@....B...........T...8...8.......B...........$...................8....rdata..8...x....rdata$zzzdbg.... ..`....rsrc$01....`"..X8...rsrc$02.... ....!...........8....LF.J.....B...........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\UnattendProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):5120
                                                                                                                                    Entropy (8bit):3.6824241092581933
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:y/h+1FX3/zNs8l8kBcxRKlQILO5A222QKl7OT9IZWQlApuoPy5WwHg7:F3bNqkYkQIy522QuihEW5aWwE
                                                                                                                                    MD5:8ACEE3337DFD444254BB8ABDD3C29ADA
                                                                                                                                    SHA1:25D98D3426F32FA199C026B6EB829B469609B2E3
                                                                                                                                    SHA-256:11F7957B8CC57DD7176F62B0612E658D6588B7CAA8BE4DB3A337953B02B98C24
                                                                                                                                    SHA-512:2849978060FA6E1FCFA37C870AE59EF22A67C0F8653468E07803422497FCC7275409ED0C36FE2D8E88026C13C82705ABED771B4492761EEAD24CB5C32BDF2EA7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................0......=0....@.......................................... ..8...............................8............................................................................rdata..............................@..@.rsrc........ ......................@..@.....62.........T...8...8........62.........$...................8....rdata..8...x....rdata$zzzdbg.... .......rsrc$01.....!.......rsrc$02.... ....ax.\ Y..$|7....3.U.s...g..62.........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\VhdProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):7168
                                                                                                                                    Entropy (8bit):3.415180533632533
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:8z2oKwO8hZOE5LzpJeaAUMNwnWu/ELv4+B/YRjI6eiEWvtWw2:8z25XocEXJePUMGP/MB/YRjOvWvtW1
                                                                                                                                    MD5:0656529F4D1B3FF2D4DEFFBAF18CE95B
                                                                                                                                    SHA1:FFCF4F53BF767BCD4F6044082B82C4F25598B5C6
                                                                                                                                    SHA-256:2BA085379434B3F9FCB0C70C2BD02A7F4F0170E6160578A583EB42C8D333FAB7
                                                                                                                                    SHA-512:F17B6C4087498AF8951EA0F80F65923713E410458669F3E19624AB6E225222D1F2BB1E6779E5AAE328ACA88ACEC940DCF9C9447B83DD27DC6616625F005DEC1C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........................................................@.......c....@.......................................... ..................................8............................................................................rdata..............................@..@.rsrc.... ... ......................@..@......kE........T...8...8.........kE........$...................8....rdata..8...x....rdata$zzzdbg.... ..@....rsrc$01....@!.......rsrc$02.... ...!UE....^".b.T.2.a.u>CA.{..%..kE........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\en-US\WimProvider.dll.mui

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):27648
                                                                                                                                    Entropy (8bit):3.525211500444214
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:XEQsHE3IuApdiWQB46zDteyERtet3kLA5XJoH0sJnaWsMWB:XEQsk4uADiWQTzDEyEret3kL/2j
                                                                                                                                    MD5:DA1C1B3E004B71B15638D091C0C82C56
                                                                                                                                    SHA1:A1195CA1CAA80E9F463C443737D97B4B966FAE0F
                                                                                                                                    SHA-256:A9EEBCB85A0271061AC620FF9D2A6D22332721C782AEB06AB1CCF1149BFF2AA4
                                                                                                                                    SHA-512:DF373693E971A85397850107F233914A09478CBEEE9B1E1903154F8693842B66FDB2EA0DE4403AEA7CDECA0C70D0723733C8A2938E90E07987D5EACE6B481EF5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5.<.q.R.q.R.q.R.e...p.R.e.P.p.R.Richq.R.................PE..L..................!.........j......................................................(.....@.......................................... ..Hg..............................8............................................................................rdata..............................@..@.rsrc....p... ...h..................@..@......=.........T...8...8.........=.........$...................8....rdata..8...x....rdata$zzzdbg.... .. ....rsrc$01.... #..Pd...rsrc$02.... ...*@......e.s....I*c)f;..]om.`..=.........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\APPX.2s9kp9mk0hclo97w3nkgf76mf.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines (15101), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):15157
                                                                                                                                    Entropy (8bit):5.879731967171993
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:an/1zzTbpD5ydTdXrmkz2IXhBCQDDJldZ+QlTR49CIn0zZqv1S4gNVJ+qAklBSO6:alonfD0IV4f0tqvk4cjwY0eqyNs
                                                                                                                                    MD5:8B69FA550EEB850EB7E44A56596882F3
                                                                                                                                    SHA1:8B87362C2E5573E4B0A90CA289B69BCDC8EC49EC
                                                                                                                                    SHA-256:3AE4A87BB536962CA5A64021B1AC065A31530323B3336511DF4217107F34A252
                                                                                                                                    SHA-512:0B2CBBF0B2886C8733EAFD6F4B829996A84B0302C4C67755A3497C64753CDBADB02AB8BE6F65ACFA38D101764FEAA306B37A112311F68C48199CA4849570F88B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="no"?>..<BlockMap xmlns="http://schemas.microsoft.com/appx/2010/blockmap" HashMethod="http://www.w3.org/2001/04/xmlenc#sha256"><File Name="Assets\Square150x150Logo.scale-200.png" Size="9663" LfhSize="68"><Block Hash="q4pcZQ7gIQA57prFgVNmxvRQFSsYps5Q74ghZuJnQtE="/></File><File Name="Assets\Square44x44Logo.scale-200.png" Size="4671" LfhSize="66"><Block Hash="JAcsaI6HatYPPxFbvkoAP9XV2R8DVQgwGtOVDBl25kQ="/></File><File Name="Assets\Square44x44Logo.targetsize-24_altform-unplated.png" Size="3415" LfhSize="87"><Block Hash="mJrwg9Sl54Hr359jkxjZ1OsCiktn0K6ziiPgebSDXMM="/></File><File Name="Assets\StoreLogo.png" Size="4112" LfhSize="50"><Block Hash="12wSlWEK4Ms+UbKvmz3ifYfYoKHZhL9VeBZC9TbvXHc="/></File><File Name="Assets\Toast\app.ico" Size="57634" LfhSize="50"><Block Hash="HOevCXzUE32ypptvnhpopLKCeBy94rJy8PLV1+9ZyOI=" Size="13190"/></File><File Name="Assets\Wide310x150Logo.scale-200.png" Size="10390" LfhSize="66"><Block Hash="pzb9SQJvWlBiKPr5QX2PG

                                                                                                                                    C:\Users\user\AppData\Local\Temp\APPX.2x8alr1ann3dsztdc314o_vnh.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (505), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2680
                                                                                                                                    Entropy (8bit):5.406190859696497
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:3ULAsEANPANgADwM1LNgjshTJ1QxadD6eKrd9zLh9p3dhOrNV+5LuD:ELAsEANPANgADwM1WshFX9DmdNpSrN8u
                                                                                                                                    MD5:98E2694BBD9944F057C39405450B8931
                                                                                                                                    SHA1:3C2DDA5E28EF6B4061CA8DD13C3A37043CEE9F5F
                                                                                                                                    SHA-256:D83738017AF26D48FB190058E3AFCCF07A5B27D81E12BF03A018FEE940D0CF20
                                                                                                                                    SHA-512:0756299DB91BFC67134F0BCA92FC88272D8CCAD7C91D9FAAA5FB20DC9ECECFD5E1EDF13727429D78F4D1A13B0FC73DF0FD418C296CB407B284178D428C37E4DC
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<Package IgnorableNamespaces="uap uap3 mp rescap build" xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10" xmlns:mp="http://schemas.microsoft.com/appx/2014/phone/manifest" xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10" xmlns:uap3="http://schemas.microsoft.com/appx/manifest/uap/windows10/3" xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities" xmlns:build="http://schemas.microsoft.com/developer/appx/2015/build">.. <Identity Name="DellInc.DellCommandUpdate" Version="3.1.58.0" Publisher="CN=F005DA31-7CE1-4D3E-ABEE-08A4AFF4F592" ProcessorArchitecture="x64" />.. <mp:PhoneIdentity PhoneProductId="5251eca6-2dfa-4766-864e-ff0b01ea2083" PhonePublisherId="5362f4e0-a4b1-4d63-ab2a-a55712126d33" />.. <Properties>.. <DisplayName>Dell Command | Update</DisplayName>.. <PublisherDisplayName>Dell Inc</PublisherDisplayName>.. <Logo>Assets\Store

                                                                                                                                    C:\Users\user\AppData\Local\Temp\APPX.47uxzcfrrjyangitw77ovmcvg.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines (15101), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):15157
                                                                                                                                    Entropy (8bit):5.879731967171993
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:an/1zzTbpD5ydTdXrmkz2IXhBCQDDJldZ+QlTR49CIn0zZqv1S4gNVJ+qAklBSO6:alonfD0IV4f0tqvk4cjwY0eqyNs
                                                                                                                                    MD5:8B69FA550EEB850EB7E44A56596882F3
                                                                                                                                    SHA1:8B87362C2E5573E4B0A90CA289B69BCDC8EC49EC
                                                                                                                                    SHA-256:3AE4A87BB536962CA5A64021B1AC065A31530323B3336511DF4217107F34A252
                                                                                                                                    SHA-512:0B2CBBF0B2886C8733EAFD6F4B829996A84B0302C4C67755A3497C64753CDBADB02AB8BE6F65ACFA38D101764FEAA306B37A112311F68C48199CA4849570F88B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="no"?>..<BlockMap xmlns="http://schemas.microsoft.com/appx/2010/blockmap" HashMethod="http://www.w3.org/2001/04/xmlenc#sha256"><File Name="Assets\Square150x150Logo.scale-200.png" Size="9663" LfhSize="68"><Block Hash="q4pcZQ7gIQA57prFgVNmxvRQFSsYps5Q74ghZuJnQtE="/></File><File Name="Assets\Square44x44Logo.scale-200.png" Size="4671" LfhSize="66"><Block Hash="JAcsaI6HatYPPxFbvkoAP9XV2R8DVQgwGtOVDBl25kQ="/></File><File Name="Assets\Square44x44Logo.targetsize-24_altform-unplated.png" Size="3415" LfhSize="87"><Block Hash="mJrwg9Sl54Hr359jkxjZ1OsCiktn0K6ziiPgebSDXMM="/></File><File Name="Assets\StoreLogo.png" Size="4112" LfhSize="50"><Block Hash="12wSlWEK4Ms+UbKvmz3ifYfYoKHZhL9VeBZC9TbvXHc="/></File><File Name="Assets\Toast\app.ico" Size="57634" LfhSize="50"><Block Hash="HOevCXzUE32ypptvnhpopLKCeBy94rJy8PLV1+9ZyOI=" Size="13190"/></File><File Name="Assets\Wide310x150Logo.scale-200.png" Size="10390" LfhSize="66"><Block Hash="pzb9SQJvWlBiKPr5QX2PG

                                                                                                                                    C:\Users\user\AppData\Local\Temp\APPX.6dty55tqcko6vfohyya_ri47e.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):17939
                                                                                                                                    Entropy (8bit):7.288725311405567
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:XEDAQhsQlsHG441qLq0iJFg9Icm+pqfiuLQ1usUDR0qnajVX2JOyv:UDz1S4Qi3g9IcmY8BLQ1uQlxmtv
                                                                                                                                    MD5:037DFD244E03D2B012CE2A940E233177
                                                                                                                                    SHA1:1D9CBC4B1207F99DF64FD12DD77F017B10BD2BE6
                                                                                                                                    SHA-256:63D54116468B0C87D270B01B79F9C7AA676EDECDC61D1C5721275B9F01E9BDC8
                                                                                                                                    SHA-512:D193A6E2C8E3C0336717AB9437CE07E46F51954DF46728A8AEFD482F8E2EC03FB9EDA4219C2D1CDAF4DB3F5985B42EC35DCB8A782D13C5025CDB48164B51FB38
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:0.F...*.H........F.0.E....1.0...`.H.e......0..Z..+.....7.....K0..G0...+.....7.....p[7n..#@...L..a...191115131157Z0...+.....7.....0...0*.....H.S....,{..4Q.1.0...+.....7...1...0... ..+......a..;....1.D.....@.1q0...+.....7...1...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..+......a..;....1.D.....@.0... .5...9E..)..... .....RufTKQv.1q0...+.....7...1...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... .5...9E..)..... .....RufTKQv.0... .0..uY....P^2....9....]...%{1q0...+.....7...1...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... .0..uY....P^2....9....]...%{0... ..*......r...>.......{..y.....1q0...+.....7...1...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..*......r...>.......{..y.....0*....Y...YuJ.W5.}....t1.0...+.....7...1...0... ..6......<..HK.~.7C...5........1q0...+.....7...1...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..6......<..HK.~.7C...5........0*...z.Z."....w.I=.

                                                                                                                                    C:\Users\user\AppData\Local\Temp\APPX.7sehyp7ajfm6tiu7ylkghdlce.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):845
                                                                                                                                    Entropy (8bit):5.479930934393649
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:2dttY0Y4+Mn5+BY+2XIz0YzIM8KKjKk7MVL+KeHQ+9:c3w5djR8XjKk7MVveX9
                                                                                                                                    MD5:A809BD4CB0738D08D57B40113FA91482
                                                                                                                                    SHA1:07446B4E3AAA7C209AEE12BD6D250FD55D3D3D44
                                                                                                                                    SHA-256:B2FCCC56C633444BE5959EADC7F7D8982F3ADC73D0634080F33E9F9C6B5B7D6A
                                                                                                                                    SHA-512:4507F3523CDC2F74B3CAE05759471BDBA61EBE27864F1A58E563229F9228DEA01F41CA6F13A5F44D528CDB5C49328B53C67A0E6DFF997917FBCDD9A1535406A4
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="no"?>..<Bundle SchemaVersion="5.0" IgnorableNamespaces="b4 b5" xmlns="http://schemas.microsoft.com/appx/2013/bundle" xmlns:b4="http://schemas.microsoft.com/appx/2018/bundle" xmlns:b5="http://schemas.microsoft.com/appx/2019/bundle">...<Identity Name="DellInc.DellCommandUpdate" Publisher="CN=F005DA31-7CE1-4D3E-ABEE-08A4AFF4F592" Version="3.1.58.0"/>...<Packages>....<Package Type="application" Version="3.1.58.0" Architecture="x64" FileName="DCU.Centennial_3.1.58.0_x64.appx" Offset="62" Size="3440051">.....<Resources>......<Resource Language="EN-US"/>......<Resource Scale="200"/>.....</Resources>.....<b4:Dependencies>......<b4:TargetDeviceFamily Name="Windows.Desktop" MinVersion="10.0.14393.0" MaxVersionTested="10.0.14393.0"/>.....</b4:Dependencies>....</Package>...</Packages>..</Bundle>..

                                                                                                                                    C:\Users\user\AppData\Local\Temp\APPX.8no1i641a0qqfzjys9qpmoyzf.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):11186
                                                                                                                                    Entropy (8bit):7.456853556396666
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:y41qLq0iJFg9Icm+5rk/LGw4ZLqnajVxyA/ZLrU:y4Qi3g9IcmAryLGw6lxA0ZLg
                                                                                                                                    MD5:D6E3E7DC5931567C4DAF55707B536D68
                                                                                                                                    SHA1:A96F02C705E8CE46D8BC0AAAD147252184096AE3
                                                                                                                                    SHA-256:6DDD4424FDBA5F21FF187C06B05C0B3930DEB9DA76AE48E8AB7ACC6DEAFF85D8
                                                                                                                                    SHA-512:A5E0D69D2F09AF8CCEC990610728643501B09C177FE89777A71FA3FE11B49DA4D845474818CB92B82F185E43BCF9DF73CDAF16781AE81063926D34512895262A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:PKCX0.+...*.H........+.0.+....1.0...`.H.e......0....+.....7......0..05..+.....7...0'.........X_...K.4.t-..................0..0...`.H.e.........APPXAXPC.B.U.....*Y..Qn..K..h.._?7..mq.uAXCD".U..V.......4.....N%.....R..AXCT..Kw.....:..s....G..@...^.....AXBM...^.4.Xx``q.Z..C..y.T..X..G....B0..D0..,.......3..E..L)...A.....E.0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1.0...U....MOPR1'0%..U....Microsoft Marketplace CA G 0150...191115130146Z..191118130146Z0/1-0+..U...$F005DA31-7CE1-4D3E-ABEE-08A4AFF4F5920.."0...*.H.............0.........J....2.v....`K.'.........".f`R....4.e.9.Y..\...k\.+..[...k.Dd*`..5.......yj.^.}.V.%.*.F.I.q..Qh...?^.$.G.....+........x|.....X..u&.2.O...M.%......i.{.n=....7...cA...+$."...&.......V...$M9;i.o.{r.H.GU].Om..:|1.A.T.......N.Mo..,.7.....|.B[h.F...........0...0/..U.%....%0#..+.....7L..H..+.....7L....+.......0...U......"Ub...Os'.X.N../..^p0...U....0...PuertoRico0...U.#..0.....}.._W....

                                                                                                                                    C:\Users\user\AppData\Local\Temp\APPX.gn76ohpr3xidew9mozfga42je.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):11186
                                                                                                                                    Entropy (8bit):7.456853556396666
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:y41qLq0iJFg9Icm+5rk/LGw4ZLqnajVxyA/ZLrU:y4Qi3g9IcmAryLGw6lxA0ZLg
                                                                                                                                    MD5:D6E3E7DC5931567C4DAF55707B536D68
                                                                                                                                    SHA1:A96F02C705E8CE46D8BC0AAAD147252184096AE3
                                                                                                                                    SHA-256:6DDD4424FDBA5F21FF187C06B05C0B3930DEB9DA76AE48E8AB7ACC6DEAFF85D8
                                                                                                                                    SHA-512:A5E0D69D2F09AF8CCEC990610728643501B09C177FE89777A71FA3FE11B49DA4D845474818CB92B82F185E43BCF9DF73CDAF16781AE81063926D34512895262A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:PKCX0.+...*.H........+.0.+....1.0...`.H.e......0....+.....7......0..05..+.....7...0'.........X_...K.4.t-..................0..0...`.H.e.........APPXAXPC.B.U.....*Y..Qn..K..h.._?7..mq.uAXCD".U..V.......4.....N%.....R..AXCT..Kw.....:..s....G..@...^.....AXBM...^.4.Xx``q.Z..C..y.T..X..G....B0..D0..,.......3..E..L)...A.....E.0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1.0...U....MOPR1'0%..U....Microsoft Marketplace CA G 0150...191115130146Z..191118130146Z0/1-0+..U...$F005DA31-7CE1-4D3E-ABEE-08A4AFF4F5920.."0...*.H.............0.........J....2.v....`K.'.........".f`R....4.e.9.Y..\...k\.+..[...k.Dd*`..5.......yj.^.}.V.%.*.F.I.q..Qh...?^.$.G.....+........x|.....X..u&.2.O...M.%......i.{.n=....7...cA...+$."...&.......V...$M9;i.o.{r.H.GU].Om..:|1.A.T.......N.Mo..,.7.....|.B[h.F...........0...0/..U.%....%0#..+.....7L..H..+.....7L....+.......0...U......"Ub...Os'.X.N../..^p0...U....0...PuertoRico0...U.#..0.....}.._W....

                                                                                                                                    C:\Users\user\AppData\Local\Temp\APPX.hyfqpoylye4645imj6mv61n_g.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):11222
                                                                                                                                    Entropy (8bit):7.456009541400818
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:au0FG41qLq0iJFg9Icm+jZg9Tk1usUDR0qnajVX2Lu1N6:a5FG4Qi3g9Icm2Zg9I1uQlxmLui
                                                                                                                                    MD5:1BF955E6BEAB528F7E4EEC36C85BC00F
                                                                                                                                    SHA1:B74C1984FAA0A205E2E2B0918E59B7912F31715C
                                                                                                                                    SHA-256:3A93FF84B2E8B42BEC1D9FB1FEE16C426C0899FCA26981819B98A8C3E6F2DDB3
                                                                                                                                    SHA-512:F93A4EBD9EB1F5B213D71DCD3E48032FEABC7B94E48CDB307F1F046AC5E585EADA74B7DCC57212E7ED5D3291EBEEDA17674D84810558DD8822115E55C39AE0F8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:PKCX0.+...*.H........+.0.+....1.0...`.H.e......0.....+.....7.......0...05..+.....7...0'........K......M.n#.9..................0..0...`.H.e.........APPXAXPC.BX........?....#...Q.xMQ0TA..AXCD=%4#...F......T.-oL.H\.V...<.w..AXCTb...}...Ja..a(.%.ZVB..%.0{x..AXBM:.{.6.,..@!...Z1S.#.3e..B...4.RAXCIc.A.F....p..y..gn.....W!'[......B0..D0..,.......3..E..L)...A.....E.0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1.0...U....MOPR1'0%..U....Microsoft Marketplace CA G 0150...191115130146Z..191118130146Z0/1-0+..U...$F005DA31-7CE1-4D3E-ABEE-08A4AFF4F5920.."0...*.H.............0.........J....2.v....`K.'.........".f`R....4.e.9.Y..\...k\.+..[...k.Dd*`..5.......yj.^.}.V.%.*.F.I.q..Qh...?^.$.G.....+........x|.....X..u&.2.O...M.%......i.{.n=....7...cA...+$."...&.......V...$M9;i.o.{r.H.GU].Om..:|1.A.T.......N.Mo..,.7.....|.B[h.F...........0...0/..U.%....%0#..+.....7L..H..+.....7L....+.......0...U......"Ub...Os'.X.N../..^p0...U....0

                                                                                                                                    C:\Users\user\AppData\Local\Temp\APPX.iswq45udyeaj0_kq7o72wghre.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):337
                                                                                                                                    Entropy (8bit):5.50598180838198
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:TMVBd6OjlB84mUA+DGdic4scLGPaOHAw/0AL9oEOPeJ+LLJFoqv8b:TMHdtn4+DycL6gwB+EOeYLLJLvK
                                                                                                                                    MD5:D00065BACBE2E130B5581DAA52ADE0AE
                                                                                                                                    SHA1:B3B9035E11D50A01750253D4B67CA05D57ECC15D
                                                                                                                                    SHA-256:F00F805E1E34FF58786060711F5A1FAC43F286CC79D954E2A4EC58DA8E994705
                                                                                                                                    SHA-512:BDB5B507B5FB8BF2AE276BF7322E9AD58BFFFA6759D70F965A2A5D21CDCDDE3FC13228F93270F7A6F9FFB9483E7EF076ABDE0B76CF39B54873A2695EA98C3CF6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="no"?>..<BlockMap xmlns="http://schemas.microsoft.com/appx/2010/blockmap" HashMethod="http://www.w3.org/2001/04/xmlenc#sha256"><File Name="AppxMetadata\AppxBundleManifest.xml" Size="845" LfhSize="65"><Block Hash="svzMVsYzREvllZ6tx/fYmC863HPQY0CA8z6fnGtbfWo=" Size="463"/></File></BlockMap>

                                                                                                                                    C:\Users\user\AppData\Local\Temp\APPX.klpxb44zgge5wj4yqcas_n4pc.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (505), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2680
                                                                                                                                    Entropy (8bit):5.406190859696497
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:3ULAsEANPANgADwM1LNgjshTJ1QxadD6eKrd9zLh9p3dhOrNV+5LuD:ELAsEANPANgADwM1WshFX9DmdNpSrN8u
                                                                                                                                    MD5:98E2694BBD9944F057C39405450B8931
                                                                                                                                    SHA1:3C2DDA5E28EF6B4061CA8DD13C3A37043CEE9F5F
                                                                                                                                    SHA-256:D83738017AF26D48FB190058E3AFCCF07A5B27D81E12BF03A018FEE940D0CF20
                                                                                                                                    SHA-512:0756299DB91BFC67134F0BCA92FC88272D8CCAD7C91D9FAAA5FB20DC9ECECFD5E1EDF13727429D78F4D1A13B0FC73DF0FD418C296CB407B284178D428C37E4DC
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8" standalone="yes"?>..<Package IgnorableNamespaces="uap uap3 mp rescap build" xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10" xmlns:mp="http://schemas.microsoft.com/appx/2014/phone/manifest" xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10" xmlns:uap3="http://schemas.microsoft.com/appx/manifest/uap/windows10/3" xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities" xmlns:build="http://schemas.microsoft.com/developer/appx/2015/build">.. <Identity Name="DellInc.DellCommandUpdate" Version="3.1.58.0" Publisher="CN=F005DA31-7CE1-4D3E-ABEE-08A4AFF4F592" ProcessorArchitecture="x64" />.. <mp:PhoneIdentity PhoneProductId="5251eca6-2dfa-4766-864e-ff0b01ea2083" PhonePublisherId="5362f4e0-a4b1-4d63-ab2a-a55712126d33" />.. <Properties>.. <DisplayName>Dell Command | Update</DisplayName>.. <PublisherDisplayName>Dell Inc</PublisherDisplayName>.. <Logo>Assets\Store

                                                                                                                                    C:\Users\user\AppData\Local\Temp\APPX.o7o966iuf7lsej02oih36wcvh.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):337
                                                                                                                                    Entropy (8bit):5.50598180838198
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:TMVBd6OjlB84mUA+DGdic4scLGPaOHAw/0AL9oEOPeJ+LLJFoqv8b:TMHdtn4+DycL6gwB+EOeYLLJLvK
                                                                                                                                    MD5:D00065BACBE2E130B5581DAA52ADE0AE
                                                                                                                                    SHA1:B3B9035E11D50A01750253D4B67CA05D57ECC15D
                                                                                                                                    SHA-256:F00F805E1E34FF58786060711F5A1FAC43F286CC79D954E2A4EC58DA8E994705
                                                                                                                                    SHA-512:BDB5B507B5FB8BF2AE276BF7322E9AD58BFFFA6759D70F965A2A5D21CDCDDE3FC13228F93270F7A6F9FFB9483E7EF076ABDE0B76CF39B54873A2695EA98C3CF6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8" standalone="no"?>..<BlockMap xmlns="http://schemas.microsoft.com/appx/2010/blockmap" HashMethod="http://www.w3.org/2001/04/xmlenc#sha256"><File Name="AppxMetadata\AppxBundleManifest.xml" Size="845" LfhSize="65"><Block Hash="svzMVsYzREvllZ6tx/fYmC863HPQY0CA8z6fnGtbfWo=" Size="463"/></File></BlockMap>

                                                                                                                                    C:\Users\user\AppData\Local\Temp\APPX.t8mqwtu5j5pg8c5nai0t49rcf.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):17939
                                                                                                                                    Entropy (8bit):7.288725311405567
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:XEDAQhsQlsHG441qLq0iJFg9Icm+pqfiuLQ1usUDR0qnajVX2JOyv:UDz1S4Qi3g9IcmY8BLQ1uQlxmtv
                                                                                                                                    MD5:037DFD244E03D2B012CE2A940E233177
                                                                                                                                    SHA1:1D9CBC4B1207F99DF64FD12DD77F017B10BD2BE6
                                                                                                                                    SHA-256:63D54116468B0C87D270B01B79F9C7AA676EDECDC61D1C5721275B9F01E9BDC8
                                                                                                                                    SHA-512:D193A6E2C8E3C0336717AB9437CE07E46F51954DF46728A8AEFD482F8E2EC03FB9EDA4219C2D1CDAF4DB3F5985B42EC35DCB8A782D13C5025CDB48164B51FB38
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:0.F...*.H........F.0.E....1.0...`.H.e......0..Z..+.....7.....K0..G0...+.....7.....p[7n..#@...L..a...191115131157Z0...+.....7.....0...0*.....H.S....,{..4Q.1.0...+.....7...1...0... ..+......a..;....1.D.....@.1q0...+.....7...1...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..+......a..;....1.D.....@.0... .5...9E..)..... .....RufTKQv.1q0...+.....7...1...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... .5...9E..)..... .....RufTKQv.0... .0..uY....P^2....9....]...%{1q0...+.....7...1...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... .0..uY....P^2....9....]...%{0... ..*......r...>.......{..y.....1q0...+.....7...1...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..*......r...>.......{..y.....0*....Y...YuJ.W5.}....t1.0...+.....7...1...0... ..6......<..HK.~.7C...5........1q0...+.....7...1...0]..+.....7...1O0M0...+.....7...0...........010...`.H.e....... ..6......<..HK.~.7C...5........0*...z.Z."....w.I=.

                                                                                                                                    C:\Users\user\AppData\Local\Temp\APPX.xko4t58ih9pdvu3wyvtm0q19.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):11222
                                                                                                                                    Entropy (8bit):7.456009541400818
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:au0FG41qLq0iJFg9Icm+jZg9Tk1usUDR0qnajVX2Lu1N6:a5FG4Qi3g9Icm2Zg9I1uQlxmLui
                                                                                                                                    MD5:1BF955E6BEAB528F7E4EEC36C85BC00F
                                                                                                                                    SHA1:B74C1984FAA0A205E2E2B0918E59B7912F31715C
                                                                                                                                    SHA-256:3A93FF84B2E8B42BEC1D9FB1FEE16C426C0899FCA26981819B98A8C3E6F2DDB3
                                                                                                                                    SHA-512:F93A4EBD9EB1F5B213D71DCD3E48032FEABC7B94E48CDB307F1F046AC5E585EADA74B7DCC57212E7ED5D3291EBEEDA17674D84810558DD8822115E55C39AE0F8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:PKCX0.+...*.H........+.0.+....1.0...`.H.e......0.....+.....7.......0...05..+.....7...0'........K......M.n#.9..................0..0...`.H.e.........APPXAXPC.BX........?....#...Q.xMQ0TA..AXCD=%4#...F......T.-oL.H\.V...<.w..AXCTb...}...Ja..a(.%.ZVB..%.0{x..AXBM:.{.6.,..@!...Z1S.#.3e..B...4.RAXCIc.A.F....p..y..gn.....W!'[......B0..D0..,.......3..E..L)...A.....E.0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1.0...U....MOPR1'0%..U....Microsoft Marketplace CA G 0150...191115130146Z..191118130146Z0/1-0+..U...$F005DA31-7CE1-4D3E-ABEE-08A4AFF4F5920.."0...*.H.............0.........J....2.v....`K.'.........".f`R....4.e.9.Y..\...k\.+..[...k.Dd*`..5.......yj.^.}.V.%.*.F.I.q..Qh...?^.$.G.....+........x|.....X..u&.2.O...M.%......i.{.n=....7...cA...+$."...&.......V...$M9;i.o.{r.H.GU].Om..:|1.A.T.......N.Mo..,.7.....|.B[h.F...........0...0/..U.%....%0#..+.....7L..H..+.....7L....+.......0...U......"Ub...Os'.X.N../..^p0...U....0

                                                                                                                                    C:\Users\user\AppData\Local\Temp\MSI166.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2636681
                                                                                                                                    Entropy (8bit):7.025633087981941
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:49152:RwBEI6WipJ5ZKzwSVpzlxIAKTrOCOpO2ARW/9aep7qyTJ2pEm:mBEI6WipJ5ZGVpBAE/YOJw
                                                                                                                                    MD5:ED8A3DF76C5120EE7AE642DDF5DD7E49
                                                                                                                                    SHA1:9D143EF4D3BD3FC6AF81435B80FFB81B3D5BB800
                                                                                                                                    SHA-256:9226112BE7245020E427E49475E3DD37380D4D0940DDC587FCAF88451F290452
                                                                                                                                    SHA-512:66FDB70C08A9570C5670ECD9478C9330336676A5DE0D1A3E0DDDA36678D9D96EFE76382D1C2DDFCBA66E4427CFE8FA5515B5CBFFAB4AB29A235D6D2412CBF817
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........p............a.....H`.....H`.2...H`....E......E.......a.....E..............a......a......a..............a.....Rich....................PE..L.....Y...........!.....(...........".......P............................... ............@..........................4..g;........... ...........................3...W..8...............................@............P..0............................text....#.......$.................. ..`.orpc... ....@.......(.............. ..`.rdata..' ...P..."...,..............@..@.data...X............N..............@....rsrc........ .......:..............@..@.reloc..@........ ..................@..B........................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\MSI2fadb.LOG

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):574618
                                                                                                                                    Entropy (8bit):3.8438407495218074
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:zjNTouAqnPbOQWsjd7bjsg6ghvB/W5xsGWaFxI1BVV0RDmyuqgwTuG/w6uNNB671:TjB6HRRpio
                                                                                                                                    MD5:41798C9B45AAB20CAA5AB56F6F00AFCC
                                                                                                                                    SHA1:2113E906350A1BEADD1D8122AD22B29E45C43912
                                                                                                                                    SHA-256:DFCFFA6E6613AD8E538D4212D7DE6A56F6C377433AD255EEF701D170BF588908
                                                                                                                                    SHA-512:BE416202E8DEF6156426961EFDB8E212EB2D9615FFB51A909D6562899676691EAA4D71B8A14A86E34C9F9998C5ECF37DD13A4FCAC7C7C8EC7F867ADA298A6AE8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..=.=.=. .V.e.r.b.o.s.e. .l.o.g.g.i.n.g. .s.t.a.r.t.e.d.:. .2.1./.1.0./.2.0.2.4. . .0.5.:.5.8.:.3.4. . .B.u.i.l.d. .t.y.p.e.:. .S.H.I.P. .U.N.I.C.O.D.E. .5...0.0...1.0.0.1.1...0.0. . .C.a.l.l.i.n.g. .p.r.o.c.e.s.s.:. .C.:.\.W.i.n.d.o.w.s.\.S.y.s.t.e.m.3.2.\.m.s.i.e.x.e.c...e.x.e. .=.=.=.....M.S.I. .(.c.). .(.A.0.:.A.4.). .[.0.5.:.5.8.:.3.4.:.5.5.2.].:. .F.o.n.t. .c.r.e.a.t.e.d... . .C.h.a.r.s.e.t.:. .R.e.q.=.0.,. .R.e.t.=.0.,. .F.o.n.t.:. .R.e.q.=.M.S. .S.h.e.l.l. .D.l.g.,. .R.e.t.=.M.S. .S.h.e.l.l. .D.l.g.......M.S.I. .(.c.). .(.A.0.:.A.4.). .[.0.5.:.5.8.:.3.4.:.5.5.2.].:. .F.o.n.t. .c.r.e.a.t.e.d... . .C.h.a.r.s.e.t.:. .R.e.q.=.0.,. .R.e.t.=.0.,. .F.o.n.t.:. .R.e.q.=.M.S. .S.h.e.l.l. .D.l.g.,. .R.e.t.=.M.S. .S.h.e.l.l. .D.l.g.......M.S.I. .(.c.). .(.A.0.:.7.4.). .[.0.5.:.5.8.:.3.4.:.5.6.8.].:. .R.e.s.e.t.t.i.n.g. .c.a.c.h.e.d. .p.o.l.i.c.y. .v.a.l.u.e.s.....M.S.I. .(.c.). .(.A.0.:.7.4.). .[.0.5.:.5.8.:.3.4.:.5.6.8.].:. .M.a.c.h.i.n.e. .p.o.l.i.c.y. .v.a.l.u.e. .'.D.e.b.u.g.'. .i.s. .

                                                                                                                                    C:\Users\user\AppData\Local\Temp\MSIBE3F.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):173816
                                                                                                                                    Entropy (8bit):6.23179846686102
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:CfxQXjgrNmFy/E9XFPaKON5hqTYYPOaLId+MSBFskIvE51+VMA1:CfuzgrNW5iKQ5hdIVqdzGry
                                                                                                                                    MD5:0E6FDA2B8425C9513C774CF29A1BC72D
                                                                                                                                    SHA1:A79FFA24CB5956398DED44DA24793A2067B85DD0
                                                                                                                                    SHA-256:E946B2FAE0B36C43064463A8C16A2774ADAC30C4188C5AF90E9338B903C501C9
                                                                                                                                    SHA-512:285BB7759A1214ABED36162AC8BE2D48DF17A05278C4DE97562448E20FD43B635563A6819F37E23D92A5F5ED0205A68BFFE43DAC0D3A67513BD0303B4E7F89AA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h`....S...S...S...S...SA..S...S...S...S...S...S.~.S...S...S...S.~.S...SA..S...SA..S...SA..S...S...S...SA..S...SRich...S........PE..L.....Y...........!.................................................................C....@..........................A..a...d4......................................................................(...@............................................text............................... ..`.rdata..............................@..@.data...41...P.......*..............@....rsrc................<..............@..@.reloc...G.......H...B..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\MSID7E3.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):173816
                                                                                                                                    Entropy (8bit):6.23179846686102
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:CfxQXjgrNmFy/E9XFPaKON5hqTYYPOaLId+MSBFskIvE51+VMA1:CfuzgrNW5iKQ5hdIVqdzGry
                                                                                                                                    MD5:0E6FDA2B8425C9513C774CF29A1BC72D
                                                                                                                                    SHA1:A79FFA24CB5956398DED44DA24793A2067B85DD0
                                                                                                                                    SHA-256:E946B2FAE0B36C43064463A8C16A2774ADAC30C4188C5AF90E9338B903C501C9
                                                                                                                                    SHA-512:285BB7759A1214ABED36162AC8BE2D48DF17A05278C4DE97562448E20FD43B635563A6819F37E23D92A5F5ED0205A68BFFE43DAC0D3A67513BD0303B4E7F89AA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h`....S...S...S...S...SA..S...S...S...S...S...S.~.S...S...S...S.~.S...SA..S...SA..S...SA..S...S...S...SA..S...SRich...S........PE..L.....Y...........!.................................................................C....@..........................A..a...d4......................................................................(...@............................................text............................... ..`.rdata..............................@..@.data...41...P.......*..............@....rsrc................<..............@..@.reloc...G.......H...B..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\MSIFBC6.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):173816
                                                                                                                                    Entropy (8bit):6.23179846686102
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:CfxQXjgrNmFy/E9XFPaKON5hqTYYPOaLId+MSBFskIvE51+VMA1:CfuzgrNW5iKQ5hdIVqdzGry
                                                                                                                                    MD5:0E6FDA2B8425C9513C774CF29A1BC72D
                                                                                                                                    SHA1:A79FFA24CB5956398DED44DA24793A2067B85DD0
                                                                                                                                    SHA-256:E946B2FAE0B36C43064463A8C16A2774ADAC30C4188C5AF90E9338B903C501C9
                                                                                                                                    SHA-512:285BB7759A1214ABED36162AC8BE2D48DF17A05278C4DE97562448E20FD43B635563A6819F37E23D92A5F5ED0205A68BFFE43DAC0D3A67513BD0303B4E7F89AA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h`....S...S...S...S...SA..S...S...S...S...S...S.~.S...S...S...S.~.S...SA..S...SA..S...SA..S...S...S...SA..S...SRich...S........PE..L.....Y...........!.................................................................C....@..........................A..a...d4......................................................................(...@............................................text............................... ..`.rdata..............................@..@.data...41...P.......*..............@....rsrc................<..............@..@.reloc...G.......H...B..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\MSIFCFF.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):156928
                                                                                                                                    Entropy (8bit):6.027765050560978
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:7tq45H7fN+qN7TyL3zyRVPkF5ka2ACEJ2dZYUdmaw+6JcKsWjcdl3K0ud9nB9U9S:hq41fALwolSsCZhdVw+6C1K0udFPI1g
                                                                                                                                    MD5:A1B7850763AF9593B66EE459A081BDDF
                                                                                                                                    SHA1:6E45955FAE2B2494902A1B55A3873E542F0F5CE4
                                                                                                                                    SHA-256:41B8E92DEBA5206C78817236ED7F44DF95636CA748D95FAB05F032F5AEC186AF
                                                                                                                                    SHA-512:A87A302A9A0D19D7CE293B42F5E7BC09664B21307A5321F226157FCC57EB2DF2B59C6651878CB23969A182C82B55E8671FF00F8462194B81A907974A49CB25B1
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{..7?..d?..d?..d..#d...d.. d9..d.. d>..d..!d...d.. dL..d6.md<..d6.}d ..d?..d-..d..!d)..d..$d>..d..'d>..d?.yd>..d.."d>..dRich?..d........................PE..L...1..Y...........!.....J..........F........`......................................UH..............................p...E............@...............H.......P..@...................................H...@............`...............................text....I.......J.................. ..`.rdata.......`.......N..............@..@.data...t1..........................@....rsrc........@......................@..@.reloc..tJ...P...L..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\MSIFDEB.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2636681
                                                                                                                                    Entropy (8bit):7.025633087981941
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:49152:RwBEI6WipJ5ZKzwSVpzlxIAKTrOCOpO2ARW/9aep7qyTJ2pEm:mBEI6WipJ5ZGVpBAE/YOJw
                                                                                                                                    MD5:ED8A3DF76C5120EE7AE642DDF5DD7E49
                                                                                                                                    SHA1:9D143EF4D3BD3FC6AF81435B80FFB81B3D5BB800
                                                                                                                                    SHA-256:9226112BE7245020E427E49475E3DD37380D4D0940DDC587FCAF88451F290452
                                                                                                                                    SHA-512:66FDB70C08A9570C5670ECD9478C9330336676A5DE0D1A3E0DDDA36678D9D96EFE76382D1C2DDFCBA66E4427CFE8FA5515B5CBFFAB4AB29A235D6D2412CBF817
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........p............a.....H`.....H`.2...H`....E......E.......a.....E..............a......a......a..............a.....Rich....................PE..L.....Y...........!.....(...........".......P............................... ............@..........................4..g;........... ...........................3...W..8...............................@............P..0............................text....#.......$.................. ..`.orpc... ....@.......(.............. ..`.rdata..' ...P..."...,..............@..@.data...X............N..............@....rsrc........ .......:..............@..@.reloc..@........ ..................@..B........................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gl23f3yk.rt5.ps1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qoyj5agt.30g.ps1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_va1m1zqs.hmw.psm1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z1jdqpzv.aly.psm1

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):60
                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                    C:\Users\user\AppData\Local\Temp\appxStage-{47F959DA-A9A2-41C3-869C-B8431F518AC1}\DellInc.DellCommandUpdate_3.1.58.0_neutral_~_htrsf667h5kn2DCU.Centennial_3.1.58.0_x64.appx

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe
                                                                                                                                    File Type:Zip archive data, at least v4.5 to extract, compression method=store
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):3440051
                                                                                                                                    Entropy (8bit):7.997999606356871
                                                                                                                                    Encrypted:true
                                                                                                                                    SSDEEP:49152:8qZspQJ7O95yGbKArf+VOwUBm4tCK9olBqAT0O0qiY0tfCQvH3SXCB:8CspLzRGArf3m7kolB3QO0d1C6XSI
                                                                                                                                    MD5:6130EF9DA9F86F4AE191A9ABFBB7EFAF
                                                                                                                                    SHA1:688C8999FB9B61B639C1983BC038FC7316870F60
                                                                                                                                    SHA-256:AF5BFEC19CED2A04C95FF4B8A6361E3B3D63C8DB813C445995AD77FE285E1CE4
                                                                                                                                    SHA-512:B4E8122B80BA850777421089412D49F74857E5922426536278F6EB90EA4FA2338587CB18E49F613205AA13E33C48F9CA27D6664B26EE94ACEFCE1C4F3F21061E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:PK..-.....X)oO............&...Assets/Square150x150Logo.scale-200.png.PNG........IHDR...,...,.....y}.u....pHYs..........o.d...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{5669AB71-1302-4412-8DA1-CB69CD7B7324}\DellCommandUpdate.appxbundle

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:Zip archive data, at least v4.5 to extract, compression method=store
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):3449272
                                                                                                                                    Entropy (8bit):7.99799568038455
                                                                                                                                    Encrypted:true
                                                                                                                                    SSDEEP:49152:iqZspQJ7O95yGbKArf+VOwUBm4tCK9olBqAT0O0qiY0tfCQvH3SXCo:iCspLzRGArf3m7kolB3QO0d1C6XSb
                                                                                                                                    MD5:7FEB6E27567689A4D3310AE730CDB700
                                                                                                                                    SHA1:FAF91D8B67F5D72E9E81F10E25F8A1101C835882
                                                                                                                                    SHA-256:64D861CD0C5421D1555B8A367109A6F9541AEAC465CDC7838652196946C077EA
                                                                                                                                    SHA-512:58520703A26EA3670F854018C9027754C693F06D92D821C1CDB8305C7579278165D7F67621FD05E09E9AC714B9E132CAE6790CAB76C46A196B2672643E25E892
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:PK..-......)oO............ ...DCU.Centennial_3.1.58.0_x64.appxPK..-.....X)oO............&...Assets/Square150x150Logo.scale-200.png.PNG........IHDR...,...,.....y}.u....pHYs..........o.d...OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{5669AB71-1302-4412-8DA1-CB69CD7B7324}\DellCommandUpdate_License1.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:ASCII text, with very long lines (2676), with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2676
                                                                                                                                    Entropy (8bit):5.942047559545302
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:l8hZZT0IgbZMgY2TRUqIcER5CqDh6QvL3+1NtEMtpg4kVAnDaD6SCG5:mZZT0IgbygpTyqSRXL2tJWVADOKG5
                                                                                                                                    MD5:30C764A1B4A33B5DB7422B4D2012D9BB
                                                                                                                                    SHA1:C5FCC94746B63213F57D547727D204BDB4BB2B53
                                                                                                                                    SHA-256:144724710BAC1F118852FA6EFD55A12DE4C470CEC563B44DF4343E009B8215B4
                                                                                                                                    SHA-512:FFEAB68AB0AFE11D0E94A86C94C668B26B1BD425860E7E0F6B3BA4E2F49711C6372E0A0FC9F3C290922B0CBC0C563D239D2D3BF703212E8E6489AEFF2ECE73AF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<License xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" ID="07380496-c415-4d0f-8536-990eb4846f70" LicenseID="a437a09d-cb9d-c512-7439-f35705474e64" ContentID="11b6e70d-5a83-d49f-ea77-9244209b7f66" Version="3" xmlns="urn:schemas-microsoft-com:windows:store:licensing:ls"><Binding Binding_Type="Machine"><ProductID>9N0K4B9PJT60</ProductID><PFM>dellinc.dellcommandupdate_htrsf667h5kn2</PFM><LicenseInstanceID>488ca431-1ed7-48c3-a66a-557ce9b0a73c</LicenseInstanceID><RequestorID>9897b18e-89c7-5167-c951-af280046fed1</RequestorID><LeaseRequired>False</LeaseRequired></Binding><LicenseInfo Type="Full" LicenseUsage="Offline" LicenseCategory="OEM"><IssuedDate>2019-11-15T13:48:35.3689926Z</IssuedDate><LastUpdateDate>2019-11-15T13:48:35.3836502Z</LastUpdateDate><BeginDate>2019-11-15T13:48:35.3836502Z</BeginDate></LicenseInfo><SPLicenseBlock>FAAAALgAAADJAAAACgAAAAMAAQCzrM5dAgDLAAAAEAAAAJ2gN6SdyxLFdDnzVwVHTmTOAAAAUAAAAGQAZQBsAGwAaQBuAGMALgBkAGUAbABsAGMAb

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):182008
                                                                                                                                    Entropy (8bit):5.744618295706068
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:gIFNKUw8ALJ+C2T0FSmmiYQT4LF2E+JYOdeZ2bgA/qZK3:sUn0mT8Sc/T4p1bAxg8R
                                                                                                                                    MD5:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    SHA1:3A358773608E315D8E1EC97476E670802E9F1EC6
                                                                                                                                    SHA-256:1F0D8DFBD8B2B9C0CEB8A827FFDD1559D1FB26E86836A9080DFD168759C03BBE
                                                                                                                                    SHA-512:D967395F5DDB5DF40949A737EC9B4C5E675C0355733938D9A17801F98AAD9AF2FD2E6660786C13EBB2F2A66FCB76FC99EE064ACD87796A7931E21A973772576E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.*.!.D.!.D.!.D../..D.D../..(.D../....D.... .D.!.E.[.D......D.....%.D..... .D.!.. .D..... .D.Rich!.D.........................PE..d......Y.........."......X...v.................@.....................................~....`..................................................J..................$...................`t..8...............................p............p...............................text....W.......X.................. ..`.rdata.......p.......\..............@..@.data... B...`.......D..............@....pdata..$............`..............@..@.rsrc................v..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISRT.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):432880
                                                                                                                                    Entropy (8bit):7.97363344973573
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:/0DDccyPxdz60ksTWzuuLyfGqlwaUyAztO3bny52:ICDW1FqSaUDtOzO2
                                                                                                                                    MD5:77F4AD122B04F2E11D3841B611596785
                                                                                                                                    SHA1:133D1935811929E5AA5BC0C97C826D0FE7C6B4FB
                                                                                                                                    SHA-256:EEFCB7FB1CE56E30A8B6C82BA8AFC4ECBBAAA50028104E5873DE620FC3803982
                                                                                                                                    SHA-512:A4C10CAA98887B158BD7513C6115DED655602BF5F129C2738C3428444A73A650FDA69193C3E76D76C6A684D6C5977A7E0F69BBF3CC08D078B96FB4531D8AE901
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........C...-..-..-./...-.B/...-......-.B/..9.-.B/....-.O....-.O....-..,.@.-.O....-.......-......-......-....-......-.Rich..-.........................PE..L.....Y...........!.....d...6............................................... ......v...................................S...d........................~..................8....................................................>..@....................text............D......PEC2MO...... ....rsrc....@.......4...H.............. ....reloc...............|..............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\IsConfig.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:Generic INItialization configuration [f4]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):427
                                                                                                                                    Entropy (8bit):5.283091380531802
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:sWCV4wFACLDxzWAf4/LQ1puDxF4PWAluN7DA+vLY:sWCV1FAsDYAf6euDPAlSAkY
                                                                                                                                    MD5:6D4FA00B722A5B5C2BBCB6AE90A827DC
                                                                                                                                    SHA1:D4E55B3632EEEF241409A0C62E75007D7FC7364F
                                                                                                                                    SHA-256:F09FE0797B10B717431215E2CE53D60362F290885F2CE0C4DBC922FB8E8DD38F
                                                                                                                                    SHA-512:D672A262505BCC291E81DF1056F6F4D4D900B00396C8CA32D747BD2390B4BD6AAFDF54C98BA69C7D87B383253FCC62B7922CFB747FD2B23CC9228D231E89FD4D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[SetupDefaults]..LangID=1033..ProductCode={5669AB71-1302-4412-8DA1-CB69CD7B7324}..TempPathGuid={4C7F1830-7A04-4650-8151-9629313505DD}..[f4]..Function=ExportPreferenceSettings..[f1]..Function=DetectDotNETFramework..[f7]..Function=CleanupDataDir..[f5]..Function=ImportPreferenceSettings..[f8]..Function=GetSupportDirPath..[f2]..Function=DetectIdenticalApps..[f6]..Function=ShowUpgradeMessage..[f3]..Function=UpdateADRRegSetting..

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\String1033.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with very long lines (332), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):178248
                                                                                                                                    Entropy (8bit):3.6475098897303315
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:1ujZLJ6/K41VBrChTHx8Icy27RWA/z+wKZU6rPsH3QvvOeyMJice1VOL27pz:1qLm1UTR8nW9twuy
                                                                                                                                    MD5:860CF6ECD45A5A90531563DCE1197308
                                                                                                                                    SHA1:E4AAE504BB8A753FB10B7AA3C1CC4538AC77E11B
                                                                                                                                    SHA-256:B6D8F43E3B45FCFEAD6EA6222344684F932E023D74B67BE7DBB207E2122F21FB
                                                                                                                                    SHA-512:4731FD00FD26571F9F1B488061DD7147699AFE01B3DDD49935CCFD996647853B91F1C46DCD1B2A43B924D480D5A2FE0569ED403392F9F424C5935623B891778F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..C.O.M.P.A.N.Y._.N.A.M.E.=.Y.o.u.r. .C.o.m.p.a.n.y. .N.a.m.e.....D.C.U._.T.E.L.E.M.E.T.R.Y._.A.C.C.E.P.T.=.Y.e.s.,. .I. .w.a.n.t. .t.o. .p.a.r.t.i.c.i.p.a.t.e. .i.n. .t.h.e. .p.r.o.g.r.a.m.......D.C.U._.T.E.L.E.M.E.T.R.Y._.C.O.N.S.E.N.T.I.N.F.O.=.T.h.e. .p.r.o.g.r.a.m. .h.e.l.p.s. .D.e.l.l. .i.m.p.r.o.v.e. .D.e.l.l. .C.o.m.m.a.n.d. .|. .U.p.d.a.t.e... .W.i.t.h.o.u.t. .i.n.t.e.r.r.u.p.t.i.n.g. .y.o.u.,. .i.t. .c.o.l.l.e.c.t.s. .i.n.f.o.r.m.a.t.i.o.n. .a.b.o.u.t. .h.o.w. .y.o.u. .u.s.e. .t.h.e. .a.p.p.l.i.c.a.t.i.o.n.,. .a.n.d. .a.l.s.o. .c.o.l.l.e.c.t.s. .i.n.f.o.r.m.a.t.i.o.n. .a.b.o.u.t. .p.r.o.b.l.e.m.s. .y.o.u. .m.i.g.h.t. .h.a.v.e. .w.i.t.h. .D.e.l.l. .C.o.m.m.a.n.d. .|. .U.p.d.a.t.e... .T.h.e. .i.n.f.o.r.m.a.t.i.o.n. .c.o.l.l.e.c.t.e.d. .i.s. .n.o.t. .u.s.e.d. .t.o. .i.d.e.n.t.i.f.y. .o.r. .c.o.n.t.a.c.t. .y.o.u.......D.C.U._.T.E.L.E.M.E.T.R.Y._.D.O.N.O.T.A.C.C.E.P.T.=.N.o.,. .I. .d.o.n.. t. .w.a.n.t. .t.o. .p.a.r.t.i.c.i.p.a.t.e. .i.n. .t.h.e. .p.r.o.g.r.a.m.......D.C.U._.T.E.L.

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\_isres_0x0409.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1863024
                                                                                                                                    Entropy (8bit):5.688121670576851
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:bs4d9dfaOdWjIopJCPtjvntnSb8COevQonCLPub+7tPF:7hrWcoDCPtjvntnSb8COevQonCfFF
                                                                                                                                    MD5:D859524FF046714B573BAA33E2C8B117
                                                                                                                                    SHA1:12878A06FCB83A770B3B59F38876C2C40E6139F2
                                                                                                                                    SHA-256:06E0B73201E0751C89AE7619FA6180FA9282824F78B03F6AA952BF2FFC58B779
                                                                                                                                    SHA-512:04AEF904343F2B6E15343E1A6F916439F30261803EF81AAB4A8730E5248DE48BB6D88BD3B3562E37B65728D8C2125238F07C17AE416AC6B04DFA69390AC124D1
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^..(...{...{...{...{...{,..{J..{...{P..{..{...{,..{...{..{...{Rich...{........PE..L...^..Y...........!.........................................................p.......q.......................................@..(....P..s...........pP.......@.......................................................A...............................text...@........................... ..`.rdata........... ..................@..@.data....f.......P..................@....idata.......@....... ..............@....rsrc...s....P.......0..............@..@.reloc...)...@...0... ..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\setup.inx

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):275128
                                                                                                                                    Entropy (8bit):7.34703944252768
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:j88ilQKDLWb8mBbSEzUPFvvrS9WwAzoKQ:j88ilQKUQv29WwAz9Q
                                                                                                                                    MD5:0B5E38C0712C20E8F3ABB9BA27C82872
                                                                                                                                    SHA1:FF1F9E8F4AFDF64B2161A33C4B98D0135B82829D
                                                                                                                                    SHA-256:160698FA508E1F0822AA92DD4E302245CFA87ED78D2C5A0C13DA6C97D6375A82
                                                                                                                                    SHA-512:235DEBB442C0D196F4B3C84372909D84782B1750072847222605BAF144414B9A42C4967C03D02FE1FB0B2D878FFB91528474E0963D6DB7FBE0E8F92FC642D73E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:t.,....(... <$.M. .=..........l.............o.c...gWSl..SW..WS[//d.d l$.XX%.......................q.y}aK!mQ.Y]A .M1.`-!.)........................................}...m..q]}}aMm.U=].E-M.5.=.%.-.......................}.......C.....v.@....qeymee1m.......c.)!!.)g..?.....K.7.+.OH..... .D@..0....e..dXH......P..(..]UU-]......kS.kk.....C.WO7'.[.<X44....,..$.8... ...}..\......@.5km!U.gL.8..g....-....._..k#+G##.LP8.H.@......0...T.......Y..D.........1II.1.o.s..Cg..G.....O.Og.CL<L.P.......p.d$........Y..L......<.. ...III.1..k_.....o.oGO?.....H.,@.X.P. ......p..,...\......m..<.....]YMEE.M..w[..[..{os.....O.C_G.t$l.D8\..........,.......}..]..`.........)5M.5.o.W_...sO3.SGk....h$.`,...4.L.$.<..........@...d...e}}1e.D.....o...S)!!.)g.GsK?..0.....#.h$P(.\\...........x(..am.I...p....H.......=9.!S3.wgksK.......3[C ......(.......,...........q.ayyaa.YQQYYc9E%11%9._.......W{7;wSo.......`(h<......L.4..........ay.q...a}Qii]Q....5MM!5.wSl.-.....w'.+k3/..+d.....

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):182008
                                                                                                                                    Entropy (8bit):5.744618295706068
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:gIFNKUw8ALJ+C2T0FSmmiYQT4LF2E+JYOdeZ2bgA/qZK3:sUn0mT8Sc/T4p1bAxg8R
                                                                                                                                    MD5:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    SHA1:3A358773608E315D8E1EC97476E670802E9F1EC6
                                                                                                                                    SHA-256:1F0D8DFBD8B2B9C0CEB8A827FFDD1559D1FB26E86836A9080DFD168759C03BBE
                                                                                                                                    SHA-512:D967395F5DDB5DF40949A737EC9B4C5E675C0355733938D9A17801F98AAD9AF2FD2E6660786C13EBB2F2A66FCB76FC99EE064ACD87796A7931E21A973772576E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.*.!.D.!.D.!.D../..D.D../..(.D../....D.... .D.!.E.[.D......D.....%.D..... .D.!.. .D..... .D.Rich!.D.........................PE..d......Y.........."......X...v.................@.....................................~....`..................................................J..................$...................`t..8...............................p............p...............................text....W.......X.................. ..`.rdata.......p.......\..............@..@.data... B...`.......D..............@....pdata..$............`..............@..@.rsrc................v..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISRT.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):432880
                                                                                                                                    Entropy (8bit):7.97363344973573
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:/0DDccyPxdz60ksTWzuuLyfGqlwaUyAztO3bny52:ICDW1FqSaUDtOzO2
                                                                                                                                    MD5:77F4AD122B04F2E11D3841B611596785
                                                                                                                                    SHA1:133D1935811929E5AA5BC0C97C826D0FE7C6B4FB
                                                                                                                                    SHA-256:EEFCB7FB1CE56E30A8B6C82BA8AFC4ECBBAAA50028104E5873DE620FC3803982
                                                                                                                                    SHA-512:A4C10CAA98887B158BD7513C6115DED655602BF5F129C2738C3428444A73A650FDA69193C3E76D76C6A684D6C5977A7E0F69BBF3CC08D078B96FB4531D8AE901
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........C...-..-..-./...-.B/...-......-.B/..9.-.B/....-.O....-.O....-..,.@.-.O....-.......-......-......-....-......-.Rich..-.........................PE..L.....Y...........!.....d...6............................................... ......v...................................S...d........................~..................8....................................................>..@....................text............D......PEC2MO...... ....rsrc....@.......4...H.............. ....reloc...............|..............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\IsConfig.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:Generic INItialization configuration [f4]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):427
                                                                                                                                    Entropy (8bit):5.283091380531802
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:sWCV4wFACLDxzWAf4/LQ1puDxF4PWAluN7DA+vLY:sWCV1FAsDYAf6euDPAlSAkY
                                                                                                                                    MD5:6D4FA00B722A5B5C2BBCB6AE90A827DC
                                                                                                                                    SHA1:D4E55B3632EEEF241409A0C62E75007D7FC7364F
                                                                                                                                    SHA-256:F09FE0797B10B717431215E2CE53D60362F290885F2CE0C4DBC922FB8E8DD38F
                                                                                                                                    SHA-512:D672A262505BCC291E81DF1056F6F4D4D900B00396C8CA32D747BD2390B4BD6AAFDF54C98BA69C7D87B383253FCC62B7922CFB747FD2B23CC9228D231E89FD4D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[SetupDefaults]..LangID=1033..ProductCode={5669AB71-1302-4412-8DA1-CB69CD7B7324}..TempPathGuid={4C7F1830-7A04-4650-8151-9629313505DD}..[f4]..Function=ExportPreferenceSettings..[f1]..Function=DetectDotNETFramework..[f7]..Function=CleanupDataDir..[f5]..Function=ImportPreferenceSettings..[f8]..Function=GetSupportDirPath..[f2]..Function=DetectIdenticalApps..[f6]..Function=ShowUpgradeMessage..[f3]..Function=UpdateADRRegSetting..

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\String1033.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with very long lines (332), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):178248
                                                                                                                                    Entropy (8bit):3.6475098897303315
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:1ujZLJ6/K41VBrChTHx8Icy27RWA/z+wKZU6rPsH3QvvOeyMJice1VOL27pz:1qLm1UTR8nW9twuy
                                                                                                                                    MD5:860CF6ECD45A5A90531563DCE1197308
                                                                                                                                    SHA1:E4AAE504BB8A753FB10B7AA3C1CC4538AC77E11B
                                                                                                                                    SHA-256:B6D8F43E3B45FCFEAD6EA6222344684F932E023D74B67BE7DBB207E2122F21FB
                                                                                                                                    SHA-512:4731FD00FD26571F9F1B488061DD7147699AFE01B3DDD49935CCFD996647853B91F1C46DCD1B2A43B924D480D5A2FE0569ED403392F9F424C5935623B891778F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..C.O.M.P.A.N.Y._.N.A.M.E.=.Y.o.u.r. .C.o.m.p.a.n.y. .N.a.m.e.....D.C.U._.T.E.L.E.M.E.T.R.Y._.A.C.C.E.P.T.=.Y.e.s.,. .I. .w.a.n.t. .t.o. .p.a.r.t.i.c.i.p.a.t.e. .i.n. .t.h.e. .p.r.o.g.r.a.m.......D.C.U._.T.E.L.E.M.E.T.R.Y._.C.O.N.S.E.N.T.I.N.F.O.=.T.h.e. .p.r.o.g.r.a.m. .h.e.l.p.s. .D.e.l.l. .i.m.p.r.o.v.e. .D.e.l.l. .C.o.m.m.a.n.d. .|. .U.p.d.a.t.e... .W.i.t.h.o.u.t. .i.n.t.e.r.r.u.p.t.i.n.g. .y.o.u.,. .i.t. .c.o.l.l.e.c.t.s. .i.n.f.o.r.m.a.t.i.o.n. .a.b.o.u.t. .h.o.w. .y.o.u. .u.s.e. .t.h.e. .a.p.p.l.i.c.a.t.i.o.n.,. .a.n.d. .a.l.s.o. .c.o.l.l.e.c.t.s. .i.n.f.o.r.m.a.t.i.o.n. .a.b.o.u.t. .p.r.o.b.l.e.m.s. .y.o.u. .m.i.g.h.t. .h.a.v.e. .w.i.t.h. .D.e.l.l. .C.o.m.m.a.n.d. .|. .U.p.d.a.t.e... .T.h.e. .i.n.f.o.r.m.a.t.i.o.n. .c.o.l.l.e.c.t.e.d. .i.s. .n.o.t. .u.s.e.d. .t.o. .i.d.e.n.t.i.f.y. .o.r. .c.o.n.t.a.c.t. .y.o.u.......D.C.U._.T.E.L.E.M.E.T.R.Y._.D.O.N.O.T.A.C.C.E.P.T.=.N.o.,. .I. .d.o.n.. t. .w.a.n.t. .t.o. .p.a.r.t.i.c.i.p.a.t.e. .i.n. .t.h.e. .p.r.o.g.r.a.m.......D.C.U._.T.E.L.

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\_isres_0x0409.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1863024
                                                                                                                                    Entropy (8bit):5.688121670576851
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:bs4d9dfaOdWjIopJCPtjvntnSb8COevQonCLPub+7tPF:7hrWcoDCPtjvntnSb8COevQonCfFF
                                                                                                                                    MD5:D859524FF046714B573BAA33E2C8B117
                                                                                                                                    SHA1:12878A06FCB83A770B3B59F38876C2C40E6139F2
                                                                                                                                    SHA-256:06E0B73201E0751C89AE7619FA6180FA9282824F78B03F6AA952BF2FFC58B779
                                                                                                                                    SHA-512:04AEF904343F2B6E15343E1A6F916439F30261803EF81AAB4A8730E5248DE48BB6D88BD3B3562E37B65728D8C2125238F07C17AE416AC6B04DFA69390AC124D1
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^..(...{...{...{...{...{,..{J..{...{P..{..{...{,..{...{..{...{Rich...{........PE..L...^..Y...........!.........................................................p.......q.......................................@..(....P..s...........pP.......@.......................................................A...............................text...@........................... ..`.rdata........... ..................@..@.data....f.......P..................@....idata.......@....... ..............@....rsrc...s....P.......0..............@..@.reloc...)...@...0... ..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\setup.inx

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):275128
                                                                                                                                    Entropy (8bit):7.34703944252768
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:j88ilQKDLWb8mBbSEzUPFvvrS9WwAzoKQ:j88ilQKUQv29WwAz9Q
                                                                                                                                    MD5:0B5E38C0712C20E8F3ABB9BA27C82872
                                                                                                                                    SHA1:FF1F9E8F4AFDF64B2161A33C4B98D0135B82829D
                                                                                                                                    SHA-256:160698FA508E1F0822AA92DD4E302245CFA87ED78D2C5A0C13DA6C97D6375A82
                                                                                                                                    SHA-512:235DEBB442C0D196F4B3C84372909D84782B1750072847222605BAF144414B9A42C4967C03D02FE1FB0B2D878FFB91528474E0963D6DB7FBE0E8F92FC642D73E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:t.,....(... <$.M. .=..........l.............o.c...gWSl..SW..WS[//d.d l$.XX%.......................q.y}aK!mQ.Y]A .M1.`-!.)........................................}...m..q]}}aMm.U=].E-M.5.=.%.-.......................}.......C.....v.@....qeymee1m.......c.)!!.)g..?.....K.7.+.OH..... .D@..0....e..dXH......P..(..]UU-]......kS.kk.....C.WO7'.[.<X44....,..$.8... ...}..\......@.5km!U.gL.8..g....-....._..k#+G##.LP8.H.@......0...T.......Y..D.........1II.1.o.s..Cg..G.....O.Og.CL<L.P.......p.d$........Y..L......<.. ...III.1..k_.....o.oGO?.....H.,@.X.P. ......p..,...\......m..<.....]YMEE.M..w[..[..{os.....O.C_G.t$l.D8\..........,.......}..]..`.........)5M.5.o.W_...sO3.SGk....h$.`,...4.L.$.<..........@...d...e}}1e.D.....o...S)!!.)g.GsK?..0.....#.h$P(.\\...........x(..am.I...p....H.......=9.!S3.wgksK.......3[C ......(.......,...........q.ayyaa.YQQYYc9E%11%9._.......W{7;wSo.......`(h<......L.4..........ay.q...a}Qii]Q....5MM!5.wSl.-.....w'.+k3/..+d.....

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):182008
                                                                                                                                    Entropy (8bit):5.744618295706068
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:gIFNKUw8ALJ+C2T0FSmmiYQT4LF2E+JYOdeZ2bgA/qZK3:sUn0mT8Sc/T4p1bAxg8R
                                                                                                                                    MD5:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    SHA1:3A358773608E315D8E1EC97476E670802E9F1EC6
                                                                                                                                    SHA-256:1F0D8DFBD8B2B9C0CEB8A827FFDD1559D1FB26E86836A9080DFD168759C03BBE
                                                                                                                                    SHA-512:D967395F5DDB5DF40949A737EC9B4C5E675C0355733938D9A17801F98AAD9AF2FD2E6660786C13EBB2F2A66FCB76FC99EE064ACD87796A7931E21A973772576E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e.*.!.D.!.D.!.D../..D.D../..(.D../....D.... .D.!.E.[.D......D.....%.D..... .D.!.. .D..... .D.Rich!.D.........................PE..d......Y.........."......X...v.................@.....................................~....`..................................................J..................$...................`t..8...............................p............p...............................text....W.......X.................. ..`.rdata.......p.......\..............@..@.data... B...`.......D..............@....pdata..$............`..............@..@.rsrc................v..............@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISRT.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, PECompact2 compressed
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):432880
                                                                                                                                    Entropy (8bit):7.97363344973573
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:/0DDccyPxdz60ksTWzuuLyfGqlwaUyAztO3bny52:ICDW1FqSaUDtOzO2
                                                                                                                                    MD5:77F4AD122B04F2E11D3841B611596785
                                                                                                                                    SHA1:133D1935811929E5AA5BC0C97C826D0FE7C6B4FB
                                                                                                                                    SHA-256:EEFCB7FB1CE56E30A8B6C82BA8AFC4ECBBAAA50028104E5873DE620FC3803982
                                                                                                                                    SHA-512:A4C10CAA98887B158BD7513C6115DED655602BF5F129C2738C3428444A73A650FDA69193C3E76D76C6A684D6C5977A7E0F69BBF3CC08D078B96FB4531D8AE901
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........C...-..-..-./...-.B/...-......-.B/..9.-.B/....-.O....-.O....-..,.@.-.O....-.......-......-......-....-......-.Rich..-.........................PE..L.....Y...........!.....d...6............................................... ......v...................................S...d........................~..................8....................................................>..@....................text............D......PEC2MO...... ....rsrc....@.......4...H.............. ....reloc...............|..............@...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\IsConfig.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:Generic INItialization configuration [f4]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):427
                                                                                                                                    Entropy (8bit):5.283091380531802
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:sWCV4wFACLDxzWAf4/LQ1puDxF4PWAluN7DA+vLY:sWCV1FAsDYAf6euDPAlSAkY
                                                                                                                                    MD5:6D4FA00B722A5B5C2BBCB6AE90A827DC
                                                                                                                                    SHA1:D4E55B3632EEEF241409A0C62E75007D7FC7364F
                                                                                                                                    SHA-256:F09FE0797B10B717431215E2CE53D60362F290885F2CE0C4DBC922FB8E8DD38F
                                                                                                                                    SHA-512:D672A262505BCC291E81DF1056F6F4D4D900B00396C8CA32D747BD2390B4BD6AAFDF54C98BA69C7D87B383253FCC62B7922CFB747FD2B23CC9228D231E89FD4D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[SetupDefaults]..LangID=1033..ProductCode={5669AB71-1302-4412-8DA1-CB69CD7B7324}..TempPathGuid={4C7F1830-7A04-4650-8151-9629313505DD}..[f4]..Function=ExportPreferenceSettings..[f1]..Function=DetectDotNETFramework..[f7]..Function=CleanupDataDir..[f5]..Function=ImportPreferenceSettings..[f8]..Function=GetSupportDirPath..[f2]..Function=DetectIdenticalApps..[f6]..Function=ShowUpgradeMessage..[f3]..Function=UpdateADRRegSetting..

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\String1033.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with very long lines (332), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):178248
                                                                                                                                    Entropy (8bit):3.6475098897303315
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:1ujZLJ6/K41VBrChTHx8Icy27RWA/z+wKZU6rPsH3QvvOeyMJice1VOL27pz:1qLm1UTR8nW9twuy
                                                                                                                                    MD5:860CF6ECD45A5A90531563DCE1197308
                                                                                                                                    SHA1:E4AAE504BB8A753FB10B7AA3C1CC4538AC77E11B
                                                                                                                                    SHA-256:B6D8F43E3B45FCFEAD6EA6222344684F932E023D74B67BE7DBB207E2122F21FB
                                                                                                                                    SHA-512:4731FD00FD26571F9F1B488061DD7147699AFE01B3DDD49935CCFD996647853B91F1C46DCD1B2A43B924D480D5A2FE0569ED403392F9F424C5935623B891778F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..C.O.M.P.A.N.Y._.N.A.M.E.=.Y.o.u.r. .C.o.m.p.a.n.y. .N.a.m.e.....D.C.U._.T.E.L.E.M.E.T.R.Y._.A.C.C.E.P.T.=.Y.e.s.,. .I. .w.a.n.t. .t.o. .p.a.r.t.i.c.i.p.a.t.e. .i.n. .t.h.e. .p.r.o.g.r.a.m.......D.C.U._.T.E.L.E.M.E.T.R.Y._.C.O.N.S.E.N.T.I.N.F.O.=.T.h.e. .p.r.o.g.r.a.m. .h.e.l.p.s. .D.e.l.l. .i.m.p.r.o.v.e. .D.e.l.l. .C.o.m.m.a.n.d. .|. .U.p.d.a.t.e... .W.i.t.h.o.u.t. .i.n.t.e.r.r.u.p.t.i.n.g. .y.o.u.,. .i.t. .c.o.l.l.e.c.t.s. .i.n.f.o.r.m.a.t.i.o.n. .a.b.o.u.t. .h.o.w. .y.o.u. .u.s.e. .t.h.e. .a.p.p.l.i.c.a.t.i.o.n.,. .a.n.d. .a.l.s.o. .c.o.l.l.e.c.t.s. .i.n.f.o.r.m.a.t.i.o.n. .a.b.o.u.t. .p.r.o.b.l.e.m.s. .y.o.u. .m.i.g.h.t. .h.a.v.e. .w.i.t.h. .D.e.l.l. .C.o.m.m.a.n.d. .|. .U.p.d.a.t.e... .T.h.e. .i.n.f.o.r.m.a.t.i.o.n. .c.o.l.l.e.c.t.e.d. .i.s. .n.o.t. .u.s.e.d. .t.o. .i.d.e.n.t.i.f.y. .o.r. .c.o.n.t.a.c.t. .y.o.u.......D.C.U._.T.E.L.E.M.E.T.R.Y._.D.O.N.O.T.A.C.C.E.P.T.=.N.o.,. .I. .d.o.n.. t. .w.a.n.t. .t.o. .p.a.r.t.i.c.i.p.a.t.e. .i.n. .t.h.e. .p.r.o.g.r.a.m.......D.C.U._.T.E.L.

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\_isres_0x0409.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1863024
                                                                                                                                    Entropy (8bit):5.688121670576851
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:bs4d9dfaOdWjIopJCPtjvntnSb8COevQonCLPub+7tPF:7hrWcoDCPtjvntnSb8COevQonCfFF
                                                                                                                                    MD5:D859524FF046714B573BAA33E2C8B117
                                                                                                                                    SHA1:12878A06FCB83A770B3B59F38876C2C40E6139F2
                                                                                                                                    SHA-256:06E0B73201E0751C89AE7619FA6180FA9282824F78B03F6AA952BF2FFC58B779
                                                                                                                                    SHA-512:04AEF904343F2B6E15343E1A6F916439F30261803EF81AAB4A8730E5248DE48BB6D88BD3B3562E37B65728D8C2125238F07C17AE416AC6B04DFA69390AC124D1
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^..(...{...{...{...{...{,..{J..{...{P..{..{...{,..{...{..{...{Rich...{........PE..L...^..Y...........!.........................................................p.......q.......................................@..(....P..s...........pP.......@.......................................................A...............................text...@........................... ..`.rdata........... ..................@..@.data....f.......P..................@....idata.......@....... ..............@....rsrc...s....P.......0..............@..@.reloc...)...@...0... ..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\setup.inx

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):275128
                                                                                                                                    Entropy (8bit):7.34703944252768
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:j88ilQKDLWb8mBbSEzUPFvvrS9WwAzoKQ:j88ilQKUQv29WwAz9Q
                                                                                                                                    MD5:0B5E38C0712C20E8F3ABB9BA27C82872
                                                                                                                                    SHA1:FF1F9E8F4AFDF64B2161A33C4B98D0135B82829D
                                                                                                                                    SHA-256:160698FA508E1F0822AA92DD4E302245CFA87ED78D2C5A0C13DA6C97D6375A82
                                                                                                                                    SHA-512:235DEBB442C0D196F4B3C84372909D84782B1750072847222605BAF144414B9A42C4967C03D02FE1FB0B2D878FFB91528474E0963D6DB7FBE0E8F92FC642D73E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:t.,....(... <$.M. .=..........l.............o.c...gWSl..SW..WS[//d.d l$.XX%.......................q.y}aK!mQ.Y]A .M1.`-!.)........................................}...m..q]}}aMm.U=].E-M.5.=.%.-.......................}.......C.....v.@....qeymee1m.......c.)!!.)g..?.....K.7.+.OH..... .D@..0....e..dXH......P..(..]UU-]......kS.kk.....C.WO7'.[.<X44....,..$.8... ...}..\......@.5km!U.gL.8..g....-....._..k#+G##.LP8.H.@......0...T.......Y..D.........1II.1.o.s..Cg..G.....O.Og.CL<L.P.......p.d$........Y..L......<.. ...III.1..k_.....o.oGO?.....H.,@.X.P. ......p..,...\......m..<.....]YMEE.M..w[..[..{os.....O.C_G.t$l.D8\..........,.......}..]..`.........)5M.5.o.W_...sO3.SGk....h$.`,...4.L.$.<..........@...d...e}}1e.D.....o...S)!!.)g.GsK?..0.....#.h$P(.\\...........x(..am.I...p....H.......=9.!S3.wgksK.......3[C ......(.......,...........q.ayyaa.YQQYYc9E%11%9._.......W{7;wSo.......`(h<......L.4..........ay.q...a}Qii]Q....5MM!5.wSl.-.....w'.+k3/..+d.....

                                                                                                                                    C:\Windows\Installer\532a58.msi

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: Dell Command Update App, Author: Dell, Inc., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2016 - Professional Edition 23, Last Saved Time/Date: Mon Nov 18 19:01:26 2019, Create Time/Date: Mon Nov 18 19:01:26 2019, Last Printed: Mon Nov 18 19:01:26 2019, Revision Number: {59C5BCBE-15E4-49AF-BB4B-C5A27E48EEAF}, Code page: 1252, Template: x64;1033
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):18294272
                                                                                                                                    Entropy (8bit):7.595522985463664
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:393216:fieZl4w4ogSkDiSJbXWUk4jN1IwqLiu4:17t4olkRhHR1IHe
                                                                                                                                    MD5:054DCF5F27FDE6AD730C47184AEF1D8C
                                                                                                                                    SHA1:D80294CE0B31014E06B137B1624CB2594EB5BE52
                                                                                                                                    SHA-256:5062AD097CB699CBEB156A8B4776A6DE67016A2E4EDA1B8A4CCEE3F693FE44A5
                                                                                                                                    SHA-512:08643A3453E08C7DF6036881B39198D885FE4AB57D0963C4A6BB97E79E82629C8A46DA31FBAE925AA366CAB22A40DBE6D3D39B528C590D13A8D25D621BA7314B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:......................>...................................8........6....................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5..........;...............................................................................................#................... ...!..."...%...$...1...&.......(...)...*...+...,...-......./...0...I...2...3...4...5...6...7...>...M...:...<.......=.......?...@...A...B...C...D...E...F...G...H...O...J...e...L...N...........P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...g...f...q...h...i...j...k...l...m...n...o...p...s...r...}...t...u...v...w...x...y...z...

                                                                                                                                    C:\Windows\Installer\532a5a.msi

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: Dell Command Update App, Author: Dell, Inc., Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2016 - Professional Edition 23, Last Saved Time/Date: Mon Nov 18 19:01:26 2019, Create Time/Date: Mon Nov 18 19:01:26 2019, Last Printed: Mon Nov 18 19:01:26 2019, Revision Number: {59C5BCBE-15E4-49AF-BB4B-C5A27E48EEAF}, Code page: 1252, Template: x64;1033
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):18294272
                                                                                                                                    Entropy (8bit):7.595522985463664
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:393216:fieZl4w4ogSkDiSJbXWUk4jN1IwqLiu4:17t4olkRhHR1IHe
                                                                                                                                    MD5:054DCF5F27FDE6AD730C47184AEF1D8C
                                                                                                                                    SHA1:D80294CE0B31014E06B137B1624CB2594EB5BE52
                                                                                                                                    SHA-256:5062AD097CB699CBEB156A8B4776A6DE67016A2E4EDA1B8A4CCEE3F693FE44A5
                                                                                                                                    SHA-512:08643A3453E08C7DF6036881B39198D885FE4AB57D0963C4A6BB97E79E82629C8A46DA31FBAE925AA366CAB22A40DBE6D3D39B528C590D13A8D25D621BA7314B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:......................>...................................8........6....................................................................................................................................................................................................................................................................... ... ...!...!..."..."...#...#...#...$...$...%...%...&...&...'...'...(...(...)...)...*...*...+...+...,...,...-...-.........../.../...0...0...1...1...2...2...3...3...4...4...5...5..........;...............................................................................................#................... ...!..."...%...$...1...&.......(...)...*...+...,...-......./...0...I...2...3...4...5...6...7...>...M...:...<.......=.......?...@...A...B...C...D...E...F...G...H...O...J...e...L...N...........P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...g...f...q...h...i...j...k...l...m...n...o...p...s...r...}...t...u...v...w...x...y...z...

                                                                                                                                    C:\Windows\Installer\MSI2E4F.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):764310
                                                                                                                                    Entropy (8bit):5.964777114235361
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:dfOq+zHcMSHQy9yHTOu+PFgt2bAljCXid/fcMSHQy9yHTOu+PFgt2bAljCXid/A:dfF+z8M8QyPEt2iZd0M8QyPEt2iZdA
                                                                                                                                    MD5:0C39DCAD82163645E2E5347935DB3AA8
                                                                                                                                    SHA1:4B5DB5A96A041726F6AB079FBCDA5E54B53B6DFD
                                                                                                                                    SHA-256:3A3A3A087F52BE7732BE3506F047C7398A2200A7AC29AD271EC5D2F15DDF2398
                                                                                                                                    SHA-512:27BB1187AC3065E3E5241F396F81DA46E25038DA5950A1040E3E02E1E884F0392DB2F8C0FE527A9CB3895D7B12B0BF48D18EFC55528004A1FCF6C5F6CEA667F0
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:...@IXOS.@.....@X/UY.@.....@.....@.....@.....@.....@......&.{5669AB71-1302-4412-8DA1-CB69CD7B7324}$.Dell Command | Update for Windows 10,.E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi.@.....@.....@.....@......ARPPRODUCTICON.exe..&.{59C5BCBE-15E4-49AF-BB4B-C5A27E48EEAF}.....@.....@.....@.....@.......@.....@.....@.......@....$.Dell Command | Update for Windows 10......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@R....@.....@.]....&.{841D7A56-8FC2-46C7-8812-C1AF4101079D}..C:\Program Files\Dell\CommandUpdate\readme.txt.@.......@.....@.....@......&.{0A021260-494A-4E0B-B854-1ED7948FC48B}$.C:\Program Files\Dell\CommandUpdate\.@.......@.....@.....@......&.{0EA8AB43-AB11-45E3-9153-4D6488CBF866}0.C:\Program Files\Dell\CommandUpdate\App.Core.dll.@.......@.....@.....@......&.{7E95C2ED-4208-4F64-B3F3-78AD5A5B0143}=.C:\Program Files\Dell\CommandUpdate\Configuration.Classic.dll.@.......@.

                                                                                                                                    C:\Windows\Installer\MSI2ECD.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2636681
                                                                                                                                    Entropy (8bit):7.025633087981941
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:49152:RwBEI6WipJ5ZKzwSVpzlxIAKTrOCOpO2ARW/9aep7qyTJ2pEm:mBEI6WipJ5ZGVpBAE/YOJw
                                                                                                                                    MD5:ED8A3DF76C5120EE7AE642DDF5DD7E49
                                                                                                                                    SHA1:9D143EF4D3BD3FC6AF81435B80FFB81B3D5BB800
                                                                                                                                    SHA-256:9226112BE7245020E427E49475E3DD37380D4D0940DDC587FCAF88451F290452
                                                                                                                                    SHA-512:66FDB70C08A9570C5670ECD9478C9330336676A5DE0D1A3E0DDDA36678D9D96EFE76382D1C2DDFCBA66E4427CFE8FA5515B5CBFFAB4AB29A235D6D2412CBF817
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........p............a.....H`.....H`.2...H`....E......E.......a.....E..............a......a......a..............a.....Rich....................PE..L.....Y...........!.....(...........".......P............................... ............@..........................4..g;........... ...........................3...W..8...............................@............P..0............................text....#.......$.................. ..`.orpc... ....@.......(.............. ..`.rdata..' ...P..."...,..............@..@.data...X............N..............@....rsrc........ .......:..............@..@.reloc..@........ ..................@..B........................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Installer\MSI5A14.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):311808
                                                                                                                                    Entropy (8bit):5.979236959043697
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:PcB+bVckShH1Qy0GX2ay5BToHgL67PFdSt2+EnArv6gHrvJ8XEQ07YnEDP7xpVSe:PcMSHQy9yHTOu+PFgt2bAljCXid/
                                                                                                                                    MD5:A097F1C3C675841DBF8E7F217672E28D
                                                                                                                                    SHA1:356BF7481E1F23BFA879869FF3A2E1A020280723
                                                                                                                                    SHA-256:EC4A2A426D00178375AB16E9F498F99DFE73A37AAFAD6553584A0D438D4B7360
                                                                                                                                    SHA-512:2F210C645D932EE8850DB2BABE4283036B1683253D82539AE9DD87312344B0B3212E8F654BA266B9B23EE98886D97D1ABE972F633E8F24D0AB890CDB921AF246
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?...{...{...{.............r......N....h.z...{........m.p.......y.......z.......z...{.C.z.......z...Rich{...........................PE..d......Y.........." .........4.............................................. ......'..... ..........................................v......Pm..x................!...................................................(..p...............8............................text.../........................... ..`.rdata..............................@..@.data....=...........t..............@....pdata...!......."..................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Installer\SourceHash{5669AB71-1302-4412-8DA1-CB69CD7B7324}

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):20480
                                                                                                                                    Entropy (8bit):1.180928065767958
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:JSbX72FjOAGiLIlHVRp/h/7777777777777777777777777vDHFumueGyuCw1l0G:JoQI57kmNpK8F
                                                                                                                                    MD5:4C02558C90B8923DE1A1631F60F47A66
                                                                                                                                    SHA1:0214131B4B63778F1FFF4BC6A445F0C045995297
                                                                                                                                    SHA-256:2C7985FB9682CD54BE8C3DBF13F1E1ACBFAB0BDB3C7FE97AE61F0DDE0098A588
                                                                                                                                    SHA-512:83A640AEAE7CC7C5DB0D7B949E9563EBA87CEFDB2FE7697C0EEB5086AA100E00C77C7C3CCE30C4BFC6D5EB399D7251656E554B123C8321B8E3D8D263EF49B2C9
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):24576
                                                                                                                                    Entropy (8bit):1.9797411205577222
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:9h+1uFTmGg/pip2pAvp5pAqRtBAAqDpip2pAvp5pl:O1cy7/8YMnxRtBFqD8YMnr
                                                                                                                                    MD5:1A7C2A93B29822DA0BF6971CA6B260CE
                                                                                                                                    SHA1:17D511C4AC676247FA7B7D7D1691516593973422
                                                                                                                                    SHA-256:8F3A5507858458B21854EE4196499831D15F6370410D004D7ECD4F0517CF968C
                                                                                                                                    SHA-512:B4CB740DD2488AA431D11CE41F81EF70C05884752B92127A3D551C2F2FD3633FF01EC366870B65F3638C48A32D6A7D1CAF575A485AF30545F0CC25FFB8EF6CDC
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Installer\{5669AB71-1302-4412-8DA1-CB69CD7B7324}\ARPPRODUCTICON.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):98304
                                                                                                                                    Entropy (8bit):4.480980432008208
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:4MAyYdTmPJbgqcnDcAct9kT0u4DewPgKawyr+QXDXXTxY5g:41U81cAWkTRFwRaw++oDXXTy5g
                                                                                                                                    MD5:F79946790544B6C8069A52CE145AAE2E
                                                                                                                                    SHA1:A7A46B365A9117123C141AE4F55B7C20A88D1E74
                                                                                                                                    SHA-256:49A90C755FF9C065D87B07CEA14688BF8C4DA7C75114748C71C01975123D32C9
                                                                                                                                    SHA-512:2AECDC12A20AB3CB040C816E8C9CCC96944536F1B4F6A9209C263A59115ACBBAF5E804C532521F2C8A926152C603743AD9FAD05161A8AC57D7C2D17633E37341
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............C...C...C...C...CD..C...C...C...C=..C...C...C...C...C...CRich...C........................PE..L......Y.................@...0...............P....@.........................................................................4T..(....................................................................................P...............................text....5.......@.................. ..`.rdata.......P.......P..............@..@.data....)...`...0...`..............@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Logs\DISM\dism.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe
                                                                                                                                    File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (389), with CRLF line terminators
                                                                                                                                    Category:modified
                                                                                                                                    Size (bytes):169243
                                                                                                                                    Entropy (8bit):5.05710992759819
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:D/MiIzZC4aAM+TRMNMh09JAhQkQLKGQUE00qUCMzmN18Pvzu8/ok6vN5wgOGr5Za:j6h0t1EwMZ+iS6
                                                                                                                                    MD5:42FA9150E2582E94B616C9EEAED1A4DD
                                                                                                                                    SHA1:D9E738C7AFD7C6C247A750847E5387A0D1461720
                                                                                                                                    SHA-256:DFC95AEE2681ECB90FDDC4095B773779CB00185CE14E9356FB6CC2F33F1341D4
                                                                                                                                    SHA-512:484846EC95F8AA462C9EFF5074EDB244A8664210DEC51FB925325C161F3E91E919D5D3B4601E8584AA703998B07E933CECA5E62237A40FE240DDE99091112991
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:.[3360] [0x8007007b] FIOReadFileIntoBuffer:(1452): The filename, directory name, or volume label syntax is incorrect...[3360] [0xc142011c] UnmarshallImageHandleFromDirectory:(641)..[3360] [0xc142011c] WIMGetMountedImageHandle:(2906)..[3360] [0x8007007b] FIOReadFileIntoBuffer:(1452): The filename, directory name, or volume label syntax is incorrect...[3360] [0xc142011c] UnmarshallImageHandleFromDirectory:(641)..[3360] [0xc142011c] WIMGetMountedImageHandle:(2906)..2023-10-03 13:01:57, Info DISM PID=3360 TID=5780 Temporarily setting the scratch directory. This may be overridden by user later. - CDISMManager::FinalConstruct..2023-10-03 13:01:57, Info DISM PID=3360 TID=5780 Scratch directory set to 'C:\Users\jones\AppData\Local\Temp\'. - CDISMManager::put_ScratchDir..2023-10-03 13:01:57, Info DISM PID=3360 TID=5780 DismCore.dll version: 6.2.19041.746 - CDISMManager::FinalConstruct..2023-10-03 13:01:57, Info DISM I

                                                                                                                                    C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{2EF74E71-39CF-4E5B-A8B9-6E1C57F9D94F}.crmlog

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\dllhost.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1048576
                                                                                                                                    Entropy (8bit):0.004197211565058022
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:StswjUI48mjUI48mjU3/8J8a304HTJRYV0Z84zZJlFJ8a304HTJR7Ih:ZWA8UA8Uk8J8aE4tW4DTfJ8aE4t
                                                                                                                                    MD5:FDF59909BC6E17CC48103C1C1C3E3DB3
                                                                                                                                    SHA1:811074B223E617EB4E8E1667B12B12BF955CF22C
                                                                                                                                    SHA-256:1905342AD5479D5A2A84549D4264525B7BC8292F09C852E3BDE349EE01EA1524
                                                                                                                                    SHA-512:DDA3213F8C0C699AD9B5130E09C3CEAC9740BCD2DDFF282B4CE1C7E08E3A19B7AF431CB8F35C0A8306DE89FF13E094FDA30CF64725BD05A216B8B675E562A2A6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:.5.2.d......O.a..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................>;..;v.!z....lA........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                    File Type:JSON data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):55
                                                                                                                                    Entropy (8bit):4.306461250274409
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                    MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                    SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                    SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                    SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                    File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                    Category:modified
                                                                                                                                    Size (bytes):4926
                                                                                                                                    Entropy (8bit):3.2455953646791365
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:FaqdF78F7B+AAHdKoqKFxcxkFiF7KaqdF7/G2++AAHdKoqKFxcxkFlGWI:cEOB+AAsoJjykePE0+AAsoJjyka
                                                                                                                                    MD5:B69E2372A75D6E5C180D7F0B349E2B32
                                                                                                                                    SHA1:C5D31062042630027FBFCC05B83CF47D50A02D6D
                                                                                                                                    SHA-256:C89FEBBF93DA47C9D94CA4F7B15192D8EB38CA7DB0EB0E726ED4F4C2B41402C7
                                                                                                                                    SHA-512:060B7C1EEF635CBD900AB11157E15CD2711433A0E8A5C1CFBB40445AF6AEC4E442602FF00FDD6D4BC61D0FDE0EDE1CB100DA95942CD4BAB4EAD437C986DD8713
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. F.r.i. .. O.c.t. .. 0.6. .. 2.0.2.3. .1.1.:.3.5.:.2.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .W.S.C. .S.t.a.t.e. .I.n.f.o. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*. .A.n.t.i.V.i.r.u.s.P.r.o.d.u.c.t. .*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.*.....d.i.s.p.l.a.y.N.a.m.e. .=. .[.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.].....p.a.t.h.T.o.S.i.g.n.e.d.P.r.o.d.u.c.t.E.x.e. .=. .[.w.i.n.d.o.w.s.d.

                                                                                                                                    C:\Windows\System32\MsDtc\Trace\dtctrace.log

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msdtc.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):16384
                                                                                                                                    Entropy (8bit):0.3214824221939437
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:I0LAzF8ta/k/uMclF6vMclFq5z2NPAXz8gYbOCzE5Zm3n+SkSJkJIOcuCjHu9+GN:P880kqF69Fq5zu6CzE5Z2+fqjFNPG
                                                                                                                                    MD5:A025128BF5B2E8C1A7C4DC9328E78316
                                                                                                                                    SHA1:2E5C7BDAF8C6772DEBA331DAAC5885DCEE673CFF
                                                                                                                                    SHA-256:4350D2418336F08636702A41272CE744DB942EF6957C7CAD4428777C7699641B
                                                                                                                                    SHA-512:D138A961093017DE94B3B7ED1873E5BDF457BD44A2DB45729600EC328FCCDBAB67D5831EFE68281D4A8C73635F5A371661F8B7946AD91BF5FB46A6E642B46388
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:.@..X...X.......................................X...!...............................T...TK.^.............@......eJ..............Zb..............................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1................................................................Y..........)r^.#..........M.S.D.T.C._.T.R.A.C.E._.S.E.S.S.I.O.N...C.:.\.W.i.n.d.o.w.s.\.s.y.s.t.e.m.3.2.\.M.S.D.t.c.\.t.r.a.c.e.\.d.t.c.t.r.a.c.e...l.o.g.............P.P.....T...TK.^............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\ICProgress\Dell_InventoryCollector_Progress.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\Temp\inv5098_tmp_1\invcol.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):300
                                                                                                                                    Entropy (8bit):3.507330261259458
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:QFulcLk04/5p89Il+lzNEAf9asi0lUZxPqlfnlVEJCjblDOlVEJC4Z:QF/LX4xp8vNTlasilPPeVfl4V4Z
                                                                                                                                    MD5:088EEDE0750A2A3840B6A7D76C42827D
                                                                                                                                    SHA1:DE5EB57C5428A955FDC5786166FACE2BA8E9BDDD
                                                                                                                                    SHA-256:24AED78B407A8ECAB86E922B26C641A4E80E998AA99FB81A7FB54212246B86E8
                                                                                                                                    SHA-512:D0EB7CA7FB3CE31B9E23F413587AF30E12E93618E6271A95ECE673982B83692273CC3614F6B385CC97B0FB70305337B608504C97C0FAB2C20F652A8C605F8CF0
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>...<.I.n.v.C.o.l.P.r.o.g.r.e.s.s. .l.a.n.g.=.".e.". .t.i.m.e.S.t.a.m.p.=.".2.0.2.4.-.1.0.-.2.1.T.0.6.:.0.0.:.0.9.". .t.o.t.a.l.I.n.v.C.o.m.p.o.n.e.n.t.s.=.".0.". .c.o.m.p.l.e.t.e.d.I.n.v.C.o.m.p.o.n.e.n.t.s.=.".0."./.>...

                                                                                                                                    C:\Windows\Temp\inv5098_tmp\dsupt32.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):589312
                                                                                                                                    Entropy (8bit):6.649133684763434
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:x4Ku9O6zk9WPDfdjQWG+5rp8Y41I9RTMRbf29wxQ8ueSE:a4EFrGbI9RTM8CxQ8ue
                                                                                                                                    MD5:E841C75FF49BB898424F250DC8F17569
                                                                                                                                    SHA1:C5D0CC06098C58064DDC190A8D00082CFA80C41E
                                                                                                                                    SHA-256:359143CD9BFB8EC2FA9426E64C0A3890E95D1E96F6C85270680A7669D8A3662F
                                                                                                                                    SHA-512:0602C25FF59982E645F7FF7B79748542FCFE2F9030E456A96DA4E1D6E00A0E4877EB04CBB1E7F29C28C2A2E3B8D23A4BC889F43324049E8937E17E39539030D9
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U................y.....~.......~.K......r............~.J.}...~.z.....~.{.....~.|.....Rich............PE..L...V&.]...........!.....z..........Q........................................P..................................................d.......0.......................\N......................................@...............0............................text....y.......z.................. ..`.rdata...............~..............@..@.data...$X...p...4...Z..............@....rsrc...0...........................@..@.reloc..Zi.......j..................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp\icconfig_sys.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):77
                                                                                                                                    Entropy (8bit):4.734900216302676
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:vFWWMNHU8LdgCfiUNRqT9o5v:TMVBd/nNG9S
                                                                                                                                    MD5:60F028C572078AFB0DA0BAC79FF76297
                                                                                                                                    SHA1:A53A41CA9F12BB10D1F9243FC3F1129686851252
                                                                                                                                    SHA-256:F7A20244A43F0529F2D5BA1B85E4E6CCA5D8AF806E68E15BFFCE3003BFB677E8
                                                                                                                                    SHA-512:3C940EF58AD6D87A99423B7B78573E1764D37FBE807139092DCE646C1BE3789A9BD3A0161F6F381F3109CCDF6FF589BBE59D0869C72AAA0636B88FAFE8645034
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8"?>..<InvColConfig> ..</InvColConfig>..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp\icconfig_user.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (345), with CRLF, LF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):42414
                                                                                                                                    Entropy (8bit):5.344220964718387
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:AesqtWoHV5QxXT8VTYsFoqqyE5cl4uOZs+MFOQx9WOst3d3cndYV3Ro:A526IVTYsFoqqyE5cEs+MFsMgi
                                                                                                                                    MD5:23419DD9806E83B89E027D4BC3C263A8
                                                                                                                                    SHA1:7B1767DC02799390532FD174F3030868E1C30492
                                                                                                                                    SHA-256:464BF6C913F8AE37DAC5DB4DCAA3DA2B9E199F0F4D9F5877E798D98C79E9B5DC
                                                                                                                                    SHA-512:FB6AFF3D9AF27603D8EB5EF3E839C109009F82088B1A9DC923534608C4F81A23F9EE00351A8281F578B11D9C77A587C719174A3F0C40FE54B8E62BB622C20690
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:.<?xml version="1.0" encoding="UTF-8"?>..<InvColConfig>.. .<InvComponent dir="ICINIT" type="cli" priority="6" level="0" timeout="30">init.bat</InvComponent>.. .<InvComponent dir="libsmbios" type="cli" priority="5" level="0" timeout="30">smbiosinfo -xml</InvComponent>.. .<InvComponent dir="DrvAppIE_PCI" type="cli" priority="5" level="0" timeout="30" out="pci.xml">..\Executables\DRVUpdate.exe -i -cDir DrvAppIE_PCI -o ..\pci.xml</InvComponent>.. .<InvComponent dir="DrvAppIE_MSI" type="cli" priority="5" level="0" timeout="30" out="msi.xml">..\Executables\DRVUpdate.exe -i -cDir DrvAppIE_MSI -o ..\msi.xml</InvComponent> ... InvComponent dir="NIC_Broadcom" type="cli" priority="5" level="0" timeout="30">BcomIE.cmd i print</InvComponent-->...<InvComponent dir="NIC_Broadcom_reg" type="cli" priority="5" level="0" timeout="30" out="NIC_Broadcom_reg.xml">..\Executables\DRVUpdate.exe -i -cDir NIC_Broadcom_reg -o ..\NIC_Broadcom_reg.xml</InvComponent>.. .<InvComponent dir="DC

                                                                                                                                    C:\Windows\Temp\inv5098_tmp\icpolicy.xsl

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CR line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):3815
                                                                                                                                    Entropy (8bit):5.057339007998835
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:cYAKQhAkUuWVI/EfgadQ8yTuoITecjEZxVAt/WIaKNeuf1KmELxVAt/WIaKNeNrq:5tY/EfTQ8yTuTecjEtC+Il9EzC+I5D
                                                                                                                                    MD5:E780F23B8AC8DE2672F40029A3841F59
                                                                                                                                    SHA1:25B607BFF16DF2C11F5922930F092C4CE28CA0CB
                                                                                                                                    SHA-256:1BD87F5F1489DFF3A5CEB4EC6554A7FBBC9F73D78004985FDD511F08F6E087FD
                                                                                                                                    SHA-512:8A85F678422FE2A2633BB0DD95BADF7A9A936F4BC1C1B8AF9FF5179C8BAA35783AB4F3F09FB5CD61FAB0E12FCB997378ACF0FD236B3831553B8E9745669A2B4D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8"?>.<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">.<xsl:output method="xml" version="1.0" indent="yes"/>..<xsl:template match="/" >..<xsl:call-template name="NewLine"/>...<xsl:call-template name="ApplyInventory" />....<xsl:call-template name="NewLine"/>....</xsl:template>..<xsl:template name="ApplyInventory" >...<xsl:element name="SVMInventory" >....<xsl:attribute name="lang" >.....<xsl:value-of select="SVMInventory/@lang" />....</xsl:attribute>....<xsl:attribute name="schemaVersion" >.....<xsl:value-of select="SVMInventory/@schemaVersion" />....</xsl:attribute>....<xsl:attribute name="timeStamp" >.....<xsl:value-of select="SVMInventory/@timeStamp" />....</xsl:attribute>. <xsl:attribute name="invcolVersion" >. <xsl:value-of select="SVMInventory/@invcolVersion" />. </xsl:attribute>....<xsl:apply-templates select="//SVMInventory/OperatingSystem" />....<xsl:apply-templates select="//SVMInventory/System" /

                                                                                                                                    C:\Windows\Temp\inv5098_tmp\icprogredir.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\Temp\inv5098_tmp\invcol.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:modified
                                                                                                                                    Size (bytes):12000
                                                                                                                                    Entropy (8bit):4.701403334088193
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:lpppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp1:n
                                                                                                                                    MD5:FFEF64C138DB129D79ADDF5B0F65F075
                                                                                                                                    SHA1:C4368DEBBF2E74CC24BC81632F3536E483BDCCBA
                                                                                                                                    SHA-256:D89E241AB77C12E501B550179565E399F2981EDBE4DC2C6605E263B12188F640
                                                                                                                                    SHA-512:0608C7629D987853F212DA3D4902D66CB5C4B0DC1508C12CCF97DD105332A52FD16BD15EB6BC59CB7152DF54EF2FDA7CB93139934BBBADEA35ED566A789529B3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:I/O warning : failed to load external entity "file:///C:/Windows/TEMP/ICProgress/Dell_InventoryCollector_Progress.xml"..I/O warning : failed to load external entity "file:///C:/Windows/TEMP/ICProgress/Dell_InventoryCollector_Progress.xml"..I/O warning : failed to load external entity "file:///C:/Windows/TEMP/ICProgress/Dell_InventoryCollector_Progress.xml"..I/O warning : failed to load external entity "file:///C:/Windows/TEMP/ICProgress/Dell_InventoryCollector_Progress.xml"..I/O warning : failed to load external entity "file:///C:/Windows/TEMP/ICProgress/Dell_InventoryCollector_Progress.xml"..I/O warning : failed to load external entity "file:///C:/Windows/TEMP/ICProgress/Dell_InventoryCollector_Progress.xml"..I/O warning : failed to load external entity "file:///C:/Windows/TEMP/ICProgress/Dell_InventoryCollector_Progress.xml"..I/O warning : failed to load external entity "file:///C:/Windows/TEMP/ICProgress/Dell_InventoryCollector_Progress.xml"..I/O warning : failed to load external en

                                                                                                                                    C:\Windows\Temp\inv5098_tmp\icsvc32.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):830008
                                                                                                                                    Entropy (8bit):6.717184590562203
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:IZcQq26d7uJ7jhQRdVjqort13fYJLvV6+r3gm59RqmZWlQJjn/LDH4Swx:Iqga7uJJ0PYVA+7gm55ZhhfH6
                                                                                                                                    MD5:BDDF93921AECCF64AA46B3ABD0C2CD29
                                                                                                                                    SHA1:E2C7CE52755C35B6437A8866F72B74A1E3427051
                                                                                                                                    SHA-256:2D4F921D9E4CB2A0C0E01B132FBE5045E9FF0975944B22B4D0BAE544B909B2EA
                                                                                                                                    SHA-512:E042AFC84DAD48642184A23E98B59D6311FD9FF0343B6158F478A738677A5AE5F7EA265BA82DF75B77C4B3644F6C3CEB3C4EBE7224535CE2661418B21929ADA7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N......P...P...P...P...P...P...Pe..P...P...P...Pe.;P...P-Y.P...Pe.>P8..Pe..P...P...P...Pe.?P...Pe..P...Pe..P...Pe..P...PRich...P........PE..L...b&.]...........!.....*...`...............@......................................]0.......................................`..........................8.......`................................... ...@............@...............................text....).......*.................. ..`.rdata...]...@...^..................@..@.data...03......."..................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp\invcol.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):21040
                                                                                                                                    Entropy (8bit):6.586699823216155
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:cKbhbGhQENUnQHJFRi9QMvWgMzSHCG6WCxHW6jWr8JN77hhEz:t1SQnnQHPRkviSr6PBjD3hS
                                                                                                                                    MD5:506B775742D085B7921B84E0FFEB63C1
                                                                                                                                    SHA1:D10668B90E8A5CB0355B3C87FD365181686C9F0B
                                                                                                                                    SHA-256:14DAFBA5822E4CF9CA49CCF012F481D3022345B2C58DBCA61ED17DB0DFD39D5A
                                                                                                                                    SHA-512:CFB303F0007262850C5B2C53B542382937742CB2A9AC2A1B49165248CAF286CD934331A0BA574BE572AB86DAFF7E861B2797618B48B81DAA52955C423A362B96
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........=..n..n..nG..n..n...n..n..;n..n..n..n...n..n..n..n..:n..n...n..nRich..n................PE..L...e&.]............................:$.......0....@..........................p.......{......................................t<..P....`...............6..0............................................;..@............0...............................text............................... ..`.rdata..v....0......................@..@.data........P.......2..............@....rsrc........`.......4..............@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp\msvcp100.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):421200
                                                                                                                                    Entropy (8bit):6.59808962341698
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
                                                                                                                                    MD5:03E9314004F504A14A61C3D364B62F66
                                                                                                                                    SHA1:0AA3CAAC24FDF9D9D4C618E2BBF0A063036CD55D
                                                                                                                                    SHA-256:A3BA6421991241BEA9C8334B62C3088F8F131AB906C3CC52113945D05016A35F
                                                                                                                                    SHA-512:2FCFF4439D2759D93C57D49B24F28AE89B7698E284E76AC65FE2B50BDEFC23A8CC3C83891D671DE4E4C0F036CEF810856DE79AC2B028AA89A895BF35ABFF8C8D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._d..17..17..17...7..17..7..17..07 .17(..7..17..7..17..7..17..7..17..7..17..7..17..7..17..7..17Rich..17........................PE..L.....K.........."!.................<.............x......................................@.................................`...<.... ...............V..P....0..H;..p................................/..@...............p............................text............................... ..`.data...$:.......,..................@....rsrc........ ......................@..@.reloc...S...0...T..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp\msvcr100.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):770384
                                                                                                                                    Entropy (8bit):6.908020029901359
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
                                                                                                                                    MD5:67EC459E42D3081DD8FD34356F7CAFC1
                                                                                                                                    SHA1:1738050616169D5B17B5ADAC3FF0370B8C642734
                                                                                                                                    SHA-256:1221A09484964A6F38AF5E34EE292B9AFEFCCB3DC6E55435FD3AAF7C235D9067
                                                                                                                                    SHA-512:9ED1C106DF217E0B4E4FBD1F4275486CEBA1D8A225D6C7E47B854B0B5E6158135B81BE926F51DB0AD5C624F9BD1D09282332CF064680DC9F7D287073B9686D33
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ R.HA<.HA<.HA<.A9..KA<.HA=..A<.'7..@<.'7...A<.'7..|A<.'7...A<.'7..IA<.'7..IA<.'7..IA<.RichHA<.........PE..L.....K.........."!................. ....... .....x.................................S....@..........................I......D...(.......................P....... L..h...8...........................pE..@............................................text............................... ..`.data...|Z... ...N..................@....rsrc................X..............@..@.reloc.. L.......N...\..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\5560_5565_broadband_gps\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):177
                                                                                                                                    Entropy (8bit):5.194256592634337
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFC5bKSkpRo9Y+SITRcVckhFdVBsSkKSkpRo9Y+SIP:/QZgFubKSywT6qkhFrBUKSywP
                                                                                                                                    MD5:2C055FC09E76BDE7CF932EFDF122A448
                                                                                                                                    SHA1:9E6A8C7E27B9713DE3912670CCD9CFE6746DFEAA
                                                                                                                                    SHA-256:F00D3B1526596458A0BA78170D7263FDC15557C9DCBB16D41E8738852FBBEB76
                                                                                                                                    SHA-512:529D5AB2C5A99E143166CD248E4037443F39A9E876F14CAF231360D18B83D82C1D16EEA53DB24BB285AD691DB33ADE271E01164A3261301DD0D6A14F4004E74E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 29740 ..data = {B5AF8B50-7A6E-4AD1-A902-1BB73CFAA923}pkgtype = APAC....[Version]..method = MSI..data = {B5AF8B50-7A6E-4AD1-A902-1BB73CFAA923}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\5560_5565_broadband_gps\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):177
                                                                                                                                    Entropy (8bit):5.194256592634337
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFC5bKSkpRo9Y+SITRcVckhFdVBsSkKSkpRo9Y+SIP:/QZgFubKSywT6qkhFrBUKSywP
                                                                                                                                    MD5:2C055FC09E76BDE7CF932EFDF122A448
                                                                                                                                    SHA1:9E6A8C7E27B9713DE3912670CCD9CFE6746DFEAA
                                                                                                                                    SHA-256:F00D3B1526596458A0BA78170D7263FDC15557C9DCBB16D41E8738852FBBEB76
                                                                                                                                    SHA-512:529D5AB2C5A99E143166CD248E4037443F39A9E876F14CAF231360D18B83D82C1D16EEA53DB24BB285AD691DB33ADE271E01164A3261301DD0D6A14F4004E74E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 29740 ..data = {B5AF8B50-7A6E-4AD1-A902-1BB73CFAA923}pkgtype = APAC....[Version]..method = MSI..data = {B5AF8B50-7A6E-4AD1-A902-1BB73CFAA923}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\5560_5565_broadband_gps\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\AMD_Graphics\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):603
                                                                                                                                    Entropy (8bit):5.360920337591868
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pfz+NLTpNgX+F7n6CaULTpNgX+q1NTz+NLTpNgX+F7Bp:+C5r85vSiNvpD6Mvp41NGNvpDYFpG5
                                                                                                                                    MD5:CA99586BA0FC086BFE8B20CC3948D721
                                                                                                                                    SHA1:7D31C70B3D9667B420CDFDEDAE027EDBA00D0178
                                                                                                                                    SHA-256:226194F0B307ABAF5D38A4FDBC95B0AB00CEF15BB92B50E12C1447E90AE37D60
                                                                                                                                    SHA-512:16036A40538FEF1A56A42A804529F62079050724D6F1514324A7DDB9DF9E174CE83D71D01193869751AD5C462E4CDA2EA83C8975A17BA84D894D937DAC5AF389
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\AMD_MUP_PA_Dell\Version\;..ComponentID = 103170..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\AMD_MUP_PA_Dell\Display\;....[Version].. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\AMD_MUP_PA_Dell\Version\;....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\AMD_Graphics\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):603
                                                                                                                                    Entropy (8bit):5.360920337591868
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pfz+NLTpNgX+F7n6CaULTpNgX+q1NTz+NLTpNgX+F7Bp:+C5r85vSiNvpD6Mvp41NGNvpDYFpG5
                                                                                                                                    MD5:CA99586BA0FC086BFE8B20CC3948D721
                                                                                                                                    SHA1:7D31C70B3D9667B420CDFDEDAE027EDBA00D0178
                                                                                                                                    SHA-256:226194F0B307ABAF5D38A4FDBC95B0AB00CEF15BB92B50E12C1447E90AE37D60
                                                                                                                                    SHA-512:16036A40538FEF1A56A42A804529F62079050724D6F1514324A7DDB9DF9E174CE83D71D01193869751AD5C462E4CDA2EA83C8975A17BA84D894D937DAC5AF389
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\AMD_MUP_PA_Dell\Version\;..ComponentID = 103170..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\AMD_MUP_PA_Dell\Display\;....[Version].. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\AMD_MUP_PA_Dell\Version\;....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\AMD_Graphics\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\AMD_Graphics\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\AMD_Graphics_1\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):582
                                                                                                                                    Entropy (8bit):5.360530769123116
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pfz+NLTpNgyA66CaULTpNgX+q1NTztuNLTpNgyA+FsqN:+C5r85vSiNvpkMvp41NOvp+FpG5
                                                                                                                                    MD5:A762FBC522E279138C575608A6854645
                                                                                                                                    SHA1:68102E87DF4B3CE9A85A225E52A6C2974D8B8D1D
                                                                                                                                    SHA-256:53665EDB6A70930A444F09DD101E1955C25DFF16DFF5368B6C701BE0128C90CE
                                                                                                                                    SHA-512:C43C6EACFD766F46D0E4FAD5C60893FBFB78BF6C3CB6D7C3CDA910E3A537200DCE1108A75B6CE02BC44D933CE45EAF1DA495D023E85FC3A0C42DB5C61E7E560C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage;AMD_MUP_PA_Dell..ComponentID = 103170..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\AMD_MUP_PA_Dell\Display\;....[Version].. ....Method = Reg..Data =HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage;AMD_MUP_PA_Dell....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\AMD_Graphics_1\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):582
                                                                                                                                    Entropy (8bit):5.360530769123116
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pfz+NLTpNgyA66CaULTpNgX+q1NTztuNLTpNgyA+FsqN:+C5r85vSiNvpkMvp41NOvp+FpG5
                                                                                                                                    MD5:A762FBC522E279138C575608A6854645
                                                                                                                                    SHA1:68102E87DF4B3CE9A85A225E52A6C2974D8B8D1D
                                                                                                                                    SHA-256:53665EDB6A70930A444F09DD101E1955C25DFF16DFF5368B6C701BE0128C90CE
                                                                                                                                    SHA-512:C43C6EACFD766F46D0E4FAD5C60893FBFB78BF6C3CB6D7C3CDA910E3A537200DCE1108A75B6CE02BC44D933CE45EAF1DA495D023E85FC3A0C42DB5C61E7E560C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage;AMD_MUP_PA_Dell..ComponentID = 103170..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\AMD_MUP_PA_Dell\Display\;....[Version].. ....Method = Reg..Data =HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage;AMD_MUP_PA_Dell....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\AMD_Graphics_1\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\AMD_Graphics_1\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\AMD_Virtual_Buttons\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):456
                                                                                                                                    Entropy (8bit):5.307215848053377
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9at3qeit3qBCt3QmRqFSTVmWGTk7FEQjY1vmGTkBiytYXFsCp+pot1:CxAtbitwCtgY+S8VLIY1Nw6Fsq+pG1
                                                                                                                                    MD5:DA73CF1313ECABAC26E935CC94525638
                                                                                                                                    SHA1:585B4C3633B64018835A9EA05FEF8B82B6AF3273
                                                                                                                                    SHA-256:EBB819B4F8D8C8A98183AD31E01C444D8E0191BEAE4C383FDD4781522D3378F3
                                                                                                                                    SHA-512:D1CECAFC1B556DBA68D20632A9BC221F960CC7460D2A1275653B24775392A3C5D8840A24F829ECF070DA5E89B90920C589FF7109B99B96C079AFBC661959F70F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = MSI..PkgType = DRVR..ComponentID=107445..Data={84394d93-011d-4985-817d-4a79b96cfc18}....[Version]....; Need to extract Version from below given registry path..Method = MSI..Data={84394d93-011d-4985-817d-4a79b96cfc18}........; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\AMD_Virtual_Buttons\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):454
                                                                                                                                    Entropy (8bit):5.31202687871677
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9at3qeit3qBCt3QmRqFSTVmWGTk7FEQjY1vmGTkBiytYXFsCp+pot4:CxAtbitwCtgY+S8VLIY1Nw6Fsq+pG4
                                                                                                                                    MD5:80E20427EF5C7BF5FA565C02655AB58B
                                                                                                                                    SHA1:33609324D700127D43FECBB89ED115A7E3BC6141
                                                                                                                                    SHA-256:BB2230D89A6531FABC060BC8D17B98225B611FAA28BC54E03DB571FCB38930F1
                                                                                                                                    SHA-512:F57F2539E83225692668F27ED850B85D6233E7C1BC65F7C848DCB5257C1AEA5AA3DD4CD75968F25A8BB9746F57D2CC8C60DEBECAB1D64326284301C4891DFB0D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = MSI..PkgType = DRVR..ComponentID=107445..Data={84394d93-011d-4985-817d-4a79b96cfc18}....[Version]....; Need to extract Version from below given registry path..Method = MSI..Data={84394d93-011d-4985-817d-4a79b96cfc18}........; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\AMD_Virtual_Buttons\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_17625_WIGIG\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.138807290409104
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFHVq6bJQ6ihR4yn1iCmFcCRcVckhFdVBsSkJQ6ihR4yn1iCmFwv:/QZgF1/bJshIlFcCxkhFrBUJshIlFwv
                                                                                                                                    MD5:DC44ACCB052E0371DC1CE21D2A9B58FD
                                                                                                                                    SHA1:99D49F21656CA1A89F2DADA18F6711755CB9E256
                                                                                                                                    SHA-256:DFE4847FBEA1BFD79F27B2CC016F631F00FC4705DD6A3996B8E398E3E36CD15E
                                                                                                                                    SHA-512:948FAF27F6D158CD6C58053204D296E4C6440948D964DE30EDEE85794EF41416123D1B7E81BF01D66C6DFFAED988E4A0B70CBCE30D8ECDB1F8117781F48E263E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103108..data = {4C5ADAAA-1D46-46F8-B91A-CEA826AEB27C}..pkgtype = APAC....[Version]..method = MSI..data = {4C5ADAAA-1D46-46F8-B91A-CEA826AEB27C}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_17625_WIGIG\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.138807290409104
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFHVq6bJQ6ihR4yn1iCmFcCRcVckhFdVBsSkJQ6ihR4yn1iCmFwv:/QZgF1/bJshIlFcCxkhFrBUJshIlFwv
                                                                                                                                    MD5:DC44ACCB052E0371DC1CE21D2A9B58FD
                                                                                                                                    SHA1:99D49F21656CA1A89F2DADA18F6711755CB9E256
                                                                                                                                    SHA-256:DFE4847FBEA1BFD79F27B2CC016F631F00FC4705DD6A3996B8E398E3E36CD15E
                                                                                                                                    SHA-512:948FAF27F6D158CD6C58053204D296E4C6440948D964DE30EDEE85794EF41416123D1B7E81BF01D66C6DFFAED988E4A0B70CBCE30D8ECDB1F8117781F48E263E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103108..data = {4C5ADAAA-1D46-46F8-B91A-CEA826AEB27C}..pkgtype = APAC....[Version]..method = MSI..data = {4C5ADAAA-1D46-46F8-B91A-CEA826AEB27C}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_17625_WIGIG\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_Barcode_Scanner\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):178
                                                                                                                                    Entropy (8bit):5.1456767179597644
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFxyBEdYljmtBVgR4t6VckhFdVBsSkYljmtBVgRY:/QZgFxSEdsjmtXgRe6qkhFrBUsjmtXg+
                                                                                                                                    MD5:4247BE0440BFC07A8592042529B39918
                                                                                                                                    SHA1:E49B737D7ED2AA589946CBBF9509B9F5DD311EBB
                                                                                                                                    SHA-256:619C27E302704454AE140A7757FC6167980B1379923CBA4434A4C03173962317
                                                                                                                                    SHA-512:73172968A62FB4716841EFA9E72E3E0441739D5278B5C1E8A9BE08F91FE3253B7FE60FB1CBDBDD0E0E95D083A34F48F32A0DB8772C50865B288C0D2F3364E6A1
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104839 ..data = {A9CC1F5D-24FE-4BE3-BECF-2B9C437EC4D3}pkgtype = APAC....[Version]..method = MSI..data = {A9CC1F5D-24FE-4BE3-BECF-2B9C437EC4D3}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_Barcode_Scanner\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):178
                                                                                                                                    Entropy (8bit):5.1456767179597644
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFxyBEdYljmtBVgR4t6VckhFdVBsSkYljmtBVgRY:/QZgFxSEdsjmtXgRe6qkhFrBUsjmtXg+
                                                                                                                                    MD5:4247BE0440BFC07A8592042529B39918
                                                                                                                                    SHA1:E49B737D7ED2AA589946CBBF9509B9F5DD311EBB
                                                                                                                                    SHA-256:619C27E302704454AE140A7757FC6167980B1379923CBA4434A4C03173962317
                                                                                                                                    SHA-512:73172968A62FB4716841EFA9E72E3E0441739D5278B5C1E8A9BE08F91FE3253B7FE60FB1CBDBDD0E0E95D083A34F48F32A0DB8772C50865B288C0D2F3364E6A1
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104839 ..data = {A9CC1F5D-24FE-4BE3-BECF-2B9C437EC4D3}pkgtype = APAC....[Version]..method = MSI..data = {A9CC1F5D-24FE-4BE3-BECF-2B9C437EC4D3}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_Barcode_Scanner\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_CIRRUSCLIENT_3_0\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):4.95867825638946
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFhBJmNR3WyEdSjW5EEQ9eTzFvLRcVckhFdVBsSkNR3WyEdSjW5EEQ9eM:/QZgFhBkNMNSq5E+HVLxkhFrBUNMNSqw
                                                                                                                                    MD5:CF2449960945ECDA3A5682EAABC21D16
                                                                                                                                    SHA1:0E2A69DBB6514BE734F8482420D1B4719C80AC00
                                                                                                                                    SHA-256:21397DDB51F6175032B24ECB6B104CB4471EF660C47A58B358E896B65A519AD8
                                                                                                                                    SHA-512:A1D6C5A941B91B5EEFDFFC737A059460EC25D1D8DE0D41001D31440A378D0463BDEB628D5EE522D495CE228CC57D86AFB52095F2A7D8B8BC378C2151199FBE23
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 102287..data = {032de731-1a87-4b13-aaa5-e25ead33060b}..pkgtype = APAC....[Version]..method = MSI..data = {032de731-1a87-4b13-aaa5-e25ead33060b}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_CIRRUSCLIENT_3_0\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):4.95867825638946
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFhBJmNR3WyEdSjW5EEQ9eTzFvLRcVckhFdVBsSkNR3WyEdSjW5EEQ9eM:/QZgFhBkNMNSq5E+HVLxkhFrBUNMNSqw
                                                                                                                                    MD5:CF2449960945ECDA3A5682EAABC21D16
                                                                                                                                    SHA1:0E2A69DBB6514BE734F8482420D1B4719C80AC00
                                                                                                                                    SHA-256:21397DDB51F6175032B24ECB6B104CB4471EF660C47A58B358E896B65A519AD8
                                                                                                                                    SHA-512:A1D6C5A941B91B5EEFDFFC737A059460EC25D1D8DE0D41001D31440A378D0463BDEB628D5EE522D495CE228CC57D86AFB52095F2A7D8B8BC378C2151199FBE23
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 102287..data = {032de731-1a87-4b13-aaa5-e25ead33060b}..pkgtype = APAC....[Version]..method = MSI..data = {032de731-1a87-4b13-aaa5-e25ead33060b}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_CIRRUSCLIENT_3_0\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_DELL_LIGHT_BAR\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1111
                                                                                                                                    Entropy (8bit):5.2828321498631725
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLy8ONvpKsMvpK1SHKFNavzM9oQPNvpKfFpG5:P5r85vTh1A+n9VvpKsMvpK1SHKaiTFvB
                                                                                                                                    MD5:A82E73844FC5A470EF3B7F72FB81DAD9
                                                                                                                                    SHA1:FAFD131DA0F0DC2550329970587D5DCF568BE901
                                                                                                                                    SHA-256:17ADE82ACCD90148FA8FC3AACBF3F2A7C09B4442126ECEF52F60C86B5ED0AFF7
                                                                                                                                    SHA-512:01CD9DC9DF88436C1CF62C4ECA0942712076D80F60F297B15169CC68BFA0E239592ADF43C13EF415E122583F230B7E7F4BBA88BD892B2F2074522A359BF77285
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..PkgType = APAC..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Dell Light Bar Controller\Version..ComponentID = 103580..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Dell Light Bar Controller\Display....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePack

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_DELL_LIGHT_BAR\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1111
                                                                                                                                    Entropy (8bit):5.2828321498631725
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLy8ONvpKsMvpK1SHKFNavzM9oQPNvpKfFpG5:P5r85vTh1A+n9VvpKsMvpK1SHKaiTFvB
                                                                                                                                    MD5:A82E73844FC5A470EF3B7F72FB81DAD9
                                                                                                                                    SHA1:FAFD131DA0F0DC2550329970587D5DCF568BE901
                                                                                                                                    SHA-256:17ADE82ACCD90148FA8FC3AACBF3F2A7C09B4442126ECEF52F60C86B5ED0AFF7
                                                                                                                                    SHA-512:01CD9DC9DF88436C1CF62C4ECA0942712076D80F60F297B15169CC68BFA0E239592ADF43C13EF415E122583F230B7E7F4BBA88BD892B2F2074522A359BF77285
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..PkgType = APAC..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Dell Light Bar Controller\Version..ComponentID = 103580..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Dell Light Bar Controller\Display....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePack

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_DELL_LIGHT_BAR\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_DELL_LIGHT_BAR\RegForceInventory.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):86462
                                                                                                                                    Entropy (8bit):3.6442635335363267
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:OH8HwDSmLToTy+/dlHu5lE3H6LBSTL+E9H1Pt:eswXPoG+/dFAG3GBS/+EN1F
                                                                                                                                    MD5:9125DF2E82623DA199479602AB1C18ED
                                                                                                                                    SHA1:58C37DE22CC35FFC4F27304D0D970D57DB14154F
                                                                                                                                    SHA-256:A07615791B6D4DD6F54173EAC6CAA77BC91E7C8866EDC0989C18D76B10045EBA
                                                                                                                                    SHA-512:868BB7B8E00A5FB802DA758101AC8D33A5AF2D111CD65F2263A7D3E9191DFC17C4DAAF88A995CB709F41874B360C7FC2F97D18AE25F75C8BEE816FCCE7783229
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.". .s.t.a.n.d.a.l.o.n.e.=.".n.o.".?.>.....<.F.o.r.c.e.I.n.v.e.n.t.o.r.y.>.....<.D.e.v.i.c.e. .c.o.m.p.o.n.e.n.t.I.D.=.".1.0.5.2.7.2.". .e.m.b.e.d.d.e.d.=.".0.". .O.S.C.h.e.c.k.=.".1.". .t.y.p.e.=.".A.P.P.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.D.e.l.l. .D.o.c.k. .P.a.t.c.h.].].>.<./.D.i.s.p.l.a.y.>.....<.S.u.p.p.o.r.t.e.d.S.y.s.t.e.m.s.>.....<.B.r.a.n.d. .k.e.y.=.".1.1.". .p.r.e.f.i.x.=.".P.R.E.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.P.r.e.c.i.s.i.o.n.].].>.<./.D.i.s.p.l.a.y.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.E.5.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.5.5.1.0.].].>.<./.D.i.s.p.l.a.y.>.....<./.M.o.d.e.l.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.D.9.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.7.5.1.0.].].>.<./.D.i.s.p.l.a.y.>.....<./.M.o.d.e.l.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.D.A.".>.....<.D.i.s.p.l.a.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_DELL_PM_Lite\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):180
                                                                                                                                    Entropy (8bit):5.207482334190687
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFDQcyGcklpIT/bkj2YylcVckhFdVBsSkcklpIT/bkj2Yn:/QZgFaGhITQbyFkhFrBUhITQbn
                                                                                                                                    MD5:4E3269EE1929D2C4A725D8ABB75FE5DE
                                                                                                                                    SHA1:7D9226404EB71A86B2967FB76AD712DB3D457907
                                                                                                                                    SHA-256:45BC8CBFB70672FFB351B1BA55C840905782A2E05AE30AB44C657C74EEBAAE00
                                                                                                                                    SHA-512:EF47809CBA47BF3DADEDEA094CB3952CA97A44F3BFA1285517E300B8ABDBDD8F26E992A432C070058D5CA3CE3B50BA3C42BCFA8BCD04AB31FF439E764251CF5B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103551 ..data = {E1A84D17-D8D2-475F-976C-0FDD3C52BF5F}..pkgtype = APAC....[Version]..method = MSI..data = {E1A84D17-D8D2-475F-976C-0FDD3C52BF5F}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_DELL_PM_Lite\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):180
                                                                                                                                    Entropy (8bit):5.207482334190687
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFDQcyGcklpIT/bkj2YylcVckhFdVBsSkcklpIT/bkj2Yn:/QZgFaGhITQbyFkhFrBUhITQbn
                                                                                                                                    MD5:4E3269EE1929D2C4A725D8ABB75FE5DE
                                                                                                                                    SHA1:7D9226404EB71A86B2967FB76AD712DB3D457907
                                                                                                                                    SHA-256:45BC8CBFB70672FFB351B1BA55C840905782A2E05AE30AB44C657C74EEBAAE00
                                                                                                                                    SHA-512:EF47809CBA47BF3DADEDEA094CB3952CA97A44F3BFA1285517E300B8ABDBDD8F26E992A432C070058D5CA3CE3B50BA3C42BCFA8BCD04AB31FF439E764251CF5B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103551 ..data = {E1A84D17-D8D2-475F-976C-0FDD3C52BF5F}..pkgtype = APAC....[Version]..method = MSI..data = {E1A84D17-D8D2-475F-976C-0FDD3C52BF5F}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_DELL_PM_Lite\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_DELL_QUICKSET\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.1255702172529825
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GF9ovydRCTmSog+DHRcVckhFdVBsSkRCTmSog+D2:/QZgF93dRCTmSog+DHxkhFrBURCTmSow
                                                                                                                                    MD5:707F2326DC3AEC9D728B8F83BA776993
                                                                                                                                    SHA1:BE2C6F947FBF9502BF1EDA00F26AFF7EDEAF3ABD
                                                                                                                                    SHA-256:CD3B93D1881836E5CA53667D462B072FB35032673CAFF9FBB7EB7BC6EA533551
                                                                                                                                    SHA-512:B9DF8D88D7D0EFD1175806153682A0D2F308EC57289AA8F7756BCD9A81F2E734CE917230A38E0E938675FFF4FB8E176B34FF21E116311477FA4CB9C688034265
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104073..data = {A0103E7A-C24F-4592-8183-073CC501D099}..pkgtype = APAC....[Version]..method = MSI..data = {A0103E7A-C24F-4592-8183-073CC501D099}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_DELL_QUICKSET\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.1255702172529825
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GF9ovydRCTmSog+DHRcVckhFdVBsSkRCTmSog+D2:/QZgF93dRCTmSog+DHxkhFrBURCTmSow
                                                                                                                                    MD5:707F2326DC3AEC9D728B8F83BA776993
                                                                                                                                    SHA1:BE2C6F947FBF9502BF1EDA00F26AFF7EDEAF3ABD
                                                                                                                                    SHA-256:CD3B93D1881836E5CA53667D462B072FB35032673CAFF9FBB7EB7BC6EA533551
                                                                                                                                    SHA-512:B9DF8D88D7D0EFD1175806153682A0D2F308EC57289AA8F7756BCD9A81F2E734CE917230A38E0E938675FFF4FB8E176B34FF21E116311477FA4CB9C688034265
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104073..data = {A0103E7A-C24F-4592-8183-073CC501D099}..pkgtype = APAC....[Version]..method = MSI..data = {A0103E7A-C24F-4592-8183-073CC501D099}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_DELL_QUICKSET\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_ENT-CLNT-INST_1_0\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):184
                                                                                                                                    Entropy (8bit):5.14173832140344
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFjXRbdPW2L6xdDVeQn3nVlcVckhFdVBsSkdPW2L6xdDVeQn3nVovn:/QZgFdbc2GnVvbkhFrBUc2GnVvs
                                                                                                                                    MD5:D5A32524E6754ED41BDFC8899AD154D3
                                                                                                                                    SHA1:07A44DDAAB005B4BEC257F6FC20B0AA06A6526AB
                                                                                                                                    SHA-256:B1C3B0555829EF694C3370723E6495696E2B4E55F3120D00505A16FB522CD538
                                                                                                                                    SHA-512:70E73E254180499999779DA753F90E5C4CCAD05C0072EA1E670839CAE7347A343332C51C2C170FE1E6A4703BEC0326AC1456DA4C7F2F01685EE01D0171BBDF2C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 1013352..data = {AE1D7C34-4252-49ED-B088-320A25B85ABB}..pkgtype = APAC....[Version]..method = MSI..data = {AE1D7C34-4252-49ED-B088-320A25B85ABB}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_ENT-CLNT-INST_1_0\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):184
                                                                                                                                    Entropy (8bit):5.14173832140344
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFjXRbdPW2L6xdDVeQn3nVlcVckhFdVBsSkdPW2L6xdDVeQn3nVovn:/QZgFdbc2GnVvbkhFrBUc2GnVvs
                                                                                                                                    MD5:D5A32524E6754ED41BDFC8899AD154D3
                                                                                                                                    SHA1:07A44DDAAB005B4BEC257F6FC20B0AA06A6526AB
                                                                                                                                    SHA-256:B1C3B0555829EF694C3370723E6495696E2B4E55F3120D00505A16FB522CD538
                                                                                                                                    SHA-512:70E73E254180499999779DA753F90E5C4CCAD05C0072EA1E670839CAE7347A343332C51C2C170FE1E6A4703BEC0326AC1456DA4C7F2F01685EE01D0171BBDF2C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 1013352..data = {AE1D7C34-4252-49ED-B088-320A25B85ABB}..pkgtype = APAC....[Version]..method = MSI..data = {AE1D7C34-4252-49ED-B088-320A25B85ABB}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_ENT-CLNT-INST_1_0\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_ENT-HUB-INST_1_0\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.115823195696332
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFqoZJm0QRuFsST5gMzRcVckhFdVBsSk0QRuFsST5gMan:/QZgFTOPRRgiMzxkhFrBUPRRgiMa
                                                                                                                                    MD5:4D19359533BD2D757388F0EA64C95B8F
                                                                                                                                    SHA1:A0C8D58C9493C46F032362A9409F3454B127BF43
                                                                                                                                    SHA-256:5F608587C65B632476C8DCCAD691F21D0E9160BA1D00ACEB2BCEDDEEF12E7F20
                                                                                                                                    SHA-512:7CBF22992E421E987BA93002834D2AD055C947C73E21D9FD8716B791F2CDC6EAD3611C9DE917A5EB08E48F80A3900B6193EE6CF045BBE3C3B40A1C23CF753883
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104614..data = {70A8B5E1-6CF9-47D6-AA14-158B55144A52}..pkgtype = APAC....[Version]..method = MSI..data = {70A8B5E1-6CF9-47D6-AA14-158B55144A52}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_ENT-HUB-INST_1_0\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.115823195696332
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFqoZJm0QRuFsST5gMzRcVckhFdVBsSk0QRuFsST5gMan:/QZgFTOPRRgiMzxkhFrBUPRRgiMa
                                                                                                                                    MD5:4D19359533BD2D757388F0EA64C95B8F
                                                                                                                                    SHA1:A0C8D58C9493C46F032362A9409F3454B127BF43
                                                                                                                                    SHA-256:5F608587C65B632476C8DCCAD691F21D0E9160BA1D00ACEB2BCEDDEEF12E7F20
                                                                                                                                    SHA-512:7CBF22992E421E987BA93002834D2AD055C947C73E21D9FD8716B791F2CDC6EAD3611C9DE917A5EB08E48F80A3900B6193EE6CF045BBE3C3B40A1C23CF753883
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104614..data = {70A8B5E1-6CF9-47D6-AA14-158B55144A52}..pkgtype = APAC....[Version]..method = MSI..data = {70A8B5E1-6CF9-47D6-AA14-158B55144A52}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_ENT-HUB-INST_1_0\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_ENT-SRVR-INST_1_0\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):184
                                                                                                                                    Entropy (8bit):5.098407865926614
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFjX3ydt5IRkIRcXdOjBnvkScVckhFdVBsSkt5IRkIRcXdOjBnvy:/QZgF7ydERBRadMbkhFrBUERBRadMs
                                                                                                                                    MD5:BBB15DB615F21A4D7A98519D3BC6615D
                                                                                                                                    SHA1:1620CA324D465183FE24A8F1A31E6D1808EA1BCA
                                                                                                                                    SHA-256:1E25FDBBE3430BD7ABDF22570C5103185FC3E2E61F2B7704ED3768B9B7CF2A5A
                                                                                                                                    SHA-512:B045A4715121A22C724BC9BA0DF1FC31D99AAF4D35061EA99E6B9B9D22510942900F5D257FF659F5B6E2455E367AAEFAEA7EC6C2B24CBA554211CBACA4D76D02
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 1013353..data = {9151CF19-C4CA-4990-AA8C-22E6F2C2894B}..pkgtype = APAC....[Version]..method = MSI..data = {9151CF19-C4CA-4990-AA8C-22E6F2C2894B}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_ENT-SRVR-INST_1_0\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):184
                                                                                                                                    Entropy (8bit):5.098407865926614
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFjX3ydt5IRkIRcXdOjBnvkScVckhFdVBsSkt5IRkIRcXdOjBnvy:/QZgF7ydERBRadMbkhFrBUERBRadMs
                                                                                                                                    MD5:BBB15DB615F21A4D7A98519D3BC6615D
                                                                                                                                    SHA1:1620CA324D465183FE24A8F1A31E6D1808EA1BCA
                                                                                                                                    SHA-256:1E25FDBBE3430BD7ABDF22570C5103185FC3E2E61F2B7704ED3768B9B7CF2A5A
                                                                                                                                    SHA-512:B045A4715121A22C724BC9BA0DF1FC31D99AAF4D35061EA99E6B9B9D22510942900F5D257FF659F5B6E2455E367AAEFAEA7EC6C2B24CBA554211CBACA4D76D02
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 1013353..data = {9151CF19-C4CA-4990-AA8C-22E6F2C2894B}..pkgtype = APAC....[Version]..method = MSI..data = {9151CF19-C4CA-4990-AA8C-22E6F2C2894B}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_ENT-SRVR-INST_1_0\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_INTEL_7265_WAPI\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.179630650993908
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFKVyBEd7vmCRP1OThqFvlcVckhFdVBsSk7vmCRP1OThqFvy:/QZgFKVyBk7+C9kNqbkhFrBU7+C9kNqs
                                                                                                                                    MD5:027D391BFB2DA206362C7993E373EC88
                                                                                                                                    SHA1:B818A779C5A90CF7579DBBCD1E08EA2F4F1690ED
                                                                                                                                    SHA-256:C38DA7C6ACEC1153066D478E59ABE8A76A3B47530706F33C12AD1E4266066279
                                                                                                                                    SHA-512:7DE88B8EDC84181B779A200CCBEF10C4F2EC2F5A388C7804C8E6F6A1E418538512CC2A91719458DF7C55AE6CE3F727A247FB40533DBD69752617789F0A45066E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104100..data = {ABF6E4BF-321C-4F43-83B5-EB0A62C97CC8}..pkgtype = APAC....[Version]..method = MSI..data = {ABF6E4BF-321C-4F43-83B5-EB0A62C97CC8}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_INTEL_7265_WAPI\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.179630650993908
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFKVyBEd7vmCRP1OThqFvlcVckhFdVBsSk7vmCRP1OThqFvy:/QZgFKVyBk7+C9kNqbkhFrBU7+C9kNqs
                                                                                                                                    MD5:027D391BFB2DA206362C7993E373EC88
                                                                                                                                    SHA1:B818A779C5A90CF7579DBBCD1E08EA2F4F1690ED
                                                                                                                                    SHA-256:C38DA7C6ACEC1153066D478E59ABE8A76A3B47530706F33C12AD1E4266066279
                                                                                                                                    SHA-512:7DE88B8EDC84181B779A200CCBEF10C4F2EC2F5A388C7804C8E6F6A1E418538512CC2A91719458DF7C55AE6CE3F727A247FB40533DBD69752617789F0A45066E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104100..data = {ABF6E4BF-321C-4F43-83B5-EB0A62C97CC8}..pkgtype = APAC....[Version]..method = MSI..data = {ABF6E4BF-321C-4F43-83B5-EB0A62C97CC8}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_INTEL_7265_WAPI\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_INTEL_7265_WAPI_1\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.20224794873936
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFKVyBEdHPRjC/ocCRcVckhFdVBsSkHPRjC/owv:/QZgFKVyBkZjC/ocCxkhFrBUZjC/owv
                                                                                                                                    MD5:C1722FE1BB982EC347C31AE2A2527223
                                                                                                                                    SHA1:D81FAA3E12A63693CA3ABD7A55D749C4C7999DAB
                                                                                                                                    SHA-256:F991B5C1C8858E344AC1F7E70B7F433FEAAE9F0DA0C04E968185F272A261D0E9
                                                                                                                                    SHA-512:C5CCCF94AAA330A7FF30ABEFBAB746875C792DB4BABC2471AD079A723D0C45D2138E6D1F2E1D6AC8788FFE8DEC5F747C6EA9FF57B407ABE89E2B159DD1135A35
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104100..data = {5880793F-3D50-4859-BF57-C2786A9DD17E}..pkgtype = APAC....[Version]..method = MSI..data = {5880793F-3D50-4859-BF57-C2786A9DD17E}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_INTEL_7265_WAPI_1\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.20224794873936
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFKVyBEdHPRjC/ocCRcVckhFdVBsSkHPRjC/owv:/QZgFKVyBkZjC/ocCxkhFrBUZjC/owv
                                                                                                                                    MD5:C1722FE1BB982EC347C31AE2A2527223
                                                                                                                                    SHA1:D81FAA3E12A63693CA3ABD7A55D749C4C7999DAB
                                                                                                                                    SHA-256:F991B5C1C8858E344AC1F7E70B7F433FEAAE9F0DA0C04E968185F272A261D0E9
                                                                                                                                    SHA-512:C5CCCF94AAA330A7FF30ABEFBAB746875C792DB4BABC2471AD079A723D0C45D2138E6D1F2E1D6AC8788FFE8DEC5F747C6EA9FF57B407ABE89E2B159DD1135A35
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104100..data = {5880793F-3D50-4859-BF57-C2786A9DD17E}..pkgtype = APAC....[Version]..method = MSI..data = {5880793F-3D50-4859-BF57-C2786A9DD17E}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_INTEL_7265_WAPI_1\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_INTEL_7265_WAPI_reg\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):732
                                                                                                                                    Entropy (8bit):5.285077129157611
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pfz+NLTpNg+VqsBCaULTpNg+VvRKFsDqaMczkj9oQJ8E:+C5r85vSiNvpXV9MvpXVvRKFNavzM9oE
                                                                                                                                    MD5:98EDB5FB4C81CAA1BDAD4D7BC129DE4F
                                                                                                                                    SHA1:FE12431F375398478C365B21BD3AAA850B9DB979
                                                                                                                                    SHA-256:8D6FDAE6F8C68373C24DE1940FC62090234F0ECA527BBCB7AF7D1F7B0046C7E0
                                                                                                                                    SHA-512:24E7CB71C4E8746A88519A57FF4502CA696B12B4DE60723FD2B9C030C0A05FF21F718972F3C5D1F30743C1A16799AF87F113E93F34F086C81CC0DE4C1FADC394
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\IntelWapi;Version....ComponentID = 104100..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\IntelWapi;Display....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\IntelWapi;Version....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_INTEL_7265_WAPI_reg\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):732
                                                                                                                                    Entropy (8bit):5.285077129157611
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pfz+NLTpNg+VqsBCaULTpNg+VvRKFsDqaMczkj9oQJ8E:+C5r85vSiNvpXV9MvpXVvRKFNavzM9oE
                                                                                                                                    MD5:98EDB5FB4C81CAA1BDAD4D7BC129DE4F
                                                                                                                                    SHA1:FE12431F375398478C365B21BD3AAA850B9DB979
                                                                                                                                    SHA-256:8D6FDAE6F8C68373C24DE1940FC62090234F0ECA527BBCB7AF7D1F7B0046C7E0
                                                                                                                                    SHA-512:24E7CB71C4E8746A88519A57FF4502CA696B12B4DE60723FD2B9C030C0A05FF21F718972F3C5D1F30743C1A16799AF87F113E93F34F086C81CC0DE4C1FADC394
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\IntelWapi;Version....ComponentID = 104100..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\IntelWapi;Display....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\IntelWapi;Version....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_INTEL_7265_WAPI_reg\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_INTEL_DISPLAY\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.16068020823784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFkdQyHmZVeRYkyXVIOzQ3VLRcVckhFdVBsSkZVeRYkyXVIOzQ3Vy:/QZgFkSNZjkAV3zMxkhFrBUZjkAV3z7
                                                                                                                                    MD5:33D1C0802B03C9BD6D37BCFE1364BDEB
                                                                                                                                    SHA1:AB287970C5A1D3B8BFDB865D0E5BB8B13A6F1263
                                                                                                                                    SHA-256:4003EDE58E907A31467AC1851AFC5BEBA4B59FB59118D1E63E1EA0FFCD627CB0
                                                                                                                                    SHA-512:3CC03736F67D8E959E40279006266297C5337CED433F8FE7FA691EB0D6415B2D26F23DB536E73DD5A71011DAF3DC573D8BCED691C40B7669043C2C98C49B44B6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 105885..data = {E409DF54-4E8A-4C73-9FA0-0B9204135D5E}..pkgtype = APAC....[Version]..method = MSI..data = {E409DF54-4E8A-4C73-9FA0-0B9204135D5E}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_INTEL_DISPLAY\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.16068020823784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFkdQyHmZVeRYkyXVIOzQ3VLRcVckhFdVBsSkZVeRYkyXVIOzQ3Vy:/QZgFkSNZjkAV3zMxkhFrBUZjkAV3z7
                                                                                                                                    MD5:33D1C0802B03C9BD6D37BCFE1364BDEB
                                                                                                                                    SHA1:AB287970C5A1D3B8BFDB865D0E5BB8B13A6F1263
                                                                                                                                    SHA-256:4003EDE58E907A31467AC1851AFC5BEBA4B59FB59118D1E63E1EA0FFCD627CB0
                                                                                                                                    SHA-512:3CC03736F67D8E959E40279006266297C5337CED433F8FE7FA691EB0D6415B2D26F23DB536E73DD5A71011DAF3DC573D8BCED691C40B7669043C2C98C49B44B6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 105885..data = {E409DF54-4E8A-4C73-9FA0-0B9204135D5E}..pkgtype = APAC....[Version]..method = MSI..data = {E409DF54-4E8A-4C73-9FA0-0B9204135D5E}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_INTEL_DISPLAY\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_INTEL_TELEM\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.136143459627605
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFUZZERbIQQdVnnSHTctnc9kScVckhFdVBsSkIQQdVnnSHTctnc9ov:/QZgFUnEdtonSeEFkhFrBUtonSeEy
                                                                                                                                    MD5:466614687C25E8B41B6F2FA2E6D549B7
                                                                                                                                    SHA1:FA50727FA34762506C42E74321697708C50323D3
                                                                                                                                    SHA-256:F843F648209BF4B32ADD7C8EDD3EDD7E7B5DFD258C377631CB6C841FEA559D83
                                                                                                                                    SHA-512:FAFAC97FC97D0027095528915025B0600F4E3D6D0AEE2250DB9F440D94C7BD31F5C1E14FD250C27718EF26D3DFF58914B67DF43EE065A5304C53E78CB562AD73
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106219..data = {065580BB-4FA7-4C69-82A9-FBA08E047F4B}..pkgtype = APAC....[Version]..method = MSI..data = {065580BB-4FA7-4C69-82A9-FBA08E047F4B}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_INTEL_TELEM\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.136143459627605
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFUZZERbIQQdVnnSHTctnc9kScVckhFdVBsSkIQQdVnnSHTctnc9ov:/QZgFUnEdtonSeEFkhFrBUtonSeEy
                                                                                                                                    MD5:466614687C25E8B41B6F2FA2E6D549B7
                                                                                                                                    SHA1:FA50727FA34762506C42E74321697708C50323D3
                                                                                                                                    SHA-256:F843F648209BF4B32ADD7C8EDD3EDD7E7B5DFD258C377631CB6C841FEA559D83
                                                                                                                                    SHA-512:FAFAC97FC97D0027095528915025B0600F4E3D6D0AEE2250DB9F440D94C7BD31F5C1E14FD250C27718EF26D3DFF58914B67DF43EE065A5304C53E78CB562AD73
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106219..data = {065580BB-4FA7-4C69-82A9-FBA08E047F4B}..pkgtype = APAC....[Version]..method = MSI..data = {065580BB-4FA7-4C69-82A9-FBA08E047F4B}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_INTEL_TELEM\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_OSD_AIO_7440\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):338
                                                                                                                                    Entropy (8bit):5.314303194719205
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HFCLvGc5XLx33dgXYMkaWjbAmtkXLx33dgXRHKArqOc5XLx33dgXYL:ccNLd3dgXYMGjkmtULd3dgXtKWcNLd3X
                                                                                                                                    MD5:A412F8FF43B16218291A22A79A141A13
                                                                                                                                    SHA1:13C6D8AD2CFB608A819A2680EF0033E2CC4060D6
                                                                                                                                    SHA-256:8BA3B2668FB6D673171528E9630B7A8B736316401ECBD9D0777837DAE8FF901B
                                                                                                                                    SHA-512:5F8E27DBA07100024A88289F0045DA4546A1D8BF66296BF61694CCDD9A36565210D95DDFDCB5C662295DD5830A0D2D3A5841F1AEC806B3E08E05E88A98CD2105
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 103474..data = HKEY_LOCAL_MACHINE\SOFTWARE\DELL\ManageableUpdatePackage\DellOSD\Version;..pkgtype = APAC..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\DELL\ManageableUpdatePackage\DellOSD\Display;....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\DELL\ManageableUpdatePackage\DellOSD\Version;

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_OSD_AIO_7440\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):338
                                                                                                                                    Entropy (8bit):5.314303194719205
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HFCLvGc5XLx33dgXYMkaWjbAmtkXLx33dgXRHKArqOc5XLx33dgXYL:ccNLd3dgXYMGjkmtULd3dgXtKWcNLd3X
                                                                                                                                    MD5:A412F8FF43B16218291A22A79A141A13
                                                                                                                                    SHA1:13C6D8AD2CFB608A819A2680EF0033E2CC4060D6
                                                                                                                                    SHA-256:8BA3B2668FB6D673171528E9630B7A8B736316401ECBD9D0777837DAE8FF901B
                                                                                                                                    SHA-512:5F8E27DBA07100024A88289F0045DA4546A1D8BF66296BF61694CCDD9A36565210D95DDFDCB5C662295DD5830A0D2D3A5841F1AEC806B3E08E05E88A98CD2105
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 103474..data = HKEY_LOCAL_MACHINE\SOFTWARE\DELL\ManageableUpdatePackage\DellOSD\Version;..pkgtype = APAC..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\DELL\ManageableUpdatePackage\DellOSD\Display;....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\DELL\ManageableUpdatePackage\DellOSD\Version;

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_OSD_AIO_7440\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_RCC_1_2\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):4.974861472337604
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GF36imZvGfEoIbIsPXA+ovVtRcVckhFdVBsSkZvGfEoIbIsPXA+ovyn:/QZgF36d4EoKXhyLxkhFrBU4EoKXhyy
                                                                                                                                    MD5:4E654E9AA458AF490DFB3368108CF038
                                                                                                                                    SHA1:9C44BCA3142226F8658270B1FFDFD3B1C91D6C82
                                                                                                                                    SHA-256:5AD1BBF8F21FC16AA6A0ACB8948FB18A25EAB6E2F3F372783F1F8B2E5A3AFB82
                                                                                                                                    SHA-512:869D37E43F90FD0B8684D3BF584DE6F86FF5384CBBA0A7C62D704B2973EFF203F0DC815E6DBBB8894A4B1D4D1C2BC16AA0789D57D615711613796896EFD1C411
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104496..data = {cf9ef4cc-a8cd-42ae-b852-4ee9135ba2e4}..pkgtype = APAC....[Version]..method = MSI..data = {cf9ef4cc-a8cd-42ae-b852-4ee9135ba2e4}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_RCC_1_2\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):4.974861472337604
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GF36imZvGfEoIbIsPXA+ovVtRcVckhFdVBsSkZvGfEoIbIsPXA+ovyn:/QZgF36d4EoKXhyLxkhFrBU4EoKXhyy
                                                                                                                                    MD5:4E654E9AA458AF490DFB3368108CF038
                                                                                                                                    SHA1:9C44BCA3142226F8658270B1FFDFD3B1C91D6C82
                                                                                                                                    SHA-256:5AD1BBF8F21FC16AA6A0ACB8948FB18A25EAB6E2F3F372783F1F8B2E5A3AFB82
                                                                                                                                    SHA-512:869D37E43F90FD0B8684D3BF584DE6F86FF5384CBBA0A7C62D704B2973EFF203F0DC815E6DBBB8894A4B1D4D1C2BC16AA0789D57D615711613796896EFD1C411
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104496..data = {cf9ef4cc-a8cd-42ae-b852-4ee9135ba2e4}..pkgtype = APAC....[Version]..method = MSI..data = {cf9ef4cc-a8cd-42ae-b852-4ee9135ba2e4}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_RCC_1_2\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_SBA3PX_XLOB\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.150247219796493
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFg4vHmvdq4VVR8eQ4aYOCRcVckhFdVBsSkvdq4VVR8eQ4a1:/QZgFgiGcPDYOCxkhFrBUcPD1
                                                                                                                                    MD5:C1C4072E463EA7C7485C9269F5EBAAFB
                                                                                                                                    SHA1:B0499A09DC6C51A31945C792362B94F9B170F6E2
                                                                                                                                    SHA-256:06E211B9A322A8A55F97E31863A01BF1F73B02DFEC0E1E8800A9F497A9AB78C5
                                                                                                                                    SHA-512:84738E02B8F2769444BAD9893AAAB696B13312944BD5AD6A35AFCD68326B2782F5FCD09A8FECF33319FF16C21C16B712B47BF99D35D65B9739AC62E79111C9F0
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 101035..data = {6A6D86CD-B004-46b7-8951-7BB75A776F8C}..pkgtype = APAC....[Version]..method = MSI..data = {6A6D86CD-B004-46b7-8951-7BB75A776F8C}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_SBA3PX_XLOB\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.150247219796493
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFg4vHmvdq4VVR8eQ4aYOCRcVckhFdVBsSkvdq4VVR8eQ4a1:/QZgFgiGcPDYOCxkhFrBUcPD1
                                                                                                                                    MD5:C1C4072E463EA7C7485C9269F5EBAAFB
                                                                                                                                    SHA1:B0499A09DC6C51A31945C792362B94F9B170F6E2
                                                                                                                                    SHA-256:06E211B9A322A8A55F97E31863A01BF1F73B02DFEC0E1E8800A9F497A9AB78C5
                                                                                                                                    SHA-512:84738E02B8F2769444BAD9893AAAB696B13312944BD5AD6A35AFCD68326B2782F5FCD09A8FECF33319FF16C21C16B712B47BF99D35D65B9739AC62E79111C9F0
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 101035..data = {6A6D86CD-B004-46b7-8951-7BB75A776F8C}..pkgtype = APAC....[Version]..method = MSI..data = {6A6D86CD-B004-46b7-8951-7BB75A776F8C}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_SBA3PX_XLOB\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_TOUCH_FRMW\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):178
                                                                                                                                    Entropy (8bit):5.231519998348443
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFPdWFyBEdqjft8cscu3Wv6R9YLRkckhFdVBsSkqjft8cscu3Wv6R9Yn:/QZgFlWcydstahWv6ExkhFrBUstahWvp
                                                                                                                                    MD5:E18A7E50387D69A3D2D5EFF3639CD060
                                                                                                                                    SHA1:C24ECFB9620EC9C5CCE43ECACF89E74C301D2F58
                                                                                                                                    SHA-256:A233550EA2625E214A12EE116FA1A353DE63538E6744CD3536825F396A4BA84A
                                                                                                                                    SHA-512:DA5E6F3387D0724681BD4ED80EA8204703F942711C41043088AE644A291619D5312E71AED2157440E73104A7CA18F5496B36785FD038164B16D67D1CC953F9DD
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103983 ..data = {22F661DE-52C9-490a-9423-705471708FBC}pkgtype = APAC....[Version]..method = MSI..data = {22F661DE-52C9-490a-9423-705471708FBC}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_TOUCH_FRMW\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):178
                                                                                                                                    Entropy (8bit):5.231519998348443
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFPdWFyBEdqjft8cscu3Wv6R9YLRkckhFdVBsSkqjft8cscu3Wv6R9Yn:/QZgFlWcydstahWv6ExkhFrBUstahWvp
                                                                                                                                    MD5:E18A7E50387D69A3D2D5EFF3639CD060
                                                                                                                                    SHA1:C24ECFB9620EC9C5CCE43ECACF89E74C301D2F58
                                                                                                                                    SHA-256:A233550EA2625E214A12EE116FA1A353DE63538E6744CD3536825F396A4BA84A
                                                                                                                                    SHA-512:DA5E6F3387D0724681BD4ED80EA8204703F942711C41043088AE644A291619D5312E71AED2157440E73104A7CA18F5496B36785FD038164B16D67D1CC953F9DD
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103983 ..data = {22F661DE-52C9-490a-9423-705471708FBC}pkgtype = APAC....[Version]..method = MSI..data = {22F661DE-52C9-490a-9423-705471708FBC}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_TOUCH_FRMW\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_USB3_DISP\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):576
                                                                                                                                    Entropy (8bit):5.381657701185963
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pbz+NLTpNgb2BE63CaULTpNgb2BEg8xkz+NLTpNgb2BO:+C5r85vSmNvp22WQMvp22Wg8xlNvp22A
                                                                                                                                    MD5:4F483AB85023AB97A5CE43E23FE3AB6C
                                                                                                                                    SHA1:77691CF0FE13E8C79083C27C8E65B2B2FFD8DFA5
                                                                                                                                    SHA-256:11ED9A46D1BABA691F6D012F636CBFB190DE37A158E94D0140B8BC293289AFC9
                                                                                                                                    SHA-512:9E2436F8896A8EDA65D61A226B893739196770590C05186A050EE2D1C81B50C805533BA2597C35E7B55AA47752762CB16491FEB4F7448C2A5B996F9F4B3A0858
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\USBTypeCStatusDisplay;Version..ComponentID = 105777..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\USBTypeCStatusDisplay;Display..pkgtype = APAC....[Version]......Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\USBTypeCStatusDisplay;Version......[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_USB3_DISP\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):576
                                                                                                                                    Entropy (8bit):5.381657701185963
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pbz+NLTpNgb2BE63CaULTpNgb2BEg8xkz+NLTpNgb2BO:+C5r85vSmNvp22WQMvp22Wg8xlNvp22A
                                                                                                                                    MD5:4F483AB85023AB97A5CE43E23FE3AB6C
                                                                                                                                    SHA1:77691CF0FE13E8C79083C27C8E65B2B2FFD8DFA5
                                                                                                                                    SHA-256:11ED9A46D1BABA691F6D012F636CBFB190DE37A158E94D0140B8BC293289AFC9
                                                                                                                                    SHA-512:9E2436F8896A8EDA65D61A226B893739196770590C05186A050EE2D1C81B50C805533BA2597C35E7B55AA47752762CB16491FEB4F7448C2A5B996F9F4B3A0858
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\USBTypeCStatusDisplay;Version..ComponentID = 105777..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\USBTypeCStatusDisplay;Display..pkgtype = APAC....[Version]......Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\USBTypeCStatusDisplay;Version......[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_USB3_DISP\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_USB3_DISP\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_UTIL_SDROM\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.174414156773235
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFQhEm6yxTsTleydxdFNjcVckhFdVBsSk6yxTsTleydxdFan:/QZgFQNhOl9xBkhFrBUhOl9xm
                                                                                                                                    MD5:646DC545960028B75AECF56BF72B9441
                                                                                                                                    SHA1:674E97B8320F6610AC3D3A50451C7BAE54519294
                                                                                                                                    SHA-256:64D8E4E85F4D9CF7169E847A5618051B3BB7ADEE7AF04352295817719E1AEA65
                                                                                                                                    SHA-512:1E118D7461ACB28DE339835FCC5504C3879D0B7F750A26E3A79715897C81A71457EB772AD45407DE1DAC42E62F495FB82F481973A6788F76EA6C8D0B790D8FF7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106355..data = {9CF56989-2BC6-4BD9-BEEC-102294B85F38}..pkgtype = APAC....[Version]..method = MSI..data = {9CF56989-2BC6-4BD9-BEEC-102294B85F38}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_UTIL_SDROM\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.174414156773235
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFQhEm6yxTsTleydxdFNjcVckhFdVBsSk6yxTsTleydxdFan:/QZgFQNhOl9xBkhFrBUhOl9xm
                                                                                                                                    MD5:646DC545960028B75AECF56BF72B9441
                                                                                                                                    SHA1:674E97B8320F6610AC3D3A50451C7BAE54519294
                                                                                                                                    SHA-256:64D8E4E85F4D9CF7169E847A5618051B3BB7ADEE7AF04352295817719E1AEA65
                                                                                                                                    SHA-512:1E118D7461ACB28DE339835FCC5504C3879D0B7F750A26E3A79715897C81A71457EB772AD45407DE1DAC42E62F495FB82F481973A6788F76EA6C8D0B790D8FF7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106355..data = {9CF56989-2BC6-4BD9-BEEC-102294B85F38}..pkgtype = APAC....[Version]..method = MSI..data = {9CF56989-2BC6-4BD9-BEEC-102294B85F38}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_UTIL_SDROM\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_WBS_INTEL_31-7265_WB64\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.175188525352887
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFF6EmUwhemTg9UiHvLRcVckhFdVBsSkUwhemTg9UiHvov:/QZgFYUUe9UiHvLxkhFrBUUUe9UiHvy
                                                                                                                                    MD5:81E96E794DF0BBDDEBD3C22ED6E5A3BD
                                                                                                                                    SHA1:B6C92A70053A4F1118BC9F146940CA6935341465
                                                                                                                                    SHA-256:5E2566D99A1A54BE94D8E1DCF4A5583E2959374BE2A6575B53EB5EB1D0FAE8AB
                                                                                                                                    SHA-512:E32996A8CDEC3F79EA05D23714C61E7914DE3C69EC8AC49116E1482FDFDA45E8BB2BAF5298936AE28F623CF65597D74F075E9A253CD6277420B4A210CBC2DD9B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104025..data = {AE89879D-FC6A-42E9-9A30-DB36B682A242}..pkgtype = APAC....[Version]..method = MSI..data = {AE89879D-FC6A-42E9-9A30-DB36B682A242}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_WBS_INTEL_31-7265_WB64\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.175188525352887
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFF6EmUwhemTg9UiHvLRcVckhFdVBsSkUwhemTg9UiHvov:/QZgFYUUe9UiHvLxkhFrBUUUe9UiHvy
                                                                                                                                    MD5:81E96E794DF0BBDDEBD3C22ED6E5A3BD
                                                                                                                                    SHA1:B6C92A70053A4F1118BC9F146940CA6935341465
                                                                                                                                    SHA-256:5E2566D99A1A54BE94D8E1DCF4A5583E2959374BE2A6575B53EB5EB1D0FAE8AB
                                                                                                                                    SHA-512:E32996A8CDEC3F79EA05D23714C61E7914DE3C69EC8AC49116E1482FDFDA45E8BB2BAF5298936AE28F623CF65597D74F075E9A253CD6277420B4A210CBC2DD9B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104025..data = {AE89879D-FC6A-42E9-9A30-DB36B682A242}..pkgtype = APAC....[Version]..method = MSI..data = {AE89879D-FC6A-42E9-9A30-DB36B682A242}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\APP_WBS_INTEL_31-7265_WB64\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alexa\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):427
                                                                                                                                    Entropy (8bit):5.3563679996869835
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pA08IcGM/QCKSKw08IcGM/QCiFsq+pG5:+C5r85vSaIVyKSbIVyZFpG5
                                                                                                                                    MD5:798D00469FFE754912F662D6662EFFFC
                                                                                                                                    SHA1:8317B661C747321FF981D19BA0E12883F99B61DB
                                                                                                                                    SHA-256:D1714A25E7B1F169822D79F2FA0788A53392E9C04DFC15B6B74C12898EAB2329
                                                                                                                                    SHA-512:483064980261D8F4AC6C28D927DC5CA65BD9E73A4A02FD2833E972A9BB47D4748122F03D04B6DCE940AF863EB1BB9D07455AEA8061E6D27B3BBBC211E9B17EA5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]......Method = MSI..Data = {882B7D7B-4A11-449E-800D-B11DEA2E5122}..PkgType = DRVR..ComponentID=17011......[Version]....Method = MSI..Data = {882B7D7B-4A11-449E-800D-B11DEA2E5122}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alexa\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):427
                                                                                                                                    Entropy (8bit):5.3563679996869835
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pA08IcGM/QCKSKw08IcGM/QCiFsq+pG5:+C5r85vSaIVyKSbIVyZFpG5
                                                                                                                                    MD5:798D00469FFE754912F662D6662EFFFC
                                                                                                                                    SHA1:8317B661C747321FF981D19BA0E12883F99B61DB
                                                                                                                                    SHA-256:D1714A25E7B1F169822D79F2FA0788A53392E9C04DFC15B6B74C12898EAB2329
                                                                                                                                    SHA-512:483064980261D8F4AC6C28D927DC5CA65BD9E73A4A02FD2833E972A9BB47D4748122F03D04B6DCE940AF863EB1BB9D07455AEA8061E6D27B3BBBC211E9B17EA5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]......Method = MSI..Data = {882B7D7B-4A11-449E-800D-B11DEA2E5122}..PkgType = DRVR..ComponentID=17011......[Version]....Method = MSI..Data = {882B7D7B-4A11-449E-800D-B11DEA2E5122}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alexa\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alexa\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alienware_Command_Center\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.206426673439484
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFikJmioLSPfAcVckhFdVBsSkioLSPf7vn:/QZgFi/rmngkhFrBUrmn7v
                                                                                                                                    MD5:623F785E2AA044652FAEEF5D5B81DE38
                                                                                                                                    SHA1:5ADFA572CAB0F7F3CB855F90994B7B70C44E34B2
                                                                                                                                    SHA-256:07E67BE9B9927FB45F8DB20794286C484E8D38C7E889DC753F6873C04A533460
                                                                                                                                    SHA-512:EE80C50F5ADEC95E56A97B147A13E371753DFEF7F4EE5D7956564A0AC610784A08684F7B9CFE6A2B6D3EE5F20B16069D62A85EA6C38FA9D8450E8277091764A3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106854..data = {8DB08EF6-8101-43C3-A4D2-BB397EAF0BCD}..pkgtype = APAC....[Version]..method = MSI..data = {8DB08EF6-8101-43C3-A4D2-BB397EAF0BCD}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alienware_Command_Center\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.206426673439484
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFikJmioLSPfAcVckhFdVBsSkioLSPf7vn:/QZgFi/rmngkhFrBUrmn7v
                                                                                                                                    MD5:623F785E2AA044652FAEEF5D5B81DE38
                                                                                                                                    SHA1:5ADFA572CAB0F7F3CB855F90994B7B70C44E34B2
                                                                                                                                    SHA-256:07E67BE9B9927FB45F8DB20794286C484E8D38C7E889DC753F6873C04A533460
                                                                                                                                    SHA-512:EE80C50F5ADEC95E56A97B147A13E371753DFEF7F4EE5D7956564A0AC610784A08684F7B9CFE6A2B6D3EE5F20B16069D62A85EA6C38FA9D8450E8277091764A3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106854..data = {8DB08EF6-8101-43C3-A4D2-BB397EAF0BCD}..pkgtype = APAC....[Version]..method = MSI..data = {8DB08EF6-8101-43C3-A4D2-BB397EAF0BCD}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alienware_Command_Center\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alienware_Command_Center_Reg\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):345
                                                                                                                                    Entropy (8bit):5.2180100972482
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HFyrc5XLxJuu90LdujkaWjbAmtkXLxJuu9O5FrqOc5XLxJuu90Ld/:dcNLCC0hujGjkmtULCCOLcNLCC0h/
                                                                                                                                    MD5:5A23816FCA47E3B989BA82EC6F24CBF4
                                                                                                                                    SHA1:10101ACE5BEBBC41B2AFADB65BB5778E7528EEDC
                                                                                                                                    SHA-256:76D0BF2B1C2E5CE263D191ACD2987E538931079FCBA82B3E7CE87C0D6F9CC052
                                                                                                                                    SHA-512:521F852FDD3AC58487BB7846A6E722295026AD1B890EFA3E09D094F5BB477DA12071E0DAA2E345AB60E9F918CA96E7149D538EE229DB2B0A0704861B36295E5D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 107020..data = HKEY_LOCAL_MACHINE\SOFTWARE\Alienware\Alienware Command Center;InstallVersion..pkgtype = APAC..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Alienware\Alienware Command Center;(Default)....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\Alienware\Alienware Command Center;InstallVersion

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alienware_Command_Center_Reg\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):345
                                                                                                                                    Entropy (8bit):5.2180100972482
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HFyrc5XLxJuu90LdujkaWjbAmtkXLxJuu9O5FrqOc5XLxJuu90Ld/:dcNLCC0hujGjkmtULCCOLcNLCC0h/
                                                                                                                                    MD5:5A23816FCA47E3B989BA82EC6F24CBF4
                                                                                                                                    SHA1:10101ACE5BEBBC41B2AFADB65BB5778E7528EEDC
                                                                                                                                    SHA-256:76D0BF2B1C2E5CE263D191ACD2987E538931079FCBA82B3E7CE87C0D6F9CC052
                                                                                                                                    SHA-512:521F852FDD3AC58487BB7846A6E722295026AD1B890EFA3E09D094F5BB477DA12071E0DAA2E345AB60E9F918CA96E7149D538EE229DB2B0A0704861B36295E5D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 107020..data = HKEY_LOCAL_MACHINE\SOFTWARE\Alienware\Alienware Command Center;InstallVersion..pkgtype = APAC..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Alienware\Alienware Command Center;(Default)....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\Alienware\Alienware Command Center;InstallVersion

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alienware_Command_Center_Reg\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alienware_External_Graphics_Amplifier\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):184
                                                                                                                                    Entropy (8bit):5.209751211579419
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFsWVyCbcGS3xkc6a4NOCRcVckhFdVBsSkcGS3xkc6aJvn:/QZgFsWVyCbcF3xXyNOCxkhFrBUcF3xT
                                                                                                                                    MD5:08D7CDF397EB9D8C976F37F52B5464C4
                                                                                                                                    SHA1:77AFBFF32CD0CD17D58136C6A5E7D11D74F73C43
                                                                                                                                    SHA-256:1D50BA792382929B8C0A656F5E74E8234EE303D3D76147C1951F417A6797245C
                                                                                                                                    SHA-512:66C0731F8893F3DDF6B3A26E3C78B3BAA2DFCBBF7F71AB8DBD24C2BF01765AA539A7898B0BF825B928081C7EA1FBC2C589067BE2AC536300CF9883E0EA7B9F00
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 105030..data = {BACD4E75-6BF1-420E-A4CA-D825593A18D7}..pkgtype = APAC....[Version]..method = MSI..data = {BACD4E75-6BF1-420E-A4CA-D825593A18D7} ....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alienware_External_Graphics_Amplifier\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):180
                                                                                                                                    Entropy (8bit):5.229060790295613
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFsWVyCbcGS3xkc6a4NOCRcVckhFdVBsSkcGS3xkc6aV:/QZgFsWVyCbcF3xXyNOCxkhFrBUcF3xv
                                                                                                                                    MD5:3AAB26F99F32BE14474199421B26BD67
                                                                                                                                    SHA1:A093FA690BF1B4EEB67EBF91842436C363C2F69E
                                                                                                                                    SHA-256:5A40E1ECE56228CC303D8C794115AB8FAFBEA3CF3B64401E2EC6F6524D5D62BF
                                                                                                                                    SHA-512:15879A73B054435ADD12870BB002CD0FCAFF1DB3AE06A53ED88DEFE5FDCB6916A4865869CF83E5AEBC52B08296160DB6463C0CC984145A134765AF8D0540B9E9
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 105030..data = {BACD4E75-6BF1-420E-A4CA-D825593A18D7}..pkgtype = APAC....[Version]..method = MSI..data = {BACD4E75-6BF1-420E-A4CA-D825593A18D7}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alienware_External_Graphics_Amplifier\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alienware_Mobile_Connect\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.1255702172529825
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GF9ovydRCTmSog+DHRcVckhFdVBsSkRCTmSog+D2:/QZgF93dRCTmSog+DHxkhFrBURCTmSow
                                                                                                                                    MD5:707F2326DC3AEC9D728B8F83BA776993
                                                                                                                                    SHA1:BE2C6F947FBF9502BF1EDA00F26AFF7EDEAF3ABD
                                                                                                                                    SHA-256:CD3B93D1881836E5CA53667D462B072FB35032673CAFF9FBB7EB7BC6EA533551
                                                                                                                                    SHA-512:B9DF8D88D7D0EFD1175806153682A0D2F308EC57289AA8F7756BCD9A81F2E734CE917230A38E0E938675FFF4FB8E176B34FF21E116311477FA4CB9C688034265
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104073..data = {A0103E7A-C24F-4592-8183-073CC501D099}..pkgtype = APAC....[Version]..method = MSI..data = {A0103E7A-C24F-4592-8183-073CC501D099}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alienware_Mobile_Connect\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.1255702172529825
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GF9ovydRCTmSog+DHRcVckhFdVBsSkRCTmSog+D2:/QZgF93dRCTmSog+DHxkhFrBURCTmSow
                                                                                                                                    MD5:707F2326DC3AEC9D728B8F83BA776993
                                                                                                                                    SHA1:BE2C6F947FBF9502BF1EDA00F26AFF7EDEAF3ABD
                                                                                                                                    SHA-256:CD3B93D1881836E5CA53667D462B072FB35032673CAFF9FBB7EB7BC6EA533551
                                                                                                                                    SHA-512:B9DF8D88D7D0EFD1175806153682A0D2F308EC57289AA8F7756BCD9A81F2E734CE917230A38E0E938675FFF4FB8E176B34FF21E116311477FA4CB9C688034265
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104073..data = {A0103E7A-C24F-4592-8183-073CC501D099}..pkgtype = APAC....[Version]..method = MSI..data = {A0103E7A-C24F-4592-8183-073CC501D099}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alienware_Mobile_Connect\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alienware_OC_Controls\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):306
                                                                                                                                    Entropy (8bit):5.2837220930016295
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HFwsBEkNLxJJyujkaWjbAmtkXLxJzMEC7vMFrqZNLxJJy/:3sBEkNLNyujGjkmtULsECrRNLNy/
                                                                                                                                    MD5:07BAD55DC646C1288258C38EAEACFAE3
                                                                                                                                    SHA1:65163ADAA8C3E899CE8726739FB1CE3EA1C1BFB8
                                                                                                                                    SHA-256:0B7C536B10F6A6441D26BE0CD3B0961F9ED215EC98D8954DD27573FD134A87CF
                                                                                                                                    SHA-512:6F518973081F8AB90ED43A0C089B0592C3093EF9102AD1CB26682A134CA664EFEBDD7D468B6A896B923F85550B78518C93625FAD3686C48B141360EA6837A783
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 107237..data =HKEY_LOCAL_MACHINE\SOFTWARE\Alienware\OC Controls;InstallVersion..pkgtype = APAC..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Alienware\OC Controls;DisplayName....[Version]..method = Reg..data =HKEY_LOCAL_MACHINE\SOFTWARE\Alienware\OC Controls;InstallVersion

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alienware_OC_Controls\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):306
                                                                                                                                    Entropy (8bit):5.2837220930016295
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HFwsBEkNLxJJyujkaWjbAmtkXLxJzMEC7vMFrqZNLxJJy/:3sBEkNLNyujGjkmtULsECrRNLNy/
                                                                                                                                    MD5:07BAD55DC646C1288258C38EAEACFAE3
                                                                                                                                    SHA1:65163ADAA8C3E899CE8726739FB1CE3EA1C1BFB8
                                                                                                                                    SHA-256:0B7C536B10F6A6441D26BE0CD3B0961F9ED215EC98D8954DD27573FD134A87CF
                                                                                                                                    SHA-512:6F518973081F8AB90ED43A0C089B0592C3093EF9102AD1CB26682A134CA664EFEBDD7D468B6A896B923F85550B78518C93625FAD3686C48B141360EA6837A783
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 107237..data =HKEY_LOCAL_MACHINE\SOFTWARE\Alienware\OC Controls;InstallVersion..pkgtype = APAC..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Alienware\OC Controls;DisplayName....[Version]..method = Reg..data =HKEY_LOCAL_MACHINE\SOFTWARE\Alienware\OC Controls;InstallVersion

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alienware_OC_Controls\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alienware_OSD\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):184
                                                                                                                                    Entropy (8bit):5.209751211579419
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFsWVyCbcGS3xkc6a4NOCRcVckhFdVBsSkcGS3xkc6aJvn:/QZgFsWVyCbcF3xXyNOCxkhFrBUcF3xT
                                                                                                                                    MD5:08D7CDF397EB9D8C976F37F52B5464C4
                                                                                                                                    SHA1:77AFBFF32CD0CD17D58136C6A5E7D11D74F73C43
                                                                                                                                    SHA-256:1D50BA792382929B8C0A656F5E74E8234EE303D3D76147C1951F417A6797245C
                                                                                                                                    SHA-512:66C0731F8893F3DDF6B3A26E3C78B3BAA2DFCBBF7F71AB8DBD24C2BF01765AA539A7898B0BF825B928081C7EA1FBC2C589067BE2AC536300CF9883E0EA7B9F00
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 105030..data = {BACD4E75-6BF1-420E-A4CA-D825593A18D7}..pkgtype = APAC....[Version]..method = MSI..data = {BACD4E75-6BF1-420E-A4CA-D825593A18D7} ....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alienware_OSD\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):184
                                                                                                                                    Entropy (8bit):5.209751211579419
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFsWVyCbcGS3xkc6a4NOCRcVckhFdVBsSkcGS3xkc6aJvn:/QZgFsWVyCbcF3xXyNOCxkhFrBUcF3xT
                                                                                                                                    MD5:08D7CDF397EB9D8C976F37F52B5464C4
                                                                                                                                    SHA1:77AFBFF32CD0CD17D58136C6A5E7D11D74F73C43
                                                                                                                                    SHA-256:1D50BA792382929B8C0A656F5E74E8234EE303D3D76147C1951F417A6797245C
                                                                                                                                    SHA-512:66C0731F8893F3DDF6B3A26E3C78B3BAA2DFCBBF7F71AB8DBD24C2BF01765AA539A7898B0BF825B928081C7EA1FBC2C589067BE2AC536300CF9883E0EA7B9F00
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 105030..data = {BACD4E75-6BF1-420E-A4CA-D825593A18D7}..pkgtype = APAC....[Version]..method = MSI..data = {BACD4E75-6BF1-420E-A4CA-D825593A18D7} ....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Alienware_OSD\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\AlpsTouchPad\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):492
                                                                                                                                    Entropy (8bit):5.427857640473288
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtZPjitZPm/Ctgg+NLTvnCaULTzuSIvz+NLTvqFsq+pG1:+KLguFNv/MvzuSI6Nv5FpG1
                                                                                                                                    MD5:E737EBAEA6720CC714693168AADBF31D
                                                                                                                                    SHA1:E813265FA3846E5280265D0BABCA0548818B8747
                                                                                                                                    SHA-256:2AA37901EC4154B872589860E5F9C543BF7CDD9F04A4282F0C01DDD573C91E28
                                                                                                                                    SHA-512:C263408F5F69033F9C2CCDFE5866DB3FB69EB93B47089B5A0F7A210B14CDEAAD523A59E7497C3D2557D06FF92803B48450ACC5FAD4148A3C630027FEE3042D16
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -k..[Regular]..1= Payload\Setup.exe -s -k..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Alps;CurrentVer..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Alps;Description..PkgType = DRVR..ComponentID=20801......[Version]....Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Alps;CurrentVer....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\AlpsTouchPad\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):492
                                                                                                                                    Entropy (8bit):5.427857640473288
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtZPjitZPm/Ctgg+NLTvnCaULTzuSIvz+NLTvqFsq+pG1:+KLguFNv/MvzuSI6Nv5FpG1
                                                                                                                                    MD5:E737EBAEA6720CC714693168AADBF31D
                                                                                                                                    SHA1:E813265FA3846E5280265D0BABCA0548818B8747
                                                                                                                                    SHA-256:2AA37901EC4154B872589860E5F9C543BF7CDD9F04A4282F0C01DDD573C91E28
                                                                                                                                    SHA-512:C263408F5F69033F9C2CCDFE5866DB3FB69EB93B47089B5A0F7A210B14CDEAAD523A59E7497C3D2557D06FF92803B48450ACC5FAD4148A3C630027FEE3042D16
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -k..[Regular]..1= Payload\Setup.exe -s -k..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Alps;CurrentVer..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Alps;Description..PkgType = DRVR..ComponentID=20801......[Version]....Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Alps;CurrentVer....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\AlpsTouchPad\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1488
                                                                                                                                    Entropy (8bit):4.787060074000364
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCy3Ke+KLtr3M/aI3/SP:IQ8IhhtKLtzM/aI3w
                                                                                                                                    MD5:0AD3040C519FB22EABC7EAE87F759E9B
                                                                                                                                    SHA1:AE273B890F15784FDBD2AA2D65BC40F7235DB511
                                                                                                                                    SHA-256:625151F85603FD40250D81F9AA9293E1FB56D6AEEBC7FB51265382BCBFE9A9AC
                                                                                                                                    SHA-512:BA19BA05F110AB19761042B86F6DBA8039AEAF411A185A3E03EBAB497C74C491ECB2461C0A71D766CC487EED940B8C91C22E8A0B09C746C848B58FC06E60D684
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="300">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\AlpsTouchPad\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Aquantia\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):423
                                                                                                                                    Entropy (8bit):5.321240010752183
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pbo1gviL9BKlL9BKHFsq+pG5:+C5r85vScCvQzkzzFpG5
                                                                                                                                    MD5:E968C746A92F7A2E8C884FF272E11473
                                                                                                                                    SHA1:4191ECB0BAB191D8FE3C692663D66539A2E381EB
                                                                                                                                    SHA-256:CD5A6C205965AC040A4031C0F0070F5EC81242ECB11FB2638312180FB2301015
                                                                                                                                    SHA-512:9C722F18D49AF5C3216B217D22E622E6BDD62C95D7FB46FCFF807AEAD5799448C8A1E5B37E2B7BD5C28FD05CB24B6D832C3CA13ACE17DEAFD8D0F17CE569B62A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]....Method = MSI..ComponentID = 16001..Data = {8b5ed4f0-b8f7-4863-893b-3169f7c19ccd}..pkgtype = DRVR....[Version]..Method = MSI..Data = {8b5ed4f0-b8f7-4863-893b-3169f7c19ccd}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Aquantia\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):423
                                                                                                                                    Entropy (8bit):5.321240010752183
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pbo1gviL9BKlL9BKHFsq+pG5:+C5r85vScCvQzkzzFpG5
                                                                                                                                    MD5:E968C746A92F7A2E8C884FF272E11473
                                                                                                                                    SHA1:4191ECB0BAB191D8FE3C692663D66539A2E381EB
                                                                                                                                    SHA-256:CD5A6C205965AC040A4031C0F0070F5EC81242ECB11FB2638312180FB2301015
                                                                                                                                    SHA-512:9C722F18D49AF5C3216B217D22E622E6BDD62C95D7FB46FCFF807AEAD5799448C8A1E5B37E2B7BD5C28FD05CB24B6D832C3CA13ACE17DEAFD8D0F17CE569B62A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]....Method = MSI..ComponentID = 16001..Data = {8b5ed4f0-b8f7-4863-893b-3169f7c19ccd}..pkgtype = DRVR....[Version]..Method = MSI..Data = {8b5ed4f0-b8f7-4863-893b-3169f7c19ccd}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Aquantia\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Aquantia\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Asix_SP_Port\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1117
                                                                                                                                    Entropy (8bit):5.309742650263962
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLy4NIVHdMIVHO2FNavzM9oQPNIVHGFpG5:P5r85vTh1A+n9yIZdMIZO2aiTFIZGO5
                                                                                                                                    MD5:F8FB5967353088C7626457D0ACBA0D6E
                                                                                                                                    SHA1:5215B5C09399AC6C7AC6AF90D40CBE9A3C798FF0
                                                                                                                                    SHA-256:F3E63A99692440C88102475E0B5FFC5BD797ED953D574D3AA18AA4D705261BD0
                                                                                                                                    SHA-512:161419528578B3C90BBE302793D78418A90D4D341C8C84DB2E980305A1F00DC8FAB7A12D9A6AEF987282080D56E05E50E06249B065CCDBADEA6048E6DF067A35
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..PkgType = DRVR..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MosUnst;DisplayVersion..ComponentID = 105346..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MosUnst;DisplayName....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Asix_SP_Port\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1117
                                                                                                                                    Entropy (8bit):5.309742650263962
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLy4NIVHdMIVHO2FNavzM9oQPNIVHGFpG5:P5r85vTh1A+n9yIZdMIZO2aiTFIZGO5
                                                                                                                                    MD5:F8FB5967353088C7626457D0ACBA0D6E
                                                                                                                                    SHA1:5215B5C09399AC6C7AC6AF90D40CBE9A3C798FF0
                                                                                                                                    SHA-256:F3E63A99692440C88102475E0B5FFC5BD797ED953D574D3AA18AA4D705261BD0
                                                                                                                                    SHA-512:161419528578B3C90BBE302793D78418A90D4D341C8C84DB2E980305A1F00DC8FAB7A12D9A6AEF987282080D56E05E50E06249B065CCDBADEA6048E6DF067A35
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..PkgType = DRVR..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MosUnst;DisplayVersion..ComponentID = 105346..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MosUnst;DisplayName....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Asix_SP_Port\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Asix_SP_Port\RegForceInventory.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):86462
                                                                                                                                    Entropy (8bit):3.6442635335363267
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:OH8HwDSmLToTy+/dlHu5lE3H6LBSTL+E9H1Pt:eswXPoG+/dFAG3GBS/+EN1F
                                                                                                                                    MD5:9125DF2E82623DA199479602AB1C18ED
                                                                                                                                    SHA1:58C37DE22CC35FFC4F27304D0D970D57DB14154F
                                                                                                                                    SHA-256:A07615791B6D4DD6F54173EAC6CAA77BC91E7C8866EDC0989C18D76B10045EBA
                                                                                                                                    SHA-512:868BB7B8E00A5FB802DA758101AC8D33A5AF2D111CD65F2263A7D3E9191DFC17C4DAAF88A995CB709F41874B360C7FC2F97D18AE25F75C8BEE816FCCE7783229
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.". .s.t.a.n.d.a.l.o.n.e.=.".n.o.".?.>.....<.F.o.r.c.e.I.n.v.e.n.t.o.r.y.>.....<.D.e.v.i.c.e. .c.o.m.p.o.n.e.n.t.I.D.=.".1.0.5.2.7.2.". .e.m.b.e.d.d.e.d.=.".0.". .O.S.C.h.e.c.k.=.".1.". .t.y.p.e.=.".A.P.P.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.D.e.l.l. .D.o.c.k. .P.a.t.c.h.].].>.<./.D.i.s.p.l.a.y.>.....<.S.u.p.p.o.r.t.e.d.S.y.s.t.e.m.s.>.....<.B.r.a.n.d. .k.e.y.=.".1.1.". .p.r.e.f.i.x.=.".P.R.E.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.P.r.e.c.i.s.i.o.n.].].>.<./.D.i.s.p.l.a.y.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.E.5.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.5.5.1.0.].].>.<./.D.i.s.p.l.a.y.>.....<./.M.o.d.e.l.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.D.9.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.7.5.1.0.].].>.<./.D.i.s.p.l.a.y.>.....<./.M.o.d.e.l.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.D.A.".>.....<.D.i.s.p.l.a.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Authentec\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):361
                                                                                                                                    Entropy (8bit):5.337881061936955
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9at3KKV5lFit3KKV5gCt3LSy+pfvchOCx8CqFSTTWvovARvchOCxa:CxAtBV5ritBV5gCt7Sy+pf04CqC+SfWt
                                                                                                                                    MD5:2EDE41FC05A1491376EBA77B210CFF81
                                                                                                                                    SHA1:7534D9BD5C1CF90BE8C1AD242BBC64011AD70B9E
                                                                                                                                    SHA-256:D5D1C109535112D9736474B29229A5C3E2EDC05A8571956721046FD9A00B3297
                                                                                                                                    SHA-512:4FD9450E921AD6BF0D7E8A25B78D6049FD577E246C4F431F4856CC2DCECABC25F993C55473E9070CED028C3B4AFBB82514CE3C384CA7022EE651C02D842D39B4
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {A6D060F2-A3FA-4A16-B64F-7A642D1C1561}..PkgType = DRVR..ComponentID=16694......[Version]......Method = MSI..Data = {A6D060F2-A3FA-4A16-B64F-7A642D1C1561}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Authentec\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):361
                                                                                                                                    Entropy (8bit):5.337881061936955
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9at3KKV5lFit3KKV5gCt3LSy+pfvchOCx8CqFSTTWvovARvchOCxa:CxAtBV5ritBV5gCt7Sy+pf04CqC+SfWt
                                                                                                                                    MD5:2EDE41FC05A1491376EBA77B210CFF81
                                                                                                                                    SHA1:7534D9BD5C1CF90BE8C1AD242BBC64011AD70B9E
                                                                                                                                    SHA-256:D5D1C109535112D9736474B29229A5C3E2EDC05A8571956721046FD9A00B3297
                                                                                                                                    SHA-512:4FD9450E921AD6BF0D7E8A25B78D6049FD577E246C4F431F4856CC2DCECABC25F993C55473E9070CED028C3B4AFBB82514CE3C384CA7022EE651C02D842D39B4
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {A6D060F2-A3FA-4A16-B64F-7A642D1C1561}..PkgType = DRVR..ComponentID=16694......[Version]......Method = MSI..Data = {A6D060F2-A3FA-4A16-B64F-7A642D1C1561}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Authentec\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Authentec\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Authentec_FP\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):322
                                                                                                                                    Entropy (8bit):5.265044326182952
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:t2CbReBbRgKRL1ihHtpv4vRqFpkVB4mZAovA7bnQo0vmkVB4n:tpdeRX6hHtpv4Z+U4uOnt0r4n
                                                                                                                                    MD5:868291698BF80753F5CD0E45260156FE
                                                                                                                                    SHA1:5D990B09FB038B198BA7B7150CA103AD6A6EDA16
                                                                                                                                    SHA-256:9F20D2F32BD360A5B8C38FEEE7969DEF42248898FB593F0655969D2AC86561DE
                                                                                                                                    SHA-512:CDE8869CDAB26C5645D656D2A5FF3FF7F057526D1DB1185A64347C0020D2F812DFAF1A7DAC909211B8E984C14A486D4CB0B790F0A30F3FEED079358CB3F0EF81
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..[Scan]....;Scan the Registry to obtain the installation status and Display name of the driver.....Method = MSI..PkgType = DRVR..Data={1571051B-6B26-4C29-B995-74B852089CAA}..ComponentID = 100576......[Version]....;Needed to extract Version from the Registry.....Method = MSI..Data={1571051B-6B26-4C29-B995-74B852089CAA}..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Authentec_FP\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):322
                                                                                                                                    Entropy (8bit):5.265044326182952
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:t2CbReBbRgKRL1ihHtpv4vRqFpkVB4mZAovA7bnQo0vmkVB4n:tpdeRX6hHtpv4Z+U4uOnt0r4n
                                                                                                                                    MD5:868291698BF80753F5CD0E45260156FE
                                                                                                                                    SHA1:5D990B09FB038B198BA7B7150CA103AD6A6EDA16
                                                                                                                                    SHA-256:9F20D2F32BD360A5B8C38FEEE7969DEF42248898FB593F0655969D2AC86561DE
                                                                                                                                    SHA-512:CDE8869CDAB26C5645D656D2A5FF3FF7F057526D1DB1185A64347C0020D2F812DFAF1A7DAC909211B8E984C14A486D4CB0B790F0A30F3FEED079358CB3F0EF81
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..[Scan]....;Scan the Registry to obtain the installation status and Display name of the driver.....Method = MSI..PkgType = DRVR..Data={1571051B-6B26-4C29-B995-74B852089CAA}..ComponentID = 100576......[Version]....;Needed to extract Version from the Registry.....Method = MSI..Data={1571051B-6B26-4C29-B995-74B852089CAA}..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Authentec_FP\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\BlacktopReader\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1656
                                                                                                                                    Entropy (8bit):5.427243066693166
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:XUh1A+FBCUK0HIhuoBwaiTB/X2+hIqU8HIhuoBbO4:khi+FruhuoqRTB/2PBLhuo5O4
                                                                                                                                    MD5:8F43A754C7328E43FE9D2F978F21E7EE
                                                                                                                                    SHA1:0D9F29A64BCE62490029E3482C422237C1F5E3C8
                                                                                                                                    SHA-256:2248B4DC5D18868DCDF254689D498B09204CB5BD8EEC9EA3C349C352E657CF88
                                                                                                                                    SHA-512:143F7E42C0CED09A6AD320BE097B0B0989483FC06D76B8E4C5155CB0FC0C60D1D3F13BFE10EF0AF32BB3717F61D8DFF223B5C5EF8E9532B76A38A54BAC933DC5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971....;..;..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;ComponentID = 15971......Method = MSI..Data = {9414F4A4-BFFD-4C32-B072-420907E7619A}..ComponentID = 21586......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\BlacktopReader\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1656
                                                                                                                                    Entropy (8bit):5.427243066693166
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:XUh1A+FBCUK0HIhuoBwaiTB/X2+hIqU8HIhuoBbO4:khi+FruhuoqRTB/2PBLhuo5O4
                                                                                                                                    MD5:8F43A754C7328E43FE9D2F978F21E7EE
                                                                                                                                    SHA1:0D9F29A64BCE62490029E3482C422237C1F5E3C8
                                                                                                                                    SHA-256:2248B4DC5D18868DCDF254689D498B09204CB5BD8EEC9EA3C349C352E657CF88
                                                                                                                                    SHA-512:143F7E42C0CED09A6AD320BE097B0B0989483FC06D76B8E4C5155CB0FC0C60D1D3F13BFE10EF0AF32BB3717F61D8DFF223B5C5EF8E9532B76A38A54BAC933DC5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971....;..;..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;ComponentID = 15971......Method = MSI..Data = {9414F4A4-BFFD-4C32-B072-420907E7619A}..ComponentID = 21586......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\BlacktopReader\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\BlacktopReader\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\BroadcomEhernetController\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Force]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1050
                                                                                                                                    Entropy (8bit):5.323729688098916
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:tC5r85vSeFmjc1zs+nQCQLlNvpG4NWBMvpG4ESH1FNavzM9oQPNvpG4NXFpG5:k5r85vTh1A+n9ovp/NWBMvp/ESH1aiTy
                                                                                                                                    MD5:250BDC3812C2417A19FB0BED799BD16B
                                                                                                                                    SHA1:947CB2E4AF034DF666E52F465F413C783BFE5F32
                                                                                                                                    SHA-256:41DD9F6B702D676E8F4D2539E07D8D80F71D982B3D733C92956EA93880DA10D5
                                                                                                                                    SHA-512:A4332D8F7D035ED3AECC46A61DAD85D0F8CE62D71E0FAC053EAF271A635BE9E610F122B551DE12EDB37336ED684CBA4BA6B9F5DE902B56543445CFEC752FA88E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Mapping]......;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Broadcom\Uinstaller\Product_Version;..ComponentID = 23556..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Broadcom\Uinstaller\Display;....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Broadcom\Uinstaller\Product_Version;....; Reboot = 0 - Reboo

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\BroadcomEhernetController\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Force]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1050
                                                                                                                                    Entropy (8bit):5.323729688098916
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:tC5r85vSeFmjc1zs+nQCQLlNvpG4NWBMvpG4ESH1FNavzM9oQPNvpG4NXFpG5:k5r85vTh1A+n9ovp/NWBMvp/ESH1aiTy
                                                                                                                                    MD5:250BDC3812C2417A19FB0BED799BD16B
                                                                                                                                    SHA1:947CB2E4AF034DF666E52F465F413C783BFE5F32
                                                                                                                                    SHA-256:41DD9F6B702D676E8F4D2539E07D8D80F71D982B3D733C92956EA93880DA10D5
                                                                                                                                    SHA-512:A4332D8F7D035ED3AECC46A61DAD85D0F8CE62D71E0FAC053EAF271A635BE9E610F122B551DE12EDB37336ED684CBA4BA6B9F5DE902B56543445CFEC752FA88E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Mapping]......;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Broadcom\Uinstaller\Product_Version;..ComponentID = 23556..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Broadcom\Uinstaller\Display;....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Broadcom\Uinstaller\Product_Version;....; Reboot = 0 - Reboo

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\BroadcomEhernetController\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2116
                                                                                                                                    Entropy (8bit):4.7866738721200734
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2Pt88ZRegZSEmMt6rQSBzNSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:Ih8DWLzcRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:1D79EF1DA7E7EDF5DE332052106FB3C6
                                                                                                                                    SHA1:3A10E1B2DCCB33358B0934F82FF99C0665221CE7
                                                                                                                                    SHA-256:6C6304BB142841747EA31C957600166BC9307AD7952C75948089EC07629E3084
                                                                                                                                    SHA-512:ACC3438CC7A5DB327612A8D73EDF6CB9319A20610F9475CD59AC2BBDB1CBD86242CD35633CA53740553F4B93F0A92A5B3644691C92133BBE59FD1AFEC288AD21
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>APP</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg32.ini</Module>.. <Module>DrvCfg64.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p pack

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\BroadcomEhernetController\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Broadcom_BT\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):792
                                                                                                                                    Entropy (8bit):5.291881062841427
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtbitwCtgJLDIY1mLPKvEHNFsq+pGipXd72y3zqo0wg1yjSRM8i1areq:+erL8LdHcFpGipXd72oOouyeBzaq
                                                                                                                                    MD5:4CE27CB33711A46749DE053AE386EDB6
                                                                                                                                    SHA1:C113DBCCBDE08E5FC5B8282570A8B0B797D3DE9B
                                                                                                                                    SHA-256:4886EB41EC8AB65A23BF8CB22CAAB691A020E9D31EE654D32A60E5A5EB989393
                                                                                                                                    SHA-512:973101541809ECED50445525B874B9566C6B00289C68515295DF1F0573216A4A55824DD8E8E46568A7F485F780B34ED833BABBBCA908DD225964974B322270B8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = HID..PkgType = DRVR....[Version]....; Need to extract Version from below given registry path..Method = Reg..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Widcomm\Install;Version......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map PID of each Bluetooth to its corresponsing Device Code....[Mapping]..;Dell Wireless 365 Bluetooth Module..8160=16167..8162=16167..;Dell Wireless 370 Bluetooth Minicard..8156=16166..8158=16166..;Dell Wireless 410 Bluetooth & UWB Minicard..8152=16165..8154=16165..;Dell Wireless 375 Bluetooth Module..8187=22050..;Dell Wireless 380 Bluetooth Module..8197=29662..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Broadcom_BT\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):792
                                                                                                                                    Entropy (8bit):5.291881062841427
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtbitwCtgJLDIY1mLPKvEHNFsq+pGipXd72y3zqo0wg1yjSRM8i1areq:+erL8LdHcFpGipXd72oOouyeBzaq
                                                                                                                                    MD5:4CE27CB33711A46749DE053AE386EDB6
                                                                                                                                    SHA1:C113DBCCBDE08E5FC5B8282570A8B0B797D3DE9B
                                                                                                                                    SHA-256:4886EB41EC8AB65A23BF8CB22CAAB691A020E9D31EE654D32A60E5A5EB989393
                                                                                                                                    SHA-512:973101541809ECED50445525B874B9566C6B00289C68515295DF1F0573216A4A55824DD8E8E46568A7F485F780B34ED833BABBBCA908DD225964974B322270B8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = HID..PkgType = DRVR....[Version]....; Need to extract Version from below given registry path..Method = Reg..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Widcomm\Install;Version......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map PID of each Bluetooth to its corresponsing Device Code....[Mapping]..;Dell Wireless 365 Bluetooth Module..8160=16167..8162=16167..;Dell Wireless 370 Bluetooth Minicard..8156=16166..8158=16166..;Dell Wireless 410 Bluetooth & UWB Minicard..8152=16165..8154=16165..;Dell Wireless 375 Bluetooth Module..8187=22050..;Dell Wireless 380 Bluetooth Module..8197=29662..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Broadcom_BT\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1529
                                                                                                                                    Entropy (8bit):4.8044397229460545
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZReg5MM7reCzNtKeAKLtr3M/aI3xzP:IQ8DTjz+gLtzM/aI3R
                                                                                                                                    MD5:E5D2EAF60BC56B14989F57A58F5A0829
                                                                                                                                    SHA1:D53D62084936DFD5A8081B84D8FE0412B66109AC
                                                                                                                                    SHA-256:DA569FDF18A6D18CEEC6C1FA850FF702BB947A1559A2671817E2955E37481938
                                                                                                                                    SHA-512:29D19A8A5DD1DDEDF12E25A93C0903E57BABD7822669D839765583DD9834FE5D817E05DA52C2543FAF9BC8977D7446B4E391056F3FDF0677BCF23995F165CB35
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>USBUpdate.exe</Startfile>.. <CliToStdout>.. <Command>USBUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>USBUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>USBUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>USBUpdate.exe</Startfile>.. <CliToStdout>.. <Command>USBUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Broadcom_BT\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\CCTK\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1732
                                                                                                                                    Entropy (8bit):5.479344075768675
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:o7h1A+FBCUK0HIhuoBGaiTB/X2+hIqU8HIhuoBpO4:Ihi+FruhuogRTB/2PBLhuofO4
                                                                                                                                    MD5:72F02B494C4C151C4DFA5386A6BAC40B
                                                                                                                                    SHA1:72F0E756E5FB98D29C17C53D6C98EF14C5523F3F
                                                                                                                                    SHA-256:458AB427B1F73F6EC092D53D9250EE9F16B2F15B269460655AC2F46960DFA3B0
                                                                                                                                    SHA-512:6736DFD2FE7295DEFC4EDEC8732C1C07B474B1A55C3B4E190386CB3140E78105B836CA3B9B9472F91089A8F20D560B6CAA2E58293ABABA7E27D5974531248558
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\setup.exe /s /v"/qn REBOOT=ReallySuppress"..[Regular]..1= Payload\setup.exe /s /v"/qn REBOOT=ReallySuppress"..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971....;..;..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;ComponentID = 15971......Method = MSI..PkgType = APAC..Data = {9EB81A47-E2B0-4B1D-A3EA-B268211F73BD}..ComponentID = 19098......[Version]..; Methods to find version..; Allowed values for Method

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\CCTK\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1732
                                                                                                                                    Entropy (8bit):5.479344075768675
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:o7h1A+FBCUK0HIhuoBGaiTB/X2+hIqU8HIhuoBpO4:Ihi+FruhuogRTB/2PBLhuofO4
                                                                                                                                    MD5:72F02B494C4C151C4DFA5386A6BAC40B
                                                                                                                                    SHA1:72F0E756E5FB98D29C17C53D6C98EF14C5523F3F
                                                                                                                                    SHA-256:458AB427B1F73F6EC092D53D9250EE9F16B2F15B269460655AC2F46960DFA3B0
                                                                                                                                    SHA-512:6736DFD2FE7295DEFC4EDEC8732C1C07B474B1A55C3B4E190386CB3140E78105B836CA3B9B9472F91089A8F20D560B6CAA2E58293ABABA7E27D5974531248558
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\setup.exe /s /v"/qn REBOOT=ReallySuppress"..[Regular]..1= Payload\setup.exe /s /v"/qn REBOOT=ReallySuppress"..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971....;..;..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;ComponentID = 15971......Method = MSI..PkgType = APAC..Data = {9EB81A47-E2B0-4B1D-A3EA-B268211F73BD}..ComponentID = 19098......[Version]..; Methods to find version..; Allowed values for Method

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\CCTK\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Canvas_Palettes\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):643
                                                                                                                                    Entropy (8bit):5.404718348508111
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pbz+NLe0ZNgP+CaULe0ZNgR8xDz+NLe0ZNgZFsq+pG5:+C5r85vSmNC0ZjMC0Zu8xDyNC0ZzFpG5
                                                                                                                                    MD5:87360AEE1875E6EB0734CF6C7776DA70
                                                                                                                                    SHA1:3DF9878AEC2E1FCEA68469E64FA392CCCDEC2B11
                                                                                                                                    SHA-256:29663BA21DDA13FAA91B98DEBCA66165B4FE9E4EA9A91146C1A5A8E099E5195A
                                                                                                                                    SHA-512:11D7134A8A7222C7190AE545F810F6891151BAEEAD3094AA600012C9380B38C33A34F36A9E47719E884B14CFC2DAD7B740EA3B9E16AF60CC6E6A0323297C50C6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Dell\ManageableUpdatePackage\Canvas Palettes;Version..ComponentID = 106322..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Dell\ManageableUpdatePackage\Canvas Palettes;Display..pkgtype = APAC....[Version].. ..Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Dell\ManageableUpdatePackage\Canvas Palettes;Version....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Canvas_Palettes\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):643
                                                                                                                                    Entropy (8bit):5.404718348508111
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pbz+NLe0ZNgP+CaULe0ZNgR8xDz+NLe0ZNgZFsq+pG5:+C5r85vSmNC0ZjMC0Zu8xDyNC0ZzFpG5
                                                                                                                                    MD5:87360AEE1875E6EB0734CF6C7776DA70
                                                                                                                                    SHA1:3DF9878AEC2E1FCEA68469E64FA392CCCDEC2B11
                                                                                                                                    SHA-256:29663BA21DDA13FAA91B98DEBCA66165B4FE9E4EA9A91146C1A5A8E099E5195A
                                                                                                                                    SHA-512:11D7134A8A7222C7190AE545F810F6891151BAEEAD3094AA600012C9380B38C33A34F36A9E47719E884B14CFC2DAD7B740EA3B9E16AF60CC6E6A0323297C50C6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Dell\ManageableUpdatePackage\Canvas Palettes;Version..ComponentID = 106322..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Dell\ManageableUpdatePackage\Canvas Palettes;Display..pkgtype = APAC....[Version].. ..Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Dell\ManageableUpdatePackage\Canvas Palettes;Version....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Canvas_Palettes\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Canvas_Palettes\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Chipset\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2253
                                                                                                                                    Entropy (8bit):5.437580774866819
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrD63vp0/Msy6aiTB/X2+hIqU8HI4:hGvThi+nAEBL7uhuo2WRTB/2PBLhuoVu
                                                                                                                                    MD5:EBF1D93838F9019C2E0B4FC1DD4F4D61
                                                                                                                                    SHA1:C33843711A888F9640B7806D35933A619796C207
                                                                                                                                    SHA-256:28C632428B3A4C686BAC1F60499DA52B4ED9FA037054D690C710DBDCC7074E17
                                                                                                                                    SHA-512:D973E4BF60EBF1FB082D83C2B019DCAC5D338F7EC75923A11C917B82F1564342F7EC91D5EF4D8FF08A454C6942862D717BC6D587C0FD1E009B9ACF2BE14DC05C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Chipset\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2355
                                                                                                                                    Entropy (8bit):5.45591586385118
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrD63vp0/Msy6aiTB/X2+hIqU8HIR:hGvThi+nAEBL7uhuo2WRTB/2PBLhuoVf
                                                                                                                                    MD5:08E8D6C8FC62D34A4D990486C0531CBF
                                                                                                                                    SHA1:7239EEC715941A25E696AC666C16C3FED6318254
                                                                                                                                    SHA-256:FA7A561B468914D1D1A9E35685AF06D2CB23BD0D07B6C53802125C00E0C5CFDE
                                                                                                                                    SHA-512:524B9226CEC1CE7B6F042E3A9FE022CB2321416F80DD304A9A69AEAF63C1C4BB5D76384D52266036EE10CA6EC7C04FF8AADCDAD4647E01430E88841085FCBDAB
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Chipset\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Chipset\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Chipset_msi\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2063
                                                                                                                                    Entropy (8bit):5.401005406207076
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrDTlQ2aiTB/X2+hIqU8HIhuoBplE:hGvThi+nAEBL7uhuovRTB/2PBLhuoRO5
                                                                                                                                    MD5:E68226A492BC341DDD937F0F073FC868
                                                                                                                                    SHA1:B5C55A624E13562991DD239EC442A9AA9946D0B6
                                                                                                                                    SHA-256:500909F5BC4B8EFFDACC094DC404FF9ED9E857827DE16F7458954CD6E7A30016
                                                                                                                                    SHA-512:8B88D1E20838C37D143FD32DF312E40E1D07F4C547A4B4F27B9086CCE1B22BFFECF56E55706D46C8DC5E8E94E6C9D8D4D81D848D9361EF385DE01D3889DD5960
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Chipset_msi\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2267
                                                                                                                                    Entropy (8bit):5.448037092604924
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrD6dlQ2aiTB/X2+hIqU8HIhuoBj+:hGvThi+nAEBL7uhuoORTB/2PBLhuoN7q
                                                                                                                                    MD5:FE8E4DD539C4C593613E62BC96F94D02
                                                                                                                                    SHA1:8294C68047206A9932857C12A5B340AE213ED2E8
                                                                                                                                    SHA-256:5F128B84267D9811A99B44178B31963F9E48402F00097C0A56072758A10AC05B
                                                                                                                                    SHA-512:B610A888164B06E4A7FC9209307D2E44C91F095CCA917C86DE1A2E85BC7BA58B3C0B5501DF208584A1BBC7DBF7E0D4BF0F19B9793DF91BA7A23A7572339E167C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Chipset_msi\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Chipset_msi\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Chipset_old\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2065
                                                                                                                                    Entropy (8bit):5.378035781137826
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrDdUaiTB/X2+hIqU8HIhuoBrRO5:hGvThi+nAEBL7uhuoTURTB/2PBLhuoVy
                                                                                                                                    MD5:1D8B2ABE1CFDEBA49060663EF765342C
                                                                                                                                    SHA1:824C2856B84E43E9151928495FF13D329C197CCB
                                                                                                                                    SHA-256:7B469D0A7F7BE8D5EF35C265F029B1119FF545A84F07E4AE6FFFCE98CFBBCA7E
                                                                                                                                    SHA-512:5356D3AB5ACB3E0C1CC4F20AF9E5A285B7514EBBF01E1696E018B32F0293E83D25D2C593C55308EEDEE04C10AB5917F9F9B50C91F67CDD413CD0E13851B6B6AF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Chipset_old\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2065
                                                                                                                                    Entropy (8bit):5.378035781137826
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrDdUaiTB/X2+hIqU8HIhuoBrRO5:hGvThi+nAEBL7uhuoTURTB/2PBLhuoVy
                                                                                                                                    MD5:1D8B2ABE1CFDEBA49060663EF765342C
                                                                                                                                    SHA1:824C2856B84E43E9151928495FF13D329C197CCB
                                                                                                                                    SHA-256:7B469D0A7F7BE8D5EF35C265F029B1119FF545A84F07E4AE6FFFCE98CFBBCA7E
                                                                                                                                    SHA-512:5356D3AB5ACB3E0C1CC4F20AF9E5A285B7514EBBF01E1696E018B32F0293E83D25D2C593C55308EEDEE04C10AB5917F9F9B50C91F67CDD413CD0E13851B6B6AF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Chipset_old\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Chipset_old\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Chipset_reg\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1075
                                                                                                                                    Entropy (8bit):5.377737621177808
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLlNvpXDALnMsUfXKFNavzM9oQPNvpXDALYFpG5:P5r85vTh1A+n9ovpMMsy6aiTFvpVO5
                                                                                                                                    MD5:AB87D9AFB3D89ABA31FDBE7484C6F41C
                                                                                                                                    SHA1:0A5FD9D5A3A68DEE220AB535B1E54CD9D828110C
                                                                                                                                    SHA-256:458553D000A6C25310BAB2375FA4F503D5EA1BBC6E1A0B91AEBF144D1BFB005C
                                                                                                                                    SHA-512:CD1E137C8341FED4953E4617C50F7FAA604F7E3DC1944119A0F7FD21E3EF1F3DEFCB7F9AC8D00B89CFB04DAD9859FC4B7D3C7C5BC194E974CC15F1F8909802C7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Intel\Version\;..ComponentID = 5907..DisplayName = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0000;DriverDesc....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Intel\Version\

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Chipset_reg\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1174
                                                                                                                                    Entropy (8bit):5.416276114789256
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLtFNvpXDALnMsUfXKFNavzM9oQPNvpXDALHC0ZXDALW:P5r85vTh1A+n9GHvpMMsy6aiTFvpO7ZT
                                                                                                                                    MD5:0E6968207AEB4AA0A16819C3F8551999
                                                                                                                                    SHA1:6551F2B163284928EB1D89EE39C940B4F9AABDF5
                                                                                                                                    SHA-256:538455426562EBAE2D66FC00CF17106E16C31D6D6658D44884261643E15DCC95
                                                                                                                                    SHA-512:FD9BB2CD276AD40E032523DE1C37B43E4E25F4700A27D6F483C71689C958F20DA968759E4B82D4928401289977B95B8C8BC05BF9CDF51EB85D16C1AB2BA3DBA7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;......Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Intel\Version\;..ComponentID = 5907..DisplayName = HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}\0000;DriverDesc....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Intel\Versi

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Chipset_reg\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Chipset_reg\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Citrix_App\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):433
                                                                                                                                    Entropy (8bit):5.399795108768223
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pf0oqmK/K8w0oqmK/wvFFsq+pG5:+C5r85vSLqmiK8oqmia0FpG5
                                                                                                                                    MD5:65D5B6535B4C936988952863F94374DB
                                                                                                                                    SHA1:CC2C7958CC29D89E17800AA24DCA7396B00C1509
                                                                                                                                    SHA-256:B490FB221D9A71C054C65E405B8BB6E55C1178B9ECEC904CB2AE8CFD798E122F
                                                                                                                                    SHA-512:6B77084AC1EA5AC04D956ECA192065B02E2BF7BE25311CC81F727E98BDE53EA57BE21666F26A5F115EBBF1B43F10D081B9E5816871A91E07A6401E8B177C5C25
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {D64F3971-283B-45E8-8D25-0DC06ED6D91E}..PkgType = APAC..ComponentID=107671......[Version]....;..Method = MSI..Data = {D64F3971-283B-45E8-8D25-0DC06ED6D91E}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Citrix_App\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):433
                                                                                                                                    Entropy (8bit):5.399795108768223
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pf0oqmK/K8w0oqmK/wvFFsq+pG5:+C5r85vSLqmiK8oqmia0FpG5
                                                                                                                                    MD5:65D5B6535B4C936988952863F94374DB
                                                                                                                                    SHA1:CC2C7958CC29D89E17800AA24DCA7396B00C1509
                                                                                                                                    SHA-256:B490FB221D9A71C054C65E405B8BB6E55C1178B9ECEC904CB2AE8CFD798E122F
                                                                                                                                    SHA-512:6B77084AC1EA5AC04D956ECA192065B02E2BF7BE25311CC81F727E98BDE53EA57BE21666F26A5F115EBBF1B43F10D081B9E5816871A91E07A6401E8B177C5C25
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {D64F3971-283B-45E8-8D25-0DC06ED6D91E}..PkgType = APAC..ComponentID=107671......[Version]....;..Method = MSI..Data = {D64F3971-283B-45E8-8D25-0DC06ED6D91E}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Citrix_App\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Citrix_App\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\CompID_Mapping.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):312
                                                                                                                                    Entropy (8bit):4.8746409699449655
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:OEvq03Sxhfqkw3xhLXm1mDvqhmxhfqkw3xhLXm1mDvK2xkqkw3xhL+vhSxkqkw3Q:ZB3SxhfqkyLXl7amxhfqkyLXl7txkqkZ
                                                                                                                                    MD5:D404B3ABA5CCCF7057EDBFA40FCADE84
                                                                                                                                    SHA1:5C278F7B34C24F15C18DFC93FFA78A1B6131E634
                                                                                                                                    SHA-256:BC756C01B4D38D2011C995414319A342F8B5A64494E6CC05FCD93C7B61C492E8
                                                                                                                                    SHA-512:AE369F3079132BCFEC6213CE7BD0E09096D2CF4D2802563164E38F84F0FE518DA83792445FDDECDF5A146DF9A95A7F9D81F5F8EF8C0F47261CC07C9CAAA660C6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[PCI\VEN_10DE&DEV_1C8C&SUBSYS_087C1028]..ICCompID=105892..AgileCompID=108416..[PCI\VEN_10DE&DEV_1C8D&SUBSYS_087C1028]..ICCompID=105892..AgileCompID=108416..[PCI\VEN_10DE&DEV_1CBB&SUBSYS_087D1028]..ICCompID=105892..AgileCompID=108415..[PCI\VEN_10DE&DEV_1CBA&SUBSYS_087D1028]..ICCompID=105892..AgileCompID=108415..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\ConexantAudio\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1212
                                                                                                                                    Entropy (8bit):5.5142301848291115
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+2SFmjc1zs+TLt7DNIVQuIeP38AmyIVQuIeP3ONFNavzM9oQBGAXlo+sNIVQuIe8:rSh1A+FVIZISEyIZISONaiTB/X2+2IZY
                                                                                                                                    MD5:6289F1027CF012C9A2165B80DC1C681D
                                                                                                                                    SHA1:3E48A697394CDB23A1701307EF7174B66CFA35AD
                                                                                                                                    SHA-256:9E75792D5F63C411AA71FCDBDB4948A40FB32B11E908650168862AE164A7A15E
                                                                                                                                    SHA-512:80777C5BB0989B3C84DCE24C5165492F0BEE2DDFEA2F31B3CE458CAA7D978AE2CC8AE76056A7629D6E4E04F1861DC09D8A4455A3D2667EB117138C429BF4A4FE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn..[Regular]..1= Payload\Setup.exe /qn..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = REG..ComponentID=28024..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0A37341-D692-11D4-A984-009027EC0A9C};DisplayVersion..PkgType = DRVR..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F0A37341-D692-11D4-A984-009027EC0A9C};DisplayName......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = RE

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\ConexantAudio\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1252
                                                                                                                                    Entropy (8bit):5.5302630145072555
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+2SFmjc1zs+TLt7DNCtVQuIeP38AmyCtVQuIeP3ONFNavzM9oQBGAXlo+sNCtVQ7:rSh1A+FVEZISEyEZISONaiTB/X2+2EZs
                                                                                                                                    MD5:FC837A62E1F3FC93F72E59136E308168
                                                                                                                                    SHA1:39FD45ABCA9AF14D3E8057A1420EAA914875FD9A
                                                                                                                                    SHA-256:F5C234D2B767FF093AF0797A363BFE961554915C0F8186CB9ACD6E8EABBF2769
                                                                                                                                    SHA-512:543BDBFF1C44C58FFFD569471FA2EBB2AC089CF3FE2164070804B3280BE96D215F312BE7650B61F623BD66DD34D4E0CF3B5C86B0192FA1432DF26CFFA73FFEAA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn..[Regular]..1= Payload\Setup.exe /qn..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = REG..ComponentID=28024..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0A37341-D692-11D4-A984-009027EC0A9C};DisplayVersion..PkgType = DRVR..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0A37341-D692-11D4-A984-009027EC0A9C};DisplayName......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\ConexantAudio\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\ConexantAudio\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\ConnexantModem\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1208
                                                                                                                                    Entropy (8bit):5.519252969809272
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt71NIVjN8AmyIVjNxFNavzM9oQBGAXlo+sNIVjNGFpGiv:XUh1A+F7IPEyIPxaiTB/X2+2IPGOM
                                                                                                                                    MD5:C5EE5AD1BEE01A95A41174AD2145884E
                                                                                                                                    SHA1:DA7CDDF0DFAD5DD8F3A4CF90AA2684B2C5427810
                                                                                                                                    SHA-256:1ECD44C2D4221F79CA9C45276D83B2BC505B557863A1C0FC23BAC7B0CB742DC8
                                                                                                                                    SHA-512:BD3A8001BB6658241C6C5F60717332AAF59039E29148A725103B1CB2FCD13E0A07EFF02270A5178E8E20480AB6ED0625878505429F7B2C87C9C281E7BC73E775
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DB1216A4-9762-4604-A6E8-2DD2ABD7B20B};DisplayVersion..PkgType = DRVR..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DB1216A4-9762-4604-A6E8-2DD2ABD7B20B};DisplayName..ComponentID=13468....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = REG..D

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\ConnexantModem\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1250
                                                                                                                                    Entropy (8bit):5.5319291724781605
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt7FNCtVjN8AmyCtVjNONFNavzM9oQBGAXlo+sNCtVjNGFpGiT:XUh1A+FzEPEyEPONaiTB/X2+2EPGOw
                                                                                                                                    MD5:C8C539884B5D16A1D3955022FA3765A5
                                                                                                                                    SHA1:B24D8DF49D684542A3A67F5AAB4EB8B839E55A41
                                                                                                                                    SHA-256:679027EEE818E6D2F52DBDAFF0648C0A2FAF94079762B37DC7145762B7BB9A4E
                                                                                                                                    SHA-512:8B75F12B391CD83DAC992209E0F67D6891D4541457E8A361AFD39D1CCD3B7ED57A81D10AA2399FA1EAD58F3A513576C0CBA74BA7510A6D89E70C2A9802FCDD6C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = REG..ComponentID=13468..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DB1216A4-9762-4604-A6E8-2DD2ABD7B20B};DisplayVersion..PkgType = DRVR..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DB1216A4-9762-4604-A6E8-2DD2ABD7B20B};DisplayName......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental va

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\ConnexantModem\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\ConnexantModem\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\ConnexantModem_D400\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1210
                                                                                                                                    Entropy (8bit):5.511807076413206
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt7NnNIVL8AmyIVLONFNavzM9oQBGAXlo+sNIVLGFpGiv:XUh1A+FhNIBEyIBONaiTB/X2+2IBGOM
                                                                                                                                    MD5:C258321E3AE1A698ABCA93BF05879317
                                                                                                                                    SHA1:AB0D0CC4D3864071B420D5549D9FC8427378935C
                                                                                                                                    SHA-256:41DABC7A17C177663B33AF7A4E7CC3A48DF508CCDF4AFA4F798C8E5C14182E84
                                                                                                                                    SHA-512:9ADD151E45BF6FBBE7FE4272C80FDC9D3CB50E0EFF62A03B7308E2CB50720D4AF200E256797AE733B9B41CD81770FC956CFB8864B1118225242F17739C4A24E9
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = REG..componentID=14689..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68D960F6-5869-4BA0-96A8-A184088E26EE};DisplayVersion..PkgType = DRVR..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68D960F6-5869-4BA0-96A8-A184088E26EE};DisplayName......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = REG.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\ConnexantModem_D400\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1250
                                                                                                                                    Entropy (8bit):5.529369286881832
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt7NnNCtVL8AmyCtVLONFNavzM9oQBGAXlo+sNCtVLGFpGiT:XUh1A+FhNEBEyEBONaiTB/X2+2EBGOw
                                                                                                                                    MD5:F4DF9549855CC244F0DDC7D43897C8FB
                                                                                                                                    SHA1:6DEA2A7D38949690CFBB05B9DE36FC33ADD09102
                                                                                                                                    SHA-256:CCEE1229CB3F76163229A6CF4595B4F3B01C3DD47275A92B46BA52F6642C73BF
                                                                                                                                    SHA-512:95C310E3A3B9EA1ACDB5FAE6309126CFB271110E17834391EE8FF389550C23ACAA6D94FF082B563BB489D69737075990C568B617E553A1D624E901194E6602F2
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = REG..componentID=14689..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68D960F6-5869-4BA0-96A8-A184088E26EE};DisplayVersion..PkgType = DRVR..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{68D960F6-5869-4BA0-96A8-A184088E26EE};DisplayName......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental va

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\ConnexantModem_D400\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\ConnexantModem_D400\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\ControlVault\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):453
                                                                                                                                    Entropy (8bit):5.341754722688914
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtlitZYCtAY+SMkycIY1ikyrFsq+pGiwY:+oGSSMkyF5kyKFpGiwY
                                                                                                                                    MD5:6B0391AFD11C5A831D86A7B083E75233
                                                                                                                                    SHA1:66DF1F36808BE6D38EF251A6E4A518E122D497A7
                                                                                                                                    SHA-256:45727A24479AE8D4ACE81E4359774FBD005017F3C94EB2516B6EE73535E730AE
                                                                                                                                    SHA-512:1A4C379FCA06D8420DB03621D42279A851B025B1C7407F3F13739EC41E976755914DBD793B5450D6FC20FD4D07A54B282DC7C4C62E897D376C9D9D5094AE3EB3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\setup.exe..[Regular]..1= Payload\setup.exe..[FreshInstall]..1= Payload\setup.exe..; ..[Scan]..Method = MSI..PkgType = DRVR..ComponentID=21505..Data= {3F0E241A-F0BA-421E-BCC6-7D66DE4AB409}....[Version]..; Need to extract Version from below given registry path..Method = Reg..Data={3F0E241A-F0BA-421E-BCC6-7D66DE4AB409}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0........[Mapping]....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\ControlVault\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):539
                                                                                                                                    Entropy (8bit):5.289071885452284
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtFit5YCtgY+SMkykZIY1kkykFFsq+pG0Xd72y3zqoY:+qmySMkyjNkybFpG0Xd72oOoY
                                                                                                                                    MD5:26A52BC4A983CB04BF8123A5372AACD2
                                                                                                                                    SHA1:4000978C0C119E5C3B656E7910931C6D581617DA
                                                                                                                                    SHA-256:B57969B19D2CEC98B20D364A3B7295830B6EC5015660F25AF8DCF5263EFA34E0
                                                                                                                                    SHA-512:C8E3CC2D79BFB5F10B57D78763AA741BF43A39193BA87CC518EA9CAA30443935FE3B3BE20381D59A676689A66ED00E8A37862443082193917B892A5584C3C8E3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe ..[Regular]..1= Payload\Setup.exe..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = MSI..PkgType = DRVR..ComponentID=21505..Data= {3F0E241A-F0BA-421E-BCC6-7D66DE4AB409}......[Version]....; Need to extract Version from below given registry path..Method = Reg..Data= {3F0E241A-F0BA-421E-BCC6-7D66DE4AB409}......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0..; This enty is use to Map PID of each Bluetooth to its corresponsing Device Code....[Mapping]....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\ControlVault\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2116
                                                                                                                                    Entropy (8bit):4.7866738721200734
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2Pt88ZRegZSEmMt6rQSBzNSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:Ih8DWLzcRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:1D79EF1DA7E7EDF5DE332052106FB3C6
                                                                                                                                    SHA1:3A10E1B2DCCB33358B0934F82FF99C0665221CE7
                                                                                                                                    SHA-256:6C6304BB142841747EA31C957600166BC9307AD7952C75948089EC07629E3084
                                                                                                                                    SHA-512:ACC3438CC7A5DB327612A8D73EDF6CB9319A20610F9475CD59AC2BBDB1CBD86242CD35633CA53740553F4B93F0A92A5B3644691C92133BBE59FD1AFEC288AD21
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>APP</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg32.ini</Module>.. <Module>DrvCfg64.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p pack

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Cyberlink_BD_Kernal\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):360
                                                                                                                                    Entropy (8bit):5.408942113278746
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9at3KKV5lFit3KKV5gCt3LSy+pfvceTjo7HEXymgF8kOWV6RvceTjo7HEXyy:CxAtBV5ritBV5gCt7Sy+pf06iL8z06iy
                                                                                                                                    MD5:1320A33850621DDDA0AB4BADB4C82649
                                                                                                                                    SHA1:2D697C544B9328BE22561C9D664A7153E5468F47
                                                                                                                                    SHA-256:5BA5C6C243BD5A63B9422C0354263200B45EF62F8C09C450A7B42E09A0733BE2
                                                                                                                                    SHA-512:7F3BFB9F43C9F05BE0D7DDD049B31A4EB86CA6400BCD56F45B709EE6117F78EAA0D00BEC1C0B47EC988459AE3C42E7FD4DF9B528A873CE51E026031AEFBCEE2C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {E166E305-AA42-4C0D-83B2-09E423638520}..PkgType = APAC..ComponentID=108443......[Version]......Method = MSI..Data = {E166E305-AA42-4C0D-83B2-09E423638520}..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Cyberlink_BD_Kernal\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):360
                                                                                                                                    Entropy (8bit):5.408942113278746
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9at3KKV5lFit3KKV5gCt3LSy+pfvceTjo7HEXymgF8kOWV6RvceTjo7HEXyy:CxAtBV5ritBV5gCt7Sy+pf06iL8z06iy
                                                                                                                                    MD5:1320A33850621DDDA0AB4BADB4C82649
                                                                                                                                    SHA1:2D697C544B9328BE22561C9D664A7153E5468F47
                                                                                                                                    SHA-256:5BA5C6C243BD5A63B9422C0354263200B45EF62F8C09C450A7B42E09A0733BE2
                                                                                                                                    SHA-512:7F3BFB9F43C9F05BE0D7DDD049B31A4EB86CA6400BCD56F45B709EE6117F78EAA0D00BEC1C0B47EC988459AE3C42E7FD4DF9B528A873CE51E026031AEFBCEE2C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {E166E305-AA42-4C0D-83B2-09E423638520}..PkgType = APAC..ComponentID=108443......[Version]......Method = MSI..Data = {E166E305-AA42-4C0D-83B2-09E423638520}..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Cyberlink_BD_Kernal\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Cyberlink_BD_Kernal\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Cypress\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):579
                                                                                                                                    Entropy (8bit):5.365335956606067
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pfz+NLTpNgk1nIfCaULTpNgkANTz+NLTpNgk1BFsq+ps:+C5r85vSiNvpd1IfMvpdANGNvpd1YFps
                                                                                                                                    MD5:44B697A4CE48DEB28604794B69CF76B1
                                                                                                                                    SHA1:F2EEE367BC4C8F3B6A0FA46DF5E9DE46A611821C
                                                                                                                                    SHA-256:A85ED5D12FF10CC578196BB7CCBEC5F7EF26DA5A88FFB720CC6403087A6B613B
                                                                                                                                    SHA-512:1C5F4BC6609C08530618127C98D07E9AED360A5E26A63D1E7AA502795C7C912FC77F08233A5D951A9F7A9CEE5305EF4A95F425AE7E8229C3968547CEDA411CA6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Cypress\Version\;..ComponentID = 105682..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Cypress\Display\;....[Version].. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Cypress\Version\;....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Cypress\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):579
                                                                                                                                    Entropy (8bit):5.365335956606067
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pfz+NLTpNgk1nIfCaULTpNgkANTz+NLTpNgk1BFsq+ps:+C5r85vSiNvpd1IfMvpdANGNvpd1YFps
                                                                                                                                    MD5:44B697A4CE48DEB28604794B69CF76B1
                                                                                                                                    SHA1:F2EEE367BC4C8F3B6A0FA46DF5E9DE46A611821C
                                                                                                                                    SHA-256:A85ED5D12FF10CC578196BB7CCBEC5F7EF26DA5A88FFB720CC6403087A6B613B
                                                                                                                                    SHA-512:1C5F4BC6609C08530618127C98D07E9AED360A5E26A63D1E7AA502795C7C912FC77F08233A5D951A9F7A9CEE5305EF4A95F425AE7E8229C3968547CEDA411CA6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Cypress\Version\;..ComponentID = 105682..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Cypress\Display\;....[Version].. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Cypress\Version\;....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Cypress\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Cypress\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCC\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):360
                                                                                                                                    Entropy (8bit):5.408785191701887
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9at3KKV5lFit3KKV5gCt3LSy+pfvczbmTqF8kOWV9wwIRvczbmv:CxAtBV5ritBV5gCt7Sy+pf0zbZ8qo0zs
                                                                                                                                    MD5:756BA4DDC280D11BC06752BFA4224A1A
                                                                                                                                    SHA1:B17BE5B194104A6BC3C6A88B4D25E6E49248EC89
                                                                                                                                    SHA-256:C509DD20357526B6DB79DE56B607BD781D20880700ADA4631FA27699E1A87AE6
                                                                                                                                    SHA-512:CC736BF1B5FB850EDC0E960EF48D9CC647AFB1453004E9BF6F57D0A917FD4620D773C306855557661E29B92B58E987BB29CB6B9658A09B566A9333655B032E1F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {E885F8DF-5967-45CF-80D8-9D47A263F87B}..PkgType = APAC..ComponentID=104252......[Version]......Method = MSI..Data = {E885F8DF-5967-45CF-80D8-9D47A263F87B}..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCC\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):362
                                                                                                                                    Entropy (8bit):5.400677943099792
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9at3KKV5lFit3KKV5gCt3LSy+pfvczbmTqF8kOWV9wwIRvczbma:CxAtBV5ritBV5gCt7Sy+pf0zbZ8qo0zh
                                                                                                                                    MD5:2DB2AA6C56FC1EC2D9F793F79427FADF
                                                                                                                                    SHA1:04EE98DF118A4CD6AEEC4F4270E378A490F596E9
                                                                                                                                    SHA-256:1041A0DFCFB56BAC451B74046826C1A61D3A69670E65F57898ABDA042CEF5DD8
                                                                                                                                    SHA-512:DA1C7F3F486FE2E30BC87F626963DDD3D317AB5EF2A590746FECB8AB817286AAF93D419D69C186AD60F620B91427E1E570AB86B59BEBD04FA092428D71434296
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {E885F8DF-5967-45CF-80D8-9D47A263F87B}..PkgType = APAC..ComponentID=104252......[Version]......Method = MSI..Data = {E885F8DF-5967-45CF-80D8-9D47A263F87B}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCC\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCC\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCC_MSI\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):360
                                                                                                                                    Entropy (8bit):5.3871973138111935
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9at3KKV5lFit3KKV5gCt3LSy+pfvcD6YIvPkIqF8kOWV9wwIRvcD6YIvPke:CxAtBV5ritBV5gCt7Sy+pf0D6lx+8qoL
                                                                                                                                    MD5:F4F676416330F78623F3CA9889D6F457
                                                                                                                                    SHA1:276D5C965E42A1AD06DA777DC6829D615345FBDB
                                                                                                                                    SHA-256:427C1E792A7F3D9A9C91882324A17BF3341DC830393609875F0229BC88F378FB
                                                                                                                                    SHA-512:6EB351A90FBA81738D45BA914F55A1BE185714B0A311AA5BF62BD008812F14C6266C5BDEA8F8C36564FA69972A27BD098642DA9C640BAB409186B9C18198CE03
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {29D88272-5B32-4441-B6F3-568230D61331}..PkgType = APAC..ComponentID=104252......[Version]......Method = MSI..Data = {29D88272-5B32-4441-B6F3-568230D61331}..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCC_MSI\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):360
                                                                                                                                    Entropy (8bit):5.3871973138111935
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9at3KKV5lFit3KKV5gCt3LSy+pfvcD6YIvPkIqF8kOWV9wwIRvcD6YIvPke:CxAtBV5ritBV5gCt7Sy+pf0D6lx+8qoL
                                                                                                                                    MD5:F4F676416330F78623F3CA9889D6F457
                                                                                                                                    SHA1:276D5C965E42A1AD06DA777DC6829D615345FBDB
                                                                                                                                    SHA-256:427C1E792A7F3D9A9C91882324A17BF3341DC830393609875F0229BC88F378FB
                                                                                                                                    SHA-512:6EB351A90FBA81738D45BA914F55A1BE185714B0A311AA5BF62BD008812F14C6266C5BDEA8F8C36564FA69972A27BD098642DA9C640BAB409186B9C18198CE03
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {29D88272-5B32-4441-B6F3-568230D61331}..PkgType = APAC..ComponentID=104252......[Version]......Method = MSI..Data = {29D88272-5B32-4441-B6F3-568230D61331}..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCC_MSI\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCC_MSI\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCH_CompID_Mapping.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:JSON data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):436
                                                                                                                                    Entropy (8bit):5.3008490108202055
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:l3FXLg2/TEBLkAXLg2/TEBLkr9XLg2/TEBLkw:RFXtE1kAXtE1kZXtE1kw
                                                                                                                                    MD5:215D6E154E243EAF50F847C8BE713909
                                                                                                                                    SHA1:E1F9AB4126531867DB0A2AA74F13DA812BA9FAA8
                                                                                                                                    SHA-256:42BF30F9A7631AA71A6F589FAE77220D274CBA566CC3089C900F740A124EB20A
                                                                                                                                    SHA-512:8E303522F64C08273FA565D8D4FBB402C59C328D9C1E2BF07A4934ED350C0A73C5C0D7857BE6E453BBC530C4231C6DEF767B8115D1A5CE899618073B03C62DC7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[105892]..RegistryKey=HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\nvlddmkm..Attribute=DCHUVen..Value=0x000010de..DCHCompID=100688....[108416]..RegistryKey=HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\nvlddmkm..Attribute=DCHUVen..Value=0x000010de..DCHCompID=100688....[108415]..RegistryKey=HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\nvlddmkm..Attribute=DCHUVen..Value=0x000010de..DCHCompID=100688..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCH_Mapping.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):6440
                                                                                                                                    Entropy (8bit):5.4452741254475905
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:QE1mE1ZEXEX/EmEPEGErEjEmESEiENEPEsE5EuENEYEY5EbEfEuE1EwEk5EPEaEr:LJRd
                                                                                                                                    MD5:2802E2B1BD7DB5098AEC4E09ABE6189A
                                                                                                                                    SHA1:6BD3694C6C92AAB1F5B169D7DDD1427291662F3E
                                                                                                                                    SHA-256:7436D798B40FBB2D945B7A2A5305D3A9913D1DB0338148E73682B6051F8E601C
                                                                                                                                    SHA-512:72F1FA910D5F5835FC90F7B2EA6FC3149A78C5E14DF62D08C9D6CCDEC1670C0C2CB42C5FCDBE61505FACDE67C6DC3BFC119A2963059C66677B7F3726B605FE0D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[PCI\VEN_10DE&DEV_1C8C&SUBSYS_087C1028]..RegistryKey=HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\nvlddmkm..Attribute=DCHUVen..Value=0x000010de..LegacyCompID=108416..DCHCompID=100688..[PCI\VEN_10DE&DEV_1C8D&SUBSYS_087C1028]..RegistryKey=HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\nvlddmkm..Attribute=DCHUVen..Value=0x000010de..LegacyCompID=108416..DCHCompID=100688..[PCI\VEN_10DE&DEV_1CBB&SUBSYS_087D1028]..RegistryKey=HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\nvlddmkm..Attribute=DCHUVen..Value=0x000010de..LegacyCompID=108415..DCHCompID=100688..[PCI\VEN_10DE&DEV_1CBA&SUBSYS_087D1028]..RegistryKey=HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\nvlddmkm..Attribute=DCHUVen..Value=0x000010de..LegacyCompID=108415..DCHCompID=100688....[PCI\VEN_10DE&DEV_1B81&SUBSYS_33011028]..RegistryKey=HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\nvlddmkm..Attribute=DCHUVen..Value=0x000010de..LegacyCompID=105892..DCHCompID=100688....[PCI\VEN_10DE&DE

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCP_ConnMgr\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1963
                                                                                                                                    Entropy (8bit):5.520444431954498
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:XUh1A+FBCUK0HIhuoBBIfmyIfiaiTB/X2+hIqU8HIhuoBrIfGO4:khi+FruhuoMOKRTB/2PBLhuoCeO4
                                                                                                                                    MD5:B5ECF78B9DDA92220D282CF29E1B7C19
                                                                                                                                    SHA1:BA0E6E5F5F5DB208746F899157776CE09043185D
                                                                                                                                    SHA-256:34714948172DC4E26932791BFD81E0BB002D92DC8BA88467E944F8D5F0D87229
                                                                                                                                    SHA-512:CE3CB2C2C64824CB67D6B35E55B2F1C1A054C6DAD3A0005D83E4CCB3C613C9D6275E2A7D069A18EB8687C5C764F1387D25F9B47E3A7D9FF790503E21924F10CA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971....;..;..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;ComponentID = 15971......Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F5A494F-20FC-4201-8E87-A78585F63F2E};DisplayVersion..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninsta

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCP_ConnMgr\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1907
                                                                                                                                    Entropy (8bit):5.561247314555786
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:XUh1A+XB4HIhuoBBExmMExiaiTB/X2+hIqU8HIhuoBrExGO4:khi+X1huoYeIRTB/2PBLhuoGAO4
                                                                                                                                    MD5:EC728554E7273A6DF208A578876495E4
                                                                                                                                    SHA1:091F37BF00CA9F08DB5DB8E9704C7257028C103C
                                                                                                                                    SHA-256:69E3BEE16508D5969F7AAE26DD255DA4C389E5A210A14B93FCC6768EE3529259
                                                                                                                                    SHA-512:4E9B5C92233FB56772D69B230BB3E9E4371EE2D930F893EA910CF358CC689AFD7836BB8B5B7ECFD0413FE93D418785AD0546EE76C27DA311D43ED0C615753CA2
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. ..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;..;..;..;..;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;ComponentID = 15971......Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{332F456D-0023-4F3D-8466-8F2E2277B205};DisplayVersion..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{332F456D-0023-4F3D-8466-8F2E2277B205};DisplayName..ComponentID =

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCP_ConnMgr\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCP_ConnMgr\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCP_SecMgr_App\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2229
                                                                                                                                    Entropy (8bit):5.438726015808462
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrD63v0aMILO2aiTB/X2+hIqU8HIV:hGvThi+nAEBL7uhuo20QFRTB/2PBLhum
                                                                                                                                    MD5:40B8BB3C744DD7D9E416B693F0D69A42
                                                                                                                                    SHA1:3B3CC3B9E919614595BA682CA7F69195C670CFB6
                                                                                                                                    SHA-256:3DA727038C73C04DC38F878AB4037B7C785048CED32178C383FEBD49AFBB59E6
                                                                                                                                    SHA-512:22060BCCFDA7147CB5F817A782BC3C5C9044AC9BE266AD69D22695847F0D7F7FE123A7CFE4663E494BF6D811387FF2D80E7DA4E7C727C7A178F87A94821ADF1C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCP_SecMgr_App\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2241
                                                                                                                                    Entropy (8bit):5.443428921200058
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrD63v0aMELO2aiTB/X2+hIqU8HIV:hGvThi+nAEBL7uhuo20MFRTB/2PBLhum
                                                                                                                                    MD5:BB69EB9EDAA30A38F2DE1A7A084EB77D
                                                                                                                                    SHA1:6D497C8868677E08E21E4A381BB552221CD3ECA2
                                                                                                                                    SHA-256:2118B254FEF96806C32E4E9EC3D9BF563A8D68ADC35E47E2411E6E66B0017E22
                                                                                                                                    SHA-512:9A7B2F50E6B2326C82D27360FA7BE1E12B6B266B874B419434A1F26369BFCBA4AADD934AB250593EBD2817279633D0E78E11C5052ADCFF2CB4E5273D0E19FCD0
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCP_SecMgr_App\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2077
                                                                                                                                    Entropy (8bit):4.777641218714742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCzNSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6zcRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:3883BC2C0A997E7DF2CD64C1605D7E2F
                                                                                                                                    SHA1:D2918B22AA931FA0D6714BC818B332E5143DEF6F
                                                                                                                                    SHA-256:8B1646F4D3FD041B34F777815611DB936945E3825076FBF33C88B15F06B4E06D
                                                                                                                                    SHA-512:13A09B7F4A7E0E58B7D2AA9A8812A567E75FE06733FFE19BAA88CEB3265C5F2B3DB5E234ED4F041028AFF193F06F755ABF1361561343B632DC91BFEB8E337E2A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCP_SecMgr_App\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCP_SecMgr_Drv\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2355
                                                                                                                                    Entropy (8bit):5.4720640980376665
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrD63IJyIMIJyO2aiTB/X2+hIqU8W:hGvThi+nAEBL7uhuo7JPJ6RTB/2PBLhj
                                                                                                                                    MD5:F8C30F8B692FC2309FC003953B820C4F
                                                                                                                                    SHA1:65CCC270057D4F68FAF4B30B93E6C049F99BF5A7
                                                                                                                                    SHA-256:CDBCB810D1579CC1077D8255F698992558F2C1176F4E6D38C9D3E5E236183456
                                                                                                                                    SHA-512:97F7014B7516CD35C326392106A1D39368FC361F45469BD2288DB9A7297A2CBFDE360F37D70360493020BCCE3A3A68C03CE38DABFC07E07817CA297804B74153
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCP_SecMgr_Drv\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2355
                                                                                                                                    Entropy (8bit):5.484379882872052
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:30h1A+n9GBEQD9yfJaktNIUK0HIhuoBrD63EJyIMEJyO2aiTB/X2+hIqU8HIhuoh:khi+nAEBL7uhuofJzJ6RTB/2PBLhuoGA
                                                                                                                                    MD5:A9B1CDBD22497E316421025288941E7B
                                                                                                                                    SHA1:E975803B49A80C832AA9B8C6BCB8554F1EDFC316
                                                                                                                                    SHA-256:640275A85E97AB663708CDAFD17F2C0E74AE05B0AC7522EAD7550983EE645124
                                                                                                                                    SHA-512:92C517E3F0C6B2E339B84F883D813C2411E419A00437F880292A284391ED085801061D7E7BF723A91FAC4EE9D6B4F01F4385786910D0025B94152B17021C7D94
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /S..[Regular]..1= Payload\Setup.exe /S..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCP_SecMgr_Drv\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCP_SecMgr_Drv\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCSU\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1656
                                                                                                                                    Entropy (8bit):5.429194689504371
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:XUh1A+FBCUK0HIhuoB2SaiTB/X2+hIqU8HIhuoBoAO4:khi+FruhuoJRTB/2PBLhuolO4
                                                                                                                                    MD5:C42E707655E770DACECA6A4FDA01A6F3
                                                                                                                                    SHA1:982B63E03E759E7F42BC64B7A4DAE871149ABD21
                                                                                                                                    SHA-256:415BD08AC61F5DACD0DE78FEC976B9FC82B9E0AE54DE7EE69E541382A68941D6
                                                                                                                                    SHA-512:68B6F2D58A815FCDD86966BF0D5370FFE9BAA2F98BD906303D07F2CF6987F4731B9D28C25589DB2F1469B8A3E9FBCB94165CEDB601F7B1262F0F90984189FACD
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971....;..;..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;ComponentID = 15971......Method = MSI..Data = {E9D40AD1-4E1D-46F2-B44A-F7E98338FCC7}..ComponentID = 23400......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCSU\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1656
                                                                                                                                    Entropy (8bit):5.429194689504371
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:XUh1A+FBCUK0HIhuoB2SaiTB/X2+hIqU8HIhuoBoAO4:khi+FruhuoJRTB/2PBLhuolO4
                                                                                                                                    MD5:C42E707655E770DACECA6A4FDA01A6F3
                                                                                                                                    SHA1:982B63E03E759E7F42BC64B7A4DAE871149ABD21
                                                                                                                                    SHA-256:415BD08AC61F5DACD0DE78FEC976B9FC82B9E0AE54DE7EE69E541382A68941D6
                                                                                                                                    SHA-512:68B6F2D58A815FCDD86966BF0D5370FFE9BAA2F98BD906303D07F2CF6987F4731B9D28C25589DB2F1469B8A3E9FBCB94165CEDB601F7B1262F0F90984189FACD
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971....;..;..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;ComponentID = 15971......Method = MSI..Data = {E9D40AD1-4E1D-46F2-B44A-F7E98338FCC7}..ComponentID = 23400......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCSU\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCSU\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCU_Bradbury\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.21078039738555
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFzbyimddSngy0xXXC7cVckhFdVBsSkddSngy0xXXCCvn:/QZgFvydd/pckhFrBUd/pnv
                                                                                                                                    MD5:2253B25444111E07BBECB8844E49B889
                                                                                                                                    SHA1:D5F665FA9706891A34A1CB8BD5BA6BDEBDB85067
                                                                                                                                    SHA-256:61A1A3EF8E301291DE1A19322E7BBE3F892633936410C97CFC12CF2CA37D7AB9
                                                                                                                                    SHA-512:D7659A10CAD8CD817E479552063ECDCCD70A0AAE33E2BAE2AE5B56C2C620D38964363388EA427D20A1CDC09C763DA1E71D77B7089386784886C36D1BB993CDED
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 107174..data = {69488F91-BE5B-40E1-9202-CD793CA948ED}..pkgtype = APAC....[Version]..method = MSI..data = {69488F91-BE5B-40E1-9202-CD793CA948ED}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCU_Bradbury\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):181
                                                                                                                                    Entropy (8bit):5.221280440604539
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFzbyimddSngy0xXXC7cVckhFdVBsSkddSngy0xXXCV:/QZgFvydd/pckhFrBUd/pu
                                                                                                                                    MD5:AE790E495E4EFC49205F7FED39EE5769
                                                                                                                                    SHA1:FC91B3DE6FBB478FED6188DDA7FC9EB4CA2CCA0B
                                                                                                                                    SHA-256:A5D0EC43C046A9616448F4896D9B4D7C4F3AC67F6ED05E3FA3DFE0A8915BFD0F
                                                                                                                                    SHA-512:419079CA30685E5B2F804E16326CA4A5321FE26D5D1AE76BC21CBE1881B95B0A6B803DE075B328B5FBA41C015F7365CC4FFBB5D1DBAE3778DF999284A3671BC9
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 107174..data = {69488F91-BE5B-40E1-9202-CD793CA948ED}..pkgtype = APAC....[Version]..method = MSI..data = {69488F91-BE5B-40E1-9202-CD793CA948ED}..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DCU_Bradbury\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DDDApp\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):358
                                                                                                                                    Entropy (8bit):5.392950077518291
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9at3KKV5lFit3KKV5gCt3LSy+pfvcvI7aVSZIF8kOWVtrAWvcvI7aVSZV:CxAtBV5ritBV5gCt7Sy+pf0QOm48870y
                                                                                                                                    MD5:DC0EBC17992DD741CE45820BF393EE99
                                                                                                                                    SHA1:221416D96A91EDEFCC372C5E90A9FB175BC6F9C6
                                                                                                                                    SHA-256:8033D78F9BC0C5A0F19ED0DEFD14F5F017C939688A9078E1327EC7EAEBB77C0C
                                                                                                                                    SHA-512:DF0EA31290D0A69A05A7589FCE0EC67F22ACBAE4F2960BFEC7F0DD9A6195F63BCBB2B2E21E34B253822CA2CAB228150CD0D23CBEF2661FF26CEB2B5ED51AB957
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {1EDE92D0-6392-4814-BD91-970291E1BA60}..PkgType = APAC..ComponentID=102287......[Version]....Method = MSI..Data = {1EDE92D0-6392-4814-BD91-970291E1BA60}..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DDDApp\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):358
                                                                                                                                    Entropy (8bit):5.392950077518291
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9at3KKV5lFit3KKV5gCt3LSy+pfvcvI7aVSZIF8kOWVtrAWvcvI7aVSZV:CxAtBV5ritBV5gCt7Sy+pf0QOm48870y
                                                                                                                                    MD5:DC0EBC17992DD741CE45820BF393EE99
                                                                                                                                    SHA1:221416D96A91EDEFCC372C5E90A9FB175BC6F9C6
                                                                                                                                    SHA-256:8033D78F9BC0C5A0F19ED0DEFD14F5F017C939688A9078E1327EC7EAEBB77C0C
                                                                                                                                    SHA-512:DF0EA31290D0A69A05A7589FCE0EC67F22ACBAE4F2960BFEC7F0DD9A6195F63BCBB2B2E21E34B253822CA2CAB228150CD0D23CBEF2661FF26CEB2B5ED51AB957
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {1EDE92D0-6392-4814-BD91-970291E1BA60}..PkgType = APAC..ComponentID=102287......[Version]....Method = MSI..Data = {1EDE92D0-6392-4814-BD91-970291E1BA60}..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DDDApp\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2080
                                                                                                                                    Entropy (8bit):4.780047987689396
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSz6:IQ8DW6NRLtzM/aI35HLt27LtI
                                                                                                                                    MD5:608A850B65747E6AED9BCFCFC3BA3524
                                                                                                                                    SHA1:9E19ADAE84D527149882F85ED4B6609810E42041
                                                                                                                                    SHA-256:9B399B28ABB5F346E4EE55D33FB1E1F9E2F07CDAE3674EC0B36BC36EC5F82659
                                                                                                                                    SHA-512:42BD7A219C6FA165BA1EB32DE2C6C1AF88695AECDB09F9E921D88F58DF21842CC1A1640FA5D88EB5EAB8A62595D582B7F5324CC94A6B45E7AC824C2355EF0887
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DDDApp\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):70
                                                                                                                                    Entropy (8bit):4.2087931853361935
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKx:WT0VJMww2YWFQQ
                                                                                                                                    MD5:704F986146BF214E6169E0FE37B27D4D
                                                                                                                                    SHA1:96F03946DBFDB2D45969878638C6D34679B52606
                                                                                                                                    SHA-256:171AE64DD5A99DC735E17BA9B0B5E74727ED563DCB63C5548C665313194A5A76
                                                                                                                                    SHA-512:53B35F883C9CE5C85CD33B7AD165D39218C8F59811EC3EB33085CA6859F4BD1D59F2FB6098CA51FE852B8970750E8DA8BCD73E5F60823768F4B88AD0E0404D4C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DDPA\DDPA.cmd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):232
                                                                                                                                    Entropy (8bit):5.083531336585264
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:hmRe7SDCI9FzmxKaONhOFNmKGKa5IrHFzmxMXNhOFW:wU7SDNmxKnNh8kKvdmxQNhh
                                                                                                                                    MD5:AD5C4305ED4E4744B38F8015F1F3FFEE
                                                                                                                                    SHA1:672014E9EC4CD13BAC0EA7545370184187D5AF89
                                                                                                                                    SHA-256:5CED7F023FF56FA564E591826211FCA3DEAF362A728BAB56421556D00D653A0F
                                                                                                                                    SHA-512:86E8FEC8511A36B5E74BA8E1029ABD8856B0DAFCD3D518BA71167B82489D0678ACDADE253B2ACD0B3352C662EFDBE9AE6E2C11D1A702FAE48FA2DEE341DBA9DC
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:@echo off..setlocal..if "%PROCESSOR_ARCHITEW6432%"=="" goto thirtytwo.. call %systemroot%\Sysnative\cscript /nologo DDPA.vbs %1.. endlocal..Exit....:thirtytwo.. call %systemroot%\system32\cscript /nologo DDPA.vbs %1....endlocal

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DDPA\DDPA.vbs

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with very long lines (355), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):13940
                                                                                                                                    Entropy (8bit):5.904310719557295
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:zjCQayq9qCT7x5crvdLQQrZYB+/cbUuZP8TDydpIZqBCKjwG:layS7xyDJQQNp/gUyUTDydpExKEG
                                                                                                                                    MD5:06B8AD19F61FF71609DC071D55B2A7E4
                                                                                                                                    SHA1:87D172599E268F587E551D0F52DD5600CCA2DF79
                                                                                                                                    SHA-256:6EB664C5CBB478386330CE874DF5DD5C62C615AA956E552E33588A801B517145
                                                                                                                                    SHA-512:F69452BE2FB42C7CA4064D27E360DF22BB71BBDC2C45DF560A014C1D4FA0AABF3752FFF2C338BE8947C2FF69BC14B705B3CF8EC3CBEBB830B9D41301EE91ACF8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:' Global Declarations..Option Explicit..On Error Resume Next....Dim strDisplayName, strVersion, strComponentID..Dim status, LogName....Dim WshShell, theArgs..Set WshShell = WScript.CreateObject("WScript.Shell")....set theArgs = Wscript.Arguments..LogName = theArgs.Item(0)..' Check if installation is present..call findInstallation()..strComponentID = "26463"....If Not (strVersion <> "") Then...status = "error"..End If....' Print Output XML..call WriteXML(status)....set WshShell = Nothing....Function findInstallation()...strDisplayName = "Dell Data Protection | Access"...strVersion = WshShell.RegRead("HKLM\SOFTWARE\Dell\ManageableUpdatePackage\Dell Data Protection | Access\")...if Not ( strVersion <> "") then....strVersion = WshShell.RegRead("HKLM\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\Dell Data Protection | Access\")...end if......End Function....' print output..Function WriteXML(status)......Dim QuoteObj, CrLfObj, XmlOpen, XmlClose, XmlData...Dim fso, log......QuoteObj = (

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DDPA\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):634
                                                                                                                                    Entropy (8bit):5.254577529774131
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtlitZYCtAw8j5Ld3dgXln4IY1mLd3dgXlnXFsq+pGipXd72y3iMfoY:+oGx89B36bLB36UFpGipXd72oiMfoY
                                                                                                                                    MD5:F05973495869647C524A93696427D762
                                                                                                                                    SHA1:9BCF4392BAFE6C88AD6C3DD4C66E6BFB15BD1C81
                                                                                                                                    SHA-256:C543682AF56150B557DA891042099EB88E5060C00916746B2676713EC24C8CA5
                                                                                                                                    SHA-512:AE70B72AE033F68D64F844B231797858B270369AF3E3E2D6B4D53891BE2E7B2F284263252ED77FA7EEA57864CBEA7B03A7826C6272DC7B89F761634817A76DA6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\setup.exe..[Regular]..1= Payload\setup.exe..[FreshInstall]..1= Payload\setup.exe..; ..[Scan]..Method = Reg..PkgType = APAC..ComponentID=26463..Data=HKEY_LOCAL_MACHINE\SOFTWARE\DELL\ManageableUpdatePackage\Dell Data Protection | Access\;....[Version]..; Need to extract Version from below given registry path..Method = Reg..Data=HKEY_LOCAL_MACHINE\SOFTWARE\DELL\ManageableUpdatePackage\Dell Data Protection | Access\;....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map PID of each Bluetooth to its corresponding Device Code....[Mapping]....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DDPA\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):659
                                                                                                                                    Entropy (8bit):5.309603568170731
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtFit5YCtgw8j5LeUZ3dgXlnrIY1mLeUZ3dgXlnAFsq+pG0Xd72y3zqoY:+qmR89CUZ36aLCUZ36RFpG0Xd72oOoY
                                                                                                                                    MD5:D2AD24689B86A70850D5B660EF169A49
                                                                                                                                    SHA1:5DEC51D2C750464824C55C1F4A377FC0D93DDBFB
                                                                                                                                    SHA-256:A17847489D19654783036EEF3C5AD3673F0BE7E2A342F28998530E3CF40CA830
                                                                                                                                    SHA-512:B3BE058E1870A722B2E1F31BAD44FABD420EA32BDE13C529794CBBA4D18D2104DA4BDE0B62D5754BAF937F66601E30F3F792E0B7EBBA1F608AFAE49FB4D080B6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe ..[Regular]..1= Payload\Setup.exe..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = Reg..PkgType = APAC..ComponentID=26463..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DELL\ManageableUpdatePackage\Dell Data Protection | Access\;....[Version]....; Need to extract Version from below given registry path..Method = Reg..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DELL\ManageableUpdatePackage\Dell Data Protection | Access\;......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0..; This enty is use to Map PID of each Bluetooth to its corresponsing Device Code....[Mapping]....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DDPA\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2116
                                                                                                                                    Entropy (8bit):4.7866738721200734
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2Pt88ZRegZSEmMt6rQSBzNSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:Ih8DWLzcRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:1D79EF1DA7E7EDF5DE332052106FB3C6
                                                                                                                                    SHA1:3A10E1B2DCCB33358B0934F82FF99C0665221CE7
                                                                                                                                    SHA-256:6C6304BB142841747EA31C957600166BC9307AD7952C75948089EC07629E3084
                                                                                                                                    SHA-512:ACC3438CC7A5DB327612A8D73EDF6CB9319A20610F9475CD59AC2BBDB1CBD86242CD35633CA53740553F4B93F0A92A5B3644691C92133BBE59FD1AFEC288AD21
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>APP</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg32.ini</Module>.. <Module>DrvCfg64.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p pack

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DDPA_App\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):841
                                                                                                                                    Entropy (8bit):5.577163315047771
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oGx8ryIVbXoFIVbXoBLIVbXoGFpGipXd72oiMfoY:BG6yI5XoFI5XolI5XoGO9PMgY
                                                                                                                                    MD5:5CACB06BE9195723F14A625671CC369E
                                                                                                                                    SHA1:77C3FE64C56669D2B9895C4179732CA046A69C00
                                                                                                                                    SHA-256:C9AB56B4DB3D418E108E7728BEF2EDE36273B9CA50E20E950A2963E7937FA6DC
                                                                                                                                    SHA-512:DE68ECE968E19CCDDBCDEB936E7C4DE0D978AA4A750D692C96C6C1235566C35F436F8926B95DDABEE69EAA37DAC0BC60C61080B10DAE4146B64D2D3932DF7A65
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\setup.exe..[Regular]..1= Payload\setup.exe..[FreshInstall]..1= Payload\setup.exe..; ..[Scan]..Method = Reg..PkgType = APAC..ComponentID=26463..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7D91856-258D-4C87-8041-B170851CE432};DisplayName..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7D91856-258D-4C87-8041-B170851CE432};DisplayVersion....[Version]..; Need to extract Version from below given registry path..Method = Reg..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A7D91856-258D-4C87-8041-B170851CE432};DisplayVersion....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map PID of each Bluetooth to its corresponding Device Code....[Mapping]....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DDPA_App\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):880
                                                                                                                                    Entropy (8bit):5.5976204306321184
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+qmR8ryCtVbXoFCtVbXo2yLCtVbXo2cFpG0Xd72oOoY:pmayE5XoFE5XoTE5XovO5eY
                                                                                                                                    MD5:54CB0950BFC37E3067429E50B877802B
                                                                                                                                    SHA1:DCA779A374A3895A9C073FABBB773896E1020264
                                                                                                                                    SHA-256:863A8BF2212A93DC4336606C3EE1511BD9AFD05B85C6ECE4C7EF5C5FA70B5134
                                                                                                                                    SHA-512:45DCE608EB64EA00967F424E811C6A0590A2E9C50B61AEF34E16BEC327A33930455CFEE1080E358C4CC0F692BDE10BD7A067666A9C20DCC98FE09C2D7120BE15
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe ..[Regular]..1= Payload\Setup.exe..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = Reg..PkgType = APAC..ComponentID=26463..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A7D91856-258D-4C87-8041-B170851CE432};DisplayName..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A7D91856-258D-4C87-8041-B170851CE432};DisplayVersion......[Version]....; Need to extract Version from below given registry path..Method = Reg..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A7D91856-258D-4C87-8041-B170851CE432};DisplayVersion......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0..; This enty is use to Map PID of each Bluetooth to its corresponsing Device Code....[Mapping]....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DDPA_App\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2116
                                                                                                                                    Entropy (8bit):4.7866738721200734
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2Pt88ZRegZSEmMt6rQSBzNSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:Ih8DWLzcRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:1D79EF1DA7E7EDF5DE332052106FB3C6
                                                                                                                                    SHA1:3A10E1B2DCCB33358B0934F82FF99C0665221CE7
                                                                                                                                    SHA-256:6C6304BB142841747EA31C957600166BC9307AD7952C75948089EC07629E3084
                                                                                                                                    SHA-512:ACC3438CC7A5DB327612A8D73EDF6CB9319A20610F9475CD59AC2BBDB1CBD86242CD35633CA53740553F4B93F0A92A5B3644691C92133BBE59FD1AFEC288AD21
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>APP</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg32.ini</Module>.. <Module>DrvCfg64.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p pack

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DDPA_Mware\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):863
                                                                                                                                    Entropy (8bit):5.563373599534141
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+eO8AyIVUEFIVUE8LIVUE2cFpGipXd72oOoV:/GyIRFIRaIRvO9eV
                                                                                                                                    MD5:A66AD37C96D66005F03E0169A5EA9F38
                                                                                                                                    SHA1:99B26C065BCDBE0E357A6BAFF66A9BE8E8165FF3
                                                                                                                                    SHA-256:7978BD35C5060BEEC1F524AF4EB6B912B3106A8BFBA92FBE9ABFE3BF1E365984
                                                                                                                                    SHA-512:57C9DA21696798352C423D8DA69E7EF7D1DD471A855FAA9CCF7FF51687D8C678B311C974CB0C59A8BB26CD0B9DC954891FB5198C136123B892D10C1E3A40B2D2
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = Reg..PkgType = APAC..ComponentID=26462..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8};DisplayName..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8};DisplayVersion....[Version]....; Need to extract Version from below given registry path..Method = Reg..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8};DisplayVersion......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map PID of each Bluetooth to its corresponsing Device Code....[Mapping]......

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DDPA_Mware\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):897
                                                                                                                                    Entropy (8bit):5.584507952431561
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+eO8AyCtVUEFCtVUE8LCtVUE2cFpGipXd72oOoY:/GyERFERaERvO9eY
                                                                                                                                    MD5:27279D56A8461E04426A81352E9BF1AF
                                                                                                                                    SHA1:E212E4B20F5458645A743A1CDE942CA3EE148E67
                                                                                                                                    SHA-256:70F02BCBE3C181CED54E5CCF3F6DEF59C09EA6D74AB7F47C30B9AE09D3A78D17
                                                                                                                                    SHA-512:8688CA62C2F22707BD0FE2EE8AD33F829F3761967520B0A81241717B46C3A4EA51B995B530D9C1217384CA4BE4F921B2E34ECCADA1C6D5F608B93AAC826CDD12
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = Reg..PkgType = APAC..ComponentID=26462..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8};DisplayName..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8};DisplayVersion....[Version]....; Need to extract Version from below given registry path..Method = Reg..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8};DisplayVersion......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map PID of each Bluetooth to its corresponsing Device Code....[Mapping]....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DDPA_Mware\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2116
                                                                                                                                    Entropy (8bit):4.7866738721200734
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2Pt88ZRegZSEmMt6rQSBzNSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:Ih8DWLzcRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:1D79EF1DA7E7EDF5DE332052106FB3C6
                                                                                                                                    SHA1:3A10E1B2DCCB33358B0934F82FF99C0665221CE7
                                                                                                                                    SHA-256:6C6304BB142841747EA31C957600166BC9307AD7952C75948089EC07629E3084
                                                                                                                                    SHA-512:ACC3438CC7A5DB327612A8D73EDF6CB9319A20610F9475CD59AC2BBDB1CBD86242CD35633CA53740553F4B93F0A92A5B3644691C92133BBE59FD1AFEC288AD21
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>APP</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg32.ini</Module>.. <Module>DrvCfg64.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p pack

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DDPA_Mware\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DELLUPDATE_1_3\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.1232225417226855
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFnOVkegWqTkoUSkQVkScVckhFdVBsSkVkegWqTkoUSkQVy:/QZgFnOVkuokgkSkhFrBUVkuokgy
                                                                                                                                    MD5:E3CC8D99444A42732C2BF20EC3071326
                                                                                                                                    SHA1:2E88278814DFF2B37E501CB718592F64E544D185
                                                                                                                                    SHA-256:99351871663A1E2A1B7645A2A06428C744997C94D31520258462056A08929B92
                                                                                                                                    SHA-512:D9DE8F6E3BCF9234AE009BAD101287D42B8A4641887D02B45FA221B3163762A789A2D9A659E657D28B386B58093BCC1F26BD0D9276EB5C88E57E1BDE1AE98408
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 102511..data = {A42D814D-EACD-4EAD-B65C-06B61B817725}..pkgtype = APAC....[Version]..method = MSI..data = {A42D814D-EACD-4EAD-B65C-06B61B817725}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DELLUPDATE_1_3\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.1232225417226855
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFnOVkegWqTkoUSkQVkScVckhFdVBsSkVkegWqTkoUSkQVy:/QZgFnOVkuokgkSkhFrBUVkuokgy
                                                                                                                                    MD5:E3CC8D99444A42732C2BF20EC3071326
                                                                                                                                    SHA1:2E88278814DFF2B37E501CB718592F64E544D185
                                                                                                                                    SHA-256:99351871663A1E2A1B7645A2A06428C744997C94D31520258462056A08929B92
                                                                                                                                    SHA-512:D9DE8F6E3BCF9234AE009BAD101287D42B8A4641887D02B45FA221B3163762A789A2D9A659E657D28B386B58093BCC1F26BD0D9276EB5C88E57E1BDE1AE98408
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 102511..data = {A42D814D-EACD-4EAD-B65C-06B61B817725}..pkgtype = APAC....[Version]..method = MSI..data = {A42D814D-EACD-4EAD-B65C-06B61B817725}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DELLUPDATE_1_3\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DELL_MOBILE\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):519
                                                                                                                                    Entropy (8bit):5.245578578336367
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtZittYCtglDdMPbvIUFFsq+pGipXd721ThzqoOf:+6AgobuFpGipXd721ThOoe
                                                                                                                                    MD5:B008502C82719AD13D19395E11FE89EC
                                                                                                                                    SHA1:E7DBCED2035C313BB8833A66EDA3940DF7D55490
                                                                                                                                    SHA-256:8F9A4AD01DF2DFA17A29CE70D548EA9F32C760EF6F4D8928D4AF44E1EDC58290
                                                                                                                                    SHA-512:997B885D4678CCA18820266FBB94CAB5C0E8E18101740FF38B080B931C49036C27FECAFAF10960CC1517B7D217A3EA6FBEFC98D885E46A7F5EAFC3772657C722
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\setup.exe /q..[Regular]..1= Payload\setup.exe /q..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = MobileBroadband..PkgType = DRVR....[Version]....; Need to extract Version from MSI Product Code..Method = MSI..Data={554704FF-D7AC-4E82-8958-4DADCD32C50B}......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map PID of each Mobile Broadband device to its corresponsing Device Code....[Mapping]..8185=21977..8186=21977..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DELL_MOBILE\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):519
                                                                                                                                    Entropy (8bit):5.245578578336367
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtZittYCtglDdMPbvIUFFsq+pGipXd721ThzqoOf:+6AgobuFpGipXd721ThOoe
                                                                                                                                    MD5:B008502C82719AD13D19395E11FE89EC
                                                                                                                                    SHA1:E7DBCED2035C313BB8833A66EDA3940DF7D55490
                                                                                                                                    SHA-256:8F9A4AD01DF2DFA17A29CE70D548EA9F32C760EF6F4D8928D4AF44E1EDC58290
                                                                                                                                    SHA-512:997B885D4678CCA18820266FBB94CAB5C0E8E18101740FF38B080B931C49036C27FECAFAF10960CC1517B7D217A3EA6FBEFC98D885E46A7F5EAFC3772657C722
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\setup.exe /q..[Regular]..1= Payload\setup.exe /q..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = MobileBroadband..PkgType = DRVR....[Version]....; Need to extract Version from MSI Product Code..Method = MSI..Data={554704FF-D7AC-4E82-8958-4DADCD32C50B}......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map PID of each Mobile Broadband device to its corresponsing Device Code....[Mapping]..8185=21977..8186=21977..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DELL_MOBILE\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1529
                                                                                                                                    Entropy (8bit):4.804933436158719
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZReg5MM7reCotKeAKLtr3M/aI3xzP:IQ8DTjNgLtzM/aI3R
                                                                                                                                    MD5:1077742084224593994E35656596C94D
                                                                                                                                    SHA1:B7D7B46140ECDCEE688D9859738DFF82AFB3593D
                                                                                                                                    SHA-256:1744F8B8F5301A9F0232A4ABAA9B19553D31E2E741B9C60898E6538EC557A01A
                                                                                                                                    SHA-512:26EB66E55B0D0FB714220BC50D594660641089098DBB611403FC441518D90CC8263ED046AA64329DAF90F02AAC83A8D3798B722E219946C3D07DC93C99753DCD
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>USBUpdate.exe</Startfile>.. <CliToStdout>.. <Command>USBUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>USBUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>USBUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="300">... <CopyRequired>0</CopyRequired>.. <Startfile>USBUpdate.exe</Startfile>.. <CliToStdout>.. <Command>USBUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DELL_MOBILE\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DPP\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1222
                                                                                                                                    Entropy (8bit):5.510080450792544
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+2SFmjc1zs+TLtVt8xo2NIVkcAmyIVkcAOZFNavzM9oQBGAXlo+ONIVkcAGFpGiv:rSh1A+FVQIedmyIedOZaiTB/X2+0Ied0
                                                                                                                                    MD5:FD6590C3896A6E991682CB8DB61CD7C3
                                                                                                                                    SHA1:14002F0182E39B4BD2F1DE5F7671EE1FF397FE98
                                                                                                                                    SHA-256:769D3F5903A35D701ACF404243FD18F6C8340DE893FAF094C00412D4D49711A7
                                                                                                                                    SHA-512:9E44ACEDD0A941E2BF01C24A9938591D32AA35D1C4B1DCFCD3FA3E9AA06C63E3308F132101F34C35A79B329AB61822DA9C82AF881995FAC280059CF5CA53080A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn..[Regular]..1= Payload\Setup.exe /qn..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = REG..PkgType = APAC..ComponentID = 100675..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66A3355-FEA4-4F60-8BAF-D6CBEDB396D8};DisplayVersion..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D66A3355-FEA4-4F60-8BAF-D6CBEDB396D8};DisplayName..........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables ....M

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DPP\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1253
                                                                                                                                    Entropy (8bit):5.529605542029998
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+2SFmjc1zs+TLtVt8xo2NCtVkcAmyCtVkcAONFNavzM9oQBGAXlo+sNCtVkcAGFn:rSh1A+FVQEedmyEedONaiTB/X2+2Eed0
                                                                                                                                    MD5:051892632FFCDBB4B8776169DC85DE65
                                                                                                                                    SHA1:3FE1B15341A6262305FED5254B884DBD3DDF6F47
                                                                                                                                    SHA-256:C141F6D6B5613A690FF173D8BADE3A012F8F839C50B6398C5F9D9B4CF27B796C
                                                                                                                                    SHA-512:B3DB91629A1F5DA15F1080F17CD0B8268C6B15298D5EEBCE9931FB422F0D999125F1A8F31A87EC8A2D200BA55DC9000168BEA2D6DC7C7CF5AE6F80E68F7BC4C9
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn..[Regular]..1= Payload\Setup.exe /qn..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = REG..PkgType = APAC..ComponentID = 100675..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D66A3355-FEA4-4F60-8BAF-D6CBEDB396D8};DisplayVersion..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D66A3355-FEA4-4F60-8BAF-D6CBEDB396D8};DisplayName......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold envirome

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DPP\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2116
                                                                                                                                    Entropy (8bit):4.7866738721200734
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2Pt88ZRegZSEmMt6rQSBzNSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:Ih8DWLzcRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:1D79EF1DA7E7EDF5DE332052106FB3C6
                                                                                                                                    SHA1:3A10E1B2DCCB33358B0934F82FF99C0665221CE7
                                                                                                                                    SHA-256:6C6304BB142841747EA31C957600166BC9307AD7952C75948089EC07629E3084
                                                                                                                                    SHA-512:ACC3438CC7A5DB327612A8D73EDF6CB9319A20610F9475CD59AC2BBDB1CBD86242CD35633CA53740553F4B93F0A92A5B3644691C92133BBE59FD1AFEC288AD21
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>APP</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg32.ini</Module>.. <Module>DrvCfg64.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p pack

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_HOTKEY_E7_W7\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.218675716719191
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFIdoZ4b/MhwjjsSuIndgkBKcScVBIdVBsSk/MhwjjsSuIndgkBKwv:/QZgFIdS4b/gWPuIdgkBkrBU/gWPuIdF
                                                                                                                                    MD5:600ADB7011848618825CA880E3E9D980
                                                                                                                                    SHA1:E36C0BF5AC18AF27A49EFE6A5200F1D9A2F3BBBD
                                                                                                                                    SHA-256:9665B9034D17411247F57C07CC01B921BC81463FECDAE1EFE8B3238180A3CD13
                                                                                                                                    SHA-512:4746CE37B4F364D77A5035F28FAB747094BF9515D123F88A85AFABABE9ADFE164E41FB788F7827AEDF961CFA752D315FDA8F88CC588B2EA0A43195681C8CB3B3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104128..data = {45B733D0-6F3A-4340-AE26-B8F91399C450}..pkgtype = DRVR....[Version]..method = MSI..data = {45B733D0-6F3A-4340-AE26-B8F91399C450}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_HOTKEY_E7_W7\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.218675716719191
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFIdoZ4b/MhwjjsSuIndgkBKcScVBIdVBsSk/MhwjjsSuIndgkBKwv:/QZgFIdS4b/gWPuIdgkBkrBU/gWPuIdF
                                                                                                                                    MD5:600ADB7011848618825CA880E3E9D980
                                                                                                                                    SHA1:E36C0BF5AC18AF27A49EFE6A5200F1D9A2F3BBBD
                                                                                                                                    SHA-256:9665B9034D17411247F57C07CC01B921BC81463FECDAE1EFE8B3238180A3CD13
                                                                                                                                    SHA-512:4746CE37B4F364D77A5035F28FAB747094BF9515D123F88A85AFABABE9ADFE164E41FB788F7827AEDF961CFA752D315FDA8F88CC588B2EA0A43195681C8CB3B3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104128..data = {45B733D0-6F3A-4340-AE26-B8F91399C450}..pkgtype = DRVR....[Version]..method = MSI..data = {45B733D0-6F3A-4340-AE26-B8F91399C450}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_HOTKEY_E7_W7\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_ISS3P0_NEW\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):181
                                                                                                                                    Entropy (8bit):5.1509892938587765
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFOWovmIxdhFRgOcuHSt9nFvlcVBIdVBsSkIxdhFRgOcuHSt9nFvn:/QZgFOWoOIbbXcugnVVrBUIbbXcugnVn
                                                                                                                                    MD5:027B105664385C22F990742F05434341
                                                                                                                                    SHA1:91FB4EAE11717A805840DB307B6E1B8C6A480F35
                                                                                                                                    SHA-256:7B16022091BD310AB44130DB4BA56280F9AAB353C68749B6453E98A2454E788B
                                                                                                                                    SHA-512:007A159DF87E5B8F5F86EA1581B6969EAEB937AE5ABDF272477ECA30BA73EC4C6AFE338061B1DD0B8A374AE4A956F71B561742470E6D118E0ADC4BC5F5113682
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103834..data = {352FA431-8F8E-4E14-8129-6A7F9F99228B}..pkgtype = DRVR....[Version]..method = MSI..data = {352FA431-8F8E-4E14-8129-6A7F9F99228B}..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_ISS3P0_NEW\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):181
                                                                                                                                    Entropy (8bit):5.1509892938587765
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFOWovmIxdhFRgOcuHSt9nFvlcVBIdVBsSkIxdhFRgOcuHSt9nFvn:/QZgFOWoOIbbXcugnVVrBUIbbXcugnVn
                                                                                                                                    MD5:027B105664385C22F990742F05434341
                                                                                                                                    SHA1:91FB4EAE11717A805840DB307B6E1B8C6A480F35
                                                                                                                                    SHA-256:7B16022091BD310AB44130DB4BA56280F9AAB353C68749B6453E98A2454E788B
                                                                                                                                    SHA-512:007A159DF87E5B8F5F86EA1581B6969EAEB937AE5ABDF272477ECA30BA73EC4C6AFE338061B1DD0B8A374AE4A956F71B561742470E6D118E0ADC4BC5F5113682
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103834..data = {352FA431-8F8E-4E14-8129-6A7F9F99228B}..pkgtype = DRVR....[Version]..method = MSI..data = {352FA431-8F8E-4E14-8129-6A7F9F99228B}..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_ISS3P0_NEW\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_ISS3P0_XLOB\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):4.934658336404294
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFOWovmfMAUcxVdJ1TxFNtRcVBIdVBsSkfMAUcxVdJ1TxFa:/QZgFOWoOEaxVd3VFNtJrBUEaxVd3VFa
                                                                                                                                    MD5:2573EDF9575DA2EBEB5E8170669CB375
                                                                                                                                    SHA1:4555CDFB68B59F48663FB74D224761FB516129E1
                                                                                                                                    SHA-256:EA465A68DEAF131A94EB9D45EE43F802743FB32558A2DA6C648ED8134D61D984
                                                                                                                                    SHA-512:8821E92E30A2C5832BCAF3D70B6F4E9B72E4458CE4CCF8C7A96A4A9818830D160DF6062CD18240E7071591008EB77349152287E1DE8DF364DFE09A88F6273A69
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103834..data = {e10e1905-31ac-4e08-aaa9-887c49d7e942}..pkgtype = DRVR....[Version]..method = MSI..data = {e10e1905-31ac-4e08-aaa9-887c49d7e942}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_ISS3P0_XLOB\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):4.934658336404294
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFOWovmfMAUcxVdJ1TxFNtRcVBIdVBsSkfMAUcxVdJ1TxFa:/QZgFOWoOEaxVd3VFNtJrBUEaxVd3VFa
                                                                                                                                    MD5:2573EDF9575DA2EBEB5E8170669CB375
                                                                                                                                    SHA1:4555CDFB68B59F48663FB74D224761FB516129E1
                                                                                                                                    SHA-256:EA465A68DEAF131A94EB9D45EE43F802743FB32558A2DA6C648ED8134D61D984
                                                                                                                                    SHA-512:8821E92E30A2C5832BCAF3D70B6F4E9B72E4458CE4CCF8C7A96A4A9818830D160DF6062CD18240E7071591008EB77349152287E1DE8DF364DFE09A88F6273A69
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103834..data = {e10e1905-31ac-4e08-aaa9-887c49d7e942}..pkgtype = DRVR....[Version]..method = MSI..data = {e10e1905-31ac-4e08-aaa9-887c49d7e942}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_ISS3P0_XLOB\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_Intel_RealSense\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):178
                                                                                                                                    Entropy (8bit):5.205187346813418
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFEuSOdSTQp8RCIxSgFvQckhFdVBsSkdSTQp8RCIxSgFF:/QZgFEuSOdSPCIUgRkhFrBUdSPCIUgj
                                                                                                                                    MD5:CB7161192E9799C75369A4CE5FB4950B
                                                                                                                                    SHA1:D020473F2AE47BDF1BE2BAA02B42D0D2334B9DE8
                                                                                                                                    SHA-256:F2C2863E335FC8772A116587F1471574F7FB2F31EF0B9BBC62FEB163DA7A9AB2
                                                                                                                                    SHA-512:769661F18063E3757E5C1940F78EFAEB92E28FE342D04CDED85A5AD69ABB7332B2E9398666879F53553C2C7CEBFCA0CAFF224D271518129AACCCF04113AF951E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103278 ..data = {E0765D3C-B3CE-4DCA-A26E-4E547E813FF1}pkgtype = APAC....[Version]..method = MSI..data = {E0765D3C-B3CE-4DCA-A26E-4E547E813FF1}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_Intel_RealSense\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):178
                                                                                                                                    Entropy (8bit):5.205187346813418
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFEuSOdSTQp8RCIxSgFvQckhFdVBsSkdSTQp8RCIxSgFF:/QZgFEuSOdSPCIUgRkhFrBUdSPCIUgj
                                                                                                                                    MD5:CB7161192E9799C75369A4CE5FB4950B
                                                                                                                                    SHA1:D020473F2AE47BDF1BE2BAA02B42D0D2334B9DE8
                                                                                                                                    SHA-256:F2C2863E335FC8772A116587F1471574F7FB2F31EF0B9BBC62FEB163DA7A9AB2
                                                                                                                                    SHA-512:769661F18063E3757E5C1940F78EFAEB92E28FE342D04CDED85A5AD69ABB7332B2E9398666879F53553C2C7CEBFCA0CAFF224D271518129AACCCF04113AF951E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103278 ..data = {E0765D3C-B3CE-4DCA-A26E-4E547E813FF1}pkgtype = APAC....[Version]..method = MSI..data = {E0765D3C-B3CE-4DCA-A26E-4E547E813FF1}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_Intel_RealSense\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_Intel_WireL_Disp\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):178
                                                                                                                                    Entropy (8bit):5.191546364231565
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFaFoO5dcWmI4TIRhRgIjVSRVDC6VckhFdVBsSk5dcWmI4TIRhRgIjVS0:/QZgFOoO5dchIeZIjozDC6qkhFrBU5dH
                                                                                                                                    MD5:E046659C40E1240BE6C7777575C64385
                                                                                                                                    SHA1:A855703E30237F932826431478B21D82B895AA08
                                                                                                                                    SHA-256:59720989614AFC88925E1603FCE883E339EFA969EB321B2C9104DB4E17F75772
                                                                                                                                    SHA-512:658B8133552C1B1D1331E9829CF3022D9F55F088938D2671CB710CCFF2B6F046DB572AC8067B4FFFA343C0531238EADB3E8A8FADD048D1BDB8D98181BC117574
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104243 ..data = {438937D0-2F16-4D4E-B3A0-5A0E6B5046F0}pkgtype = APAC....[Version]..method = MSI..data = {438937D0-2F16-4D4E-B3A0-5A0E6B5046F0}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_Intel_WireL_Disp\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):178
                                                                                                                                    Entropy (8bit):5.191546364231565
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFaFoO5dcWmI4TIRhRgIjVSRVDC6VckhFdVBsSk5dcWmI4TIRhRgIjVS0:/QZgFOoO5dchIeZIjozDC6qkhFrBU5dH
                                                                                                                                    MD5:E046659C40E1240BE6C7777575C64385
                                                                                                                                    SHA1:A855703E30237F932826431478B21D82B895AA08
                                                                                                                                    SHA-256:59720989614AFC88925E1603FCE883E339EFA969EB321B2C9104DB4E17F75772
                                                                                                                                    SHA-512:658B8133552C1B1D1331E9829CF3022D9F55F088938D2671CB710CCFF2B6F046DB572AC8067B4FFFA343C0531238EADB3E8A8FADD048D1BDB8D98181BC117574
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104243 ..data = {438937D0-2F16-4D4E-B3A0-5A0E6B5046F0}pkgtype = APAC....[Version]..method = MSI..data = {438937D0-2F16-4D4E-B3A0-5A0E6B5046F0}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_Intel_WireL_Disp\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_NTWK_INTEL_W64_16_5_0\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):315
                                                                                                                                    Entropy (8bit):5.363971338804282
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HFiGc5XLxTmbA0MO62WMcbAmtkXLxTmbA0MO62rIrqOc5XLxTmbA0MO62WMf:OcNLZ8A7BMckmtULZ8A7hcNLZ8A7BMf
                                                                                                                                    MD5:9ED3E9BBE621D834DA75291E77071796
                                                                                                                                    SHA1:D5B622CF6A4044C712B1B258E4E11AF45EE37768
                                                                                                                                    SHA-256:03A52C8300567A2B59622E222FBAD3918AC99A3EA73EA77644190A4682F683C2
                                                                                                                                    SHA-512:DBF367DC4603B5914659217263C8E9127BA23153D51ED41CB2F1E965386B39495AF594BEF18EB5237814619F2739E901D5CA377BA5AF191BFBA34E11AE785002
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 28782..data = HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Network_Services\UmbInst\Version;..pkgtype = DRVR..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Network_Services\UmbInst;....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Network_Services\UmbInst\Version;....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_NTWK_INTEL_W64_16_5_0\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):313
                                                                                                                                    Entropy (8bit):5.366917823429842
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HFyFc5XLxTmbA0MO62WMcbAmtkXLxTmbA0MO62rIrqOc5XLxTmbA0MO62WMf:zFcNLZ8A7BMckmtULZ8A7hcNLZ8A7BMf
                                                                                                                                    MD5:C2CC6F56E5F37631AC379E0480455A42
                                                                                                                                    SHA1:D562CF2A571E1C4367CA87EE527E3D7292925F7E
                                                                                                                                    SHA-256:4B445734D7EF93FBE7EF15C1DB87D39F8A4FDBA774A8FF359A7B5FADD6F61A7C
                                                                                                                                    SHA-512:58596352CA3AE1B715F06A2285284256E0FEAF948AD8B48072975945CB58999E645D8D0096F646DBA41D1B2C56A0C19C7C47045C1C806217E51A7C6A6129A358
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 28782data = HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Network_Services\UmbInst\Version;..pkgtype = DRVR..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Network_Services\UmbInst;....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\Intel\Network_Services\UmbInst\Version;....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_NTWK_INTEL_W64_16_5_0\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_WDT_WINDOWS\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):315
                                                                                                                                    Entropy (8bit):5.281516499693781
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HF9Cbc5XLx1pNgZjkaWjbAmtkXLx1pNgmArqOc5XLx1pNgmn:tbcNLTpNgZjGjkmtULTpNgHcNLTpNgm
                                                                                                                                    MD5:E8EA8D9924E4063E8E45A47154098489
                                                                                                                                    SHA1:533DF6738B5DA7843E4E4EC517397BFE56DAE34C
                                                                                                                                    SHA-256:89A88FB9E633175F75D303CBF25EAD60CE6BA354A461E6F3AEEC5A5F9F5A0FF1
                                                                                                                                    SHA-512:E83B6620CD6FA2F876D9DFEE200F3D5C080CCE673959C3AFB9FCA62236BC412F16ECD6B4B01402AC4E6C153A90DA1A21AAF29AE2012A551E8A956FB23F1A4DCD
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 103378..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Version..pkgtype = APAC..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Version....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Version....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_WDT_WINDOWS\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):315
                                                                                                                                    Entropy (8bit):5.281516499693781
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HF9Cbc5XLx1pNgZjkaWjbAmtkXLx1pNgmArqOc5XLx1pNgmn:tbcNLTpNgZjGjkmtULTpNgHcNLTpNgm
                                                                                                                                    MD5:E8EA8D9924E4063E8E45A47154098489
                                                                                                                                    SHA1:533DF6738B5DA7843E4E4EC517397BFE56DAE34C
                                                                                                                                    SHA-256:89A88FB9E633175F75D303CBF25EAD60CE6BA354A461E6F3AEEC5A5F9F5A0FF1
                                                                                                                                    SHA-512:E83B6620CD6FA2F876D9DFEE200F3D5C080CCE673959C3AFB9FCA62236BC412F16ECD6B4B01402AC4E6C153A90DA1A21AAF29AE2012A551E8A956FB23F1A4DCD
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 103378..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Version..pkgtype = APAC..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Version....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Version....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRVR_WDT_WINDOWS\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRV_DS4CAM_7275_Y15Q3\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.128984748894779
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFeoOOUtdITtU/NnIfR8mcVBIdVBsSkOUtdITtU/NnIfR8dn:/QZgFeNtSm/1IfhrBUNtSm/1If+
                                                                                                                                    MD5:09D7C1752C78D8DCC8ABE6F5892D2215
                                                                                                                                    SHA1:89AE2643C0D85CC6AC7373CFFA7B1E7553642BE4
                                                                                                                                    SHA-256:23FAA0A8490350BAAAE1535DB45116B92139B095B2B7E1E936CC70FAFE07B6CE
                                                                                                                                    SHA-512:ECE3FB85EA3E2694ABEC9395A22F5CA323D4643D3C28441A37028F993EAB05B067A12A1F61102F789CFD553BB8FB78B1B25402BA1FB93A0F326307FAE4700D6A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 102421..data = {4D36E968-E325-11CE-BFC1-08002BE10318}..pkgtype = DRVR....[Version]..method = MSI..data = {4D36E968-E325-11CE-BFC1-08002BE10318}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRV_DS4CAM_7275_Y15Q3\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.128984748894779
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFeoOOUtdITtU/NnIfR8mcVBIdVBsSkOUtdITtU/NnIfR8dn:/QZgFeNtSm/1IfhrBUNtSm/1If+
                                                                                                                                    MD5:09D7C1752C78D8DCC8ABE6F5892D2215
                                                                                                                                    SHA1:89AE2643C0D85CC6AC7373CFFA7B1E7553642BE4
                                                                                                                                    SHA-256:23FAA0A8490350BAAAE1535DB45116B92139B095B2B7E1E936CC70FAFE07B6CE
                                                                                                                                    SHA-512:ECE3FB85EA3E2694ABEC9395A22F5CA323D4643D3C28441A37028F993EAB05B067A12A1F61102F789CFD553BB8FB78B1B25402BA1FB93A0F326307FAE4700D6A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 102421..data = {4D36E968-E325-11CE-BFC1-08002BE10318}..pkgtype = DRVR....[Version]..method = MSI..data = {4D36E968-E325-11CE-BFC1-08002BE10318}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DRV_DS4CAM_7275_Y15Q3\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DSS\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2288
                                                                                                                                    Entropy (8bit):5.429080169604951
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:PgMQgsgiPh1A+n9GBEQD9yfJaktNIUK0HIhuoBrD63vL/Mv04aiTB/X2+hIqU8Hr:PM/9hi+nAEBL7uhuo2LmlRTB/2PBLhuN
                                                                                                                                    MD5:C99D42DFE54733D43197DE4816FCC90D
                                                                                                                                    SHA1:CFC0B3982161388AE251A1FDABC2901D751FD553
                                                                                                                                    SHA-256:9B9431230E211DD6A3AE1090FDB2B4CBAFA69AF9AE6A925856F150E5028EB789
                                                                                                                                    SHA-512:C165342A66892F59393315EAF5C939D7DACCDFBE203C17019C70EAC36EB3CAEAD85E8FA4770A71AAB49EEC3279E719E197E08DA5F65C9D167803082D434E2407
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= msiexec.exe /i "Payload\systemsoftware.msi" /qn REBOOT=ReallySuppress..[Regular]..1= msiexec.exe /i "Payload\systemsoftware.msi" /qn REBOOT=ReallySuppress..[FreshInstall]..1= msiexec.exe /i "Payload\systemsoftware.msi"..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by se

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DSS\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2288
                                                                                                                                    Entropy (8bit):5.429080169604951
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:PgMQgsgiPh1A+n9GBEQD9yfJaktNIUK0HIhuoBrD63vL/Mv04aiTB/X2+hIqU8Hr:PM/9hi+nAEBL7uhuo2LmlRTB/2PBLhuN
                                                                                                                                    MD5:C99D42DFE54733D43197DE4816FCC90D
                                                                                                                                    SHA1:CFC0B3982161388AE251A1FDABC2901D751FD553
                                                                                                                                    SHA-256:9B9431230E211DD6A3AE1090FDB2B4CBAFA69AF9AE6A925856F150E5028EB789
                                                                                                                                    SHA-512:C165342A66892F59393315EAF5C939D7DACCDFBE203C17019C70EAC36EB3CAEAD85E8FA4770A71AAB49EEC3279E719E197E08DA5F65C9D167803082D434E2407
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= msiexec.exe /i "Payload\systemsoftware.msi" /qn REBOOT=ReallySuppress..[Regular]..1= msiexec.exe /i "Payload\systemsoftware.msi" /qn REBOOT=ReallySuppress..[FreshInstall]..1= msiexec.exe /i "Payload\systemsoftware.msi"..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by se

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DSS\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.800010777676645
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCy3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8IhhtKLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:C03B18D471C3F970862B6486EE7C14BF
                                                                                                                                    SHA1:5FA98F1800326169358C134C59B5408C1445EB6C
                                                                                                                                    SHA-256:5330236F5C9A46C8209AE9F79F03D2693B579B860C0BD9FF638D58D3A061CE3C
                                                                                                                                    SHA-512:2827C48DACE451F2890D9B913E260A2A81A6B8C6971CE06C7AEBF5980EF4A377B53F4C514BD4EAC6E7515195C6B073F14D2EA47401E04A261A0CB41DD1EE24FB
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="300">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DSS\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DU_Bradbury\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):184
                                                                                                                                    Entropy (8bit):5.176193515088442
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFzm4Em/X5BxedUl1NYFykvVckhFdVBsSk/X5BxedUl1NYyov:/QZgF1/XJedi1NYckSkhFrBU/XJedi1W
                                                                                                                                    MD5:2646831D271367827A161DD79D8D9A74
                                                                                                                                    SHA1:211050491717E24E8E70189CDA8C1E3DAE2BBD30
                                                                                                                                    SHA-256:70A2EF9BC1880670720504809BD5D01983835C8F34704D76427B730EBBBE1422
                                                                                                                                    SHA-512:BE422865974A153FB853FDB5179F164BBB15C00663578BE9196F43C73930BAFDFB7BD783A11455C7E7E45A2A64E7DE35B30DD81AFCC72F588630293A48CDBAB3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 107175..data = {4521E517-FDD7-4FB6-88D5-81739D052A30} ..pkgtype = APAC....[Version]..method = MSI..data = {4521E517-FDD7-4FB6-88D5-81739D052A30}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DU_Bradbury\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):184
                                                                                                                                    Entropy (8bit):5.176193515088442
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFzm4Em/X5BxedUl1NYFykvVckhFdVBsSk/X5BxedUl1NYyov:/QZgF1/XJedi1NYckSkhFrBU/XJedi1W
                                                                                                                                    MD5:2646831D271367827A161DD79D8D9A74
                                                                                                                                    SHA1:211050491717E24E8E70189CDA8C1E3DAE2BBD30
                                                                                                                                    SHA-256:70A2EF9BC1880670720504809BD5D01983835C8F34704D76427B730EBBBE1422
                                                                                                                                    SHA-512:BE422865974A153FB853FDB5179F164BBB15C00663578BE9196F43C73930BAFDFB7BD783A11455C7E7E45A2A64E7DE35B30DD81AFCC72F588630293A48CDBAB3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 107175..data = {4521E517-FDD7-4FB6-88D5-81739D052A30} ..pkgtype = APAC....[Version]..method = MSI..data = {4521E517-FDD7-4FB6-88D5-81739D052A30}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DU_Bradbury\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5820e\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1076
                                                                                                                                    Entropy (8bit):5.4054891735025326
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+KLguFNvpMMvpZGSLyoFFNavzM9oQBGAXlo+hzEqzMl5YGNvpYFpG1:hdHvpMMvpZSoFaiTB/X2+hIqUK8vpYO1
                                                                                                                                    MD5:B30DEABDC531AD4472B59435BC8024A1
                                                                                                                                    SHA1:AD095464A898110634EBF3806475D5D407E4B048
                                                                                                                                    SHA-256:33AC1D07B94F112E1ACB0FD21C48D4B7F33FBF432ECA4A8A6AE8D08F73180076
                                                                                                                                    SHA-512:1D7F1C51A348742E32E1AE6E8E3E3627994521A167E16EB5CC7E02E458734FE9595ED94384D6B150A24A206808620853619F039C590FE290AE4B370EBA9E2BAB
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -k..[Regular]..1= Payload\Setup.exe -s -k..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\DW5820e\Version;Version..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\DW5820e\Version;DisplayName..PkgType = DRVR..ComponentID=107418......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables..;eg ..;Data = %windir%\system32\dcomcnfg.exe..;if Method is MSI the Data should hold product ID like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}..;..;If Method is Reg Data should hold complete Registry path followed by semicolan and data name....Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\DW5820e\Version;Version

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5820e\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1076
                                                                                                                                    Entropy (8bit):5.4054891735025326
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+KLguFNvpMMvpZGSLyoFFNavzM9oQBGAXlo+hzEqzMl5YGNvpYFpG1:hdHvpMMvpZSoFaiTB/X2+hIqUK8vpYO1
                                                                                                                                    MD5:B30DEABDC531AD4472B59435BC8024A1
                                                                                                                                    SHA1:AD095464A898110634EBF3806475D5D407E4B048
                                                                                                                                    SHA-256:33AC1D07B94F112E1ACB0FD21C48D4B7F33FBF432ECA4A8A6AE8D08F73180076
                                                                                                                                    SHA-512:1D7F1C51A348742E32E1AE6E8E3E3627994521A167E16EB5CC7E02E458734FE9595ED94384D6B150A24A206808620853619F039C590FE290AE4B370EBA9E2BAB
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -k..[Regular]..1= Payload\Setup.exe -s -k..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\DW5820e\Version;Version..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\DW5820e\Version;DisplayName..PkgType = DRVR..ComponentID=107418......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables..;eg ..;Data = %windir%\system32\dcomcnfg.exe..;if Method is MSI the Data should hold product ID like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}..;..;If Method is Reg Data should hold complete Registry path followed by semicolan and data name....Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\DW5820e\Version;Version

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5820e\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1488
                                                                                                                                    Entropy (8bit):4.787060074000364
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCy3Ke+KLtr3M/aI3/SP:IQ8IhhtKLtzM/aI3w
                                                                                                                                    MD5:0AD3040C519FB22EABC7EAE87F759E9B
                                                                                                                                    SHA1:AE273B890F15784FDBD2AA2D65BC40F7235DB511
                                                                                                                                    SHA-256:625151F85603FD40250D81F9AA9293E1FB56D6AEEBC7FB51265382BCBFE9A9AC
                                                                                                                                    SHA-512:BA19BA05F110AB19761042B86F6DBA8039AEAF411A185A3E03EBAB497C74C491ECB2461C0A71D766CC487EED940B8C91C22E8A0B09C746C848B58FC06E60D684
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="300">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5820e\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5821e\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1112
                                                                                                                                    Entropy (8bit):5.438587142628192
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+KLguFNC0Z1MC0ZGGSkuFNavzM9oQBGAXlo+hzEqzMl5YGNC0ZrFpG1:hdH7Z1M7ZGtaiTB/X2+hIqUK87ZrO1
                                                                                                                                    MD5:9FA625E46FDB1ED79C98779278BDBACC
                                                                                                                                    SHA1:8C18B719C04B5F56B42B9C8E81DA13E790FB16DE
                                                                                                                                    SHA-256:6AE3FD2925B661028D436FDF39DF527D6B2AA4D6C678E4D45F8FE1CC28C60A29
                                                                                                                                    SHA-512:823EBFC3EE39A77666DAF14ACC5843DB8DD72BE452C96F5CD19FB07075586FEE30EB45EF37A0B7899212B4475BDC14A0EEE2205FA7AA5D0920EFC6D6FD22938F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -k..[Regular]..1= Payload\Setup.exe -s -k..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\DW5821e\Version;Version..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\DW5821e\Version;DisplayName..PkgType = DRVR..ComponentID=107436......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables..;eg ..;Data = %windir%\system32\dcomcnfg.exe..;if Method is MSI the Data should hold product ID like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}..;..;If Method is Reg Data should hold complete Registry path followed by semicolan and data name....Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Dell\ManageableU

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5821e\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1112
                                                                                                                                    Entropy (8bit):5.438587142628192
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+KLguFNC0Z1MC0ZGGSkuFNavzM9oQBGAXlo+hzEqzMl5YGNC0ZrFpG1:hdH7Z1M7ZGtaiTB/X2+hIqUK87ZrO1
                                                                                                                                    MD5:9FA625E46FDB1ED79C98779278BDBACC
                                                                                                                                    SHA1:8C18B719C04B5F56B42B9C8E81DA13E790FB16DE
                                                                                                                                    SHA-256:6AE3FD2925B661028D436FDF39DF527D6B2AA4D6C678E4D45F8FE1CC28C60A29
                                                                                                                                    SHA-512:823EBFC3EE39A77666DAF14ACC5843DB8DD72BE452C96F5CD19FB07075586FEE30EB45EF37A0B7899212B4475BDC14A0EEE2205FA7AA5D0920EFC6D6FD22938F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -k..[Regular]..1= Payload\Setup.exe -s -k..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\DW5821e\Version;Version..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\DW5821e\Version;DisplayName..PkgType = DRVR..ComponentID=107436......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables..;eg ..;Data = %windir%\system32\dcomcnfg.exe..;if Method is MSI the Data should hold product ID like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}..;..;If Method is Reg Data should hold complete Registry path followed by semicolan and data name....Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Dell\ManageableU

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5821e\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1488
                                                                                                                                    Entropy (8bit):4.787060074000364
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCy3Ke+KLtr3M/aI3/SP:IQ8IhhtKLtzM/aI3w
                                                                                                                                    MD5:0AD3040C519FB22EABC7EAE87F759E9B
                                                                                                                                    SHA1:AE273B890F15784FDBD2AA2D65BC40F7235DB511
                                                                                                                                    SHA-256:625151F85603FD40250D81F9AA9293E1FB56D6AEEBC7FB51265382BCBFE9A9AC
                                                                                                                                    SHA-512:BA19BA05F110AB19761042B86F6DBA8039AEAF411A185A3E03EBAB497C74C491ECB2461C0A71D766CC487EED940B8C91C22E8A0B09C746C848B58FC06E60D684
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="300">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5821e\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5821e_CM\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):657
                                                                                                                                    Entropy (8bit):5.486184972624501
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pbz+NLe0ZNg/YfJv3CaULe0ZNg/OCgm7z+NLe0ZNg/Up:+C5r85vSmNC0ZUYv3MC0ZUOZmuNC0ZUY
                                                                                                                                    MD5:2150DE3385BEABEE250B2B6AB42B15C3
                                                                                                                                    SHA1:638E6D16F6147CBEB5C83342CD149BCFCA8B455F
                                                                                                                                    SHA-256:255C73C5CDD401FBCCA435C88396CE5BC794418E90B5C8C4D149C16031CD9CA1
                                                                                                                                    SHA-512:EA6A829BFE76F5F071435FBE332BFB94B331C6BB42079C8852E906BF4BDD5BE11851CFFCFD1A1F10947120D34C108931DBD8435EC1CDEC0B54803BDDE8485507
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\DW5821e_CM\Version;Version..ComponentID = 107698..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\DW5821e_CM\Version;DisplayName..pkgtype = APAC......[Version]....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\DW5821e_CM\Version;Version....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5821e_CM\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):657
                                                                                                                                    Entropy (8bit):5.486184972624501
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pbz+NLe0ZNg/YfJv3CaULe0ZNg/OCgm7z+NLe0ZNg/Up:+C5r85vSmNC0ZUYv3MC0ZUOZmuNC0ZUY
                                                                                                                                    MD5:2150DE3385BEABEE250B2B6AB42B15C3
                                                                                                                                    SHA1:638E6D16F6147CBEB5C83342CD149BCFCA8B455F
                                                                                                                                    SHA-256:255C73C5CDD401FBCCA435C88396CE5BC794418E90B5C8C4D149C16031CD9CA1
                                                                                                                                    SHA-512:EA6A829BFE76F5F071435FBE332BFB94B331C6BB42079C8852E906BF4BDD5BE11851CFFCFD1A1F10947120D34C108931DBD8435EC1CDEC0B54803BDDE8485507
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\DW5821e_CM\Version;Version..ComponentID = 107698..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\DW5821e_CM\Version;DisplayName..pkgtype = APAC......[Version]....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\DW5821e_CM\Version;Version....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5821e_CM\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5821e_CM\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5821e_GNSS_Manager\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):684
                                                                                                                                    Entropy (8bit):5.4811266388576865
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pbz+NLe0ZNglpKZ5CaULe0ZNglpKTCgm7z+NLe0ZNglG:+C5r85vSmNC0ZVMC0ZFZmuNC0ZkFpG5
                                                                                                                                    MD5:CC8064AC67E8E283BB05B7FCA70E7371
                                                                                                                                    SHA1:79178F02D1BC3F93C4EF9346031FA5A9295D7B48
                                                                                                                                    SHA-256:F8C78E319E483E8B1FFF520EF7C601A61FB205D832D8B1B28414DCC699395720
                                                                                                                                    SHA-512:340ABA42EB8A44FEA8EE7322087FCB0739491D5DB91149294629936F12B535DA715B3BF8DBF61F7DF2152FDB83A26D32E5BB9A03E213E399A48AA0585D646BDD
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\DW5821e_GNSSManager\Version;Version..ComponentID = 108075..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\DW5821e_GNSSManager\Version;DisplayName..pkgtype = APAC......[Version]....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\DW5821e_GNSSManager\Version;Version....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5821e_GNSS_Manager\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):684
                                                                                                                                    Entropy (8bit):5.4811266388576865
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pbz+NLe0ZNglpKZ5CaULe0ZNglpKTCgm7z+NLe0ZNglG:+C5r85vSmNC0ZVMC0ZFZmuNC0ZkFpG5
                                                                                                                                    MD5:CC8064AC67E8E283BB05B7FCA70E7371
                                                                                                                                    SHA1:79178F02D1BC3F93C4EF9346031FA5A9295D7B48
                                                                                                                                    SHA-256:F8C78E319E483E8B1FFF520EF7C601A61FB205D832D8B1B28414DCC699395720
                                                                                                                                    SHA-512:340ABA42EB8A44FEA8EE7322087FCB0739491D5DB91149294629936F12B535DA715B3BF8DBF61F7DF2152FDB83A26D32E5BB9A03E213E399A48AA0585D646BDD
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\DW5821e_GNSSManager\Version;Version..ComponentID = 108075..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\DW5821e_GNSSManager\Version;DisplayName..pkgtype = APAC......[Version]....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\DW5821e_GNSSManager\Version;Version....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5821e_GNSS_Manager\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5821e_GNSS_Manager\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5822e\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):427
                                                                                                                                    Entropy (8bit):5.3563679996869835
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pA08IcGM/QCKSKw08IcGM/QCiFsq+pG5:+C5r85vSaIVyKSbIVyZFpG5
                                                                                                                                    MD5:798D00469FFE754912F662D6662EFFFC
                                                                                                                                    SHA1:8317B661C747321FF981D19BA0E12883F99B61DB
                                                                                                                                    SHA-256:D1714A25E7B1F169822D79F2FA0788A53392E9C04DFC15B6B74C12898EAB2329
                                                                                                                                    SHA-512:483064980261D8F4AC6C28D927DC5CA65BD9E73A4A02FD2833E972A9BB47D4748122F03D04B6DCE940AF863EB1BB9D07455AEA8061E6D27B3BBBC211E9B17EA5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]......Method = MSI..Data = {882B7D7B-4A11-449E-800D-B11DEA2E5122}..PkgType = DRVR..ComponentID=17011......[Version]....Method = MSI..Data = {882B7D7B-4A11-449E-800D-B11DEA2E5122}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5822e\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):427
                                                                                                                                    Entropy (8bit):5.3563679996869835
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pA08IcGM/QCKSKw08IcGM/QCiFsq+pG5:+C5r85vSaIVyKSbIVyZFpG5
                                                                                                                                    MD5:798D00469FFE754912F662D6662EFFFC
                                                                                                                                    SHA1:8317B661C747321FF981D19BA0E12883F99B61DB
                                                                                                                                    SHA-256:D1714A25E7B1F169822D79F2FA0788A53392E9C04DFC15B6B74C12898EAB2329
                                                                                                                                    SHA-512:483064980261D8F4AC6C28D927DC5CA65BD9E73A4A02FD2833E972A9BB47D4748122F03D04B6DCE940AF863EB1BB9D07455AEA8061E6D27B3BBBC211E9B17EA5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]......Method = MSI..Data = {882B7D7B-4A11-449E-800D-B11DEA2E5122}..PkgType = DRVR..ComponentID=17011......[Version]....Method = MSI..Data = {882B7D7B-4A11-449E-800D-B11DEA2E5122}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5822e\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DW5822e\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DellFreeFall\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):540
                                                                                                                                    Entropy (8bit):5.508447323111134
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:tpdeRX6hHtpv4nALigibXJECaULMVjphACrWnt0mL+3zc6VV:tv4X6hH2A61EMIVdmOW/Yzc+V
                                                                                                                                    MD5:6BC3D6193CA473CCBE50347A9432E356
                                                                                                                                    SHA1:ABF6D86FC32F81B6ACE97F2DCCC2A0270DB5F28B
                                                                                                                                    SHA-256:B2A24C638974E8ECF3FE8586888F8193EE38C30005E5BEEBE2E487EFEF533465
                                                                                                                                    SHA-512:0300A8BB2F3B7CAAF272FB5E14D99A8730FAFF7AD8DE5AC49D32B1751C477F5BA7FB11878EE14514AA6B60C7F36B647776DAA2A18AD72DE2A5B247806AC12616
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..[Scan]....;Scan the Registry to obtain the installation status and Display name of the driver.....Method = Reg..PkgType = DRVR..Data=HKEY_LOCAL_MACHINE\SOFTWARE\ManageableUpdatePackage\STMicroelectronicsFFP;default..ComponentID = 22031..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{87434D51-51DB-4109-B68F-A829ECDCF380};DisplayName....[Version]....;Needed to extract Version from the Registry.....Method = REG..Data=HKEY_LOCAL_MACHINE\SOFTWARE\STMicroelectronics\FreeFallProtection;ff_protection..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DellFreeFall\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):577
                                                                                                                                    Entropy (8bit):5.544290815123231
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:BdeRX6hHtpv4nALeJgibXJECaULetVjphACrWnt0mLeUSzc6VV:X4X6hH2ACn1EMCtVdmOW/CVzc+V
                                                                                                                                    MD5:66689ECE542FA5810B5DC7F1888750B7
                                                                                                                                    SHA1:D51A0AE09415C42333C040E725EDC75CCD78812E
                                                                                                                                    SHA-256:9780428F4A93693AAD00F8FF2CA29E0175B1225F19D2C1FA9659F6AA286C850E
                                                                                                                                    SHA-512:F09FD67676EAB205790FEA64F0A2C180C688267BE8379C07FBD397A8A04036745229955B47CFA33238D4ADA2CD57EDEB0F32CDCEC49287214BD1CEC613173EC4
                                                                                                                                    Malicious:false
                                                                                                                                    Preview: ..[Scan]....;Scan the Registry to obtain the installation status and Display name of the driver.....Method = Reg..PkgType = DRVR..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ManageableUpdatePackage\STMicroelectronicsFFP;default..ComponentID = 22031..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{87434D51-51DB-4109-B68F-A829ECDCF380};DisplayName....[Version]....;Needed to extract Version from the Registry.....Method = REG..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\STMicroelectronics\FreeFallProtection;ff_protection..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DellFreeFall\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DellFreeFall\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DellFreeFall_X4\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):554
                                                                                                                                    Entropy (8bit):5.472735320883887
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:tpdeRX6hHtpv4nALigiHfXJECaULMVjo9GrXCrWnt0mLqGZ:tv4X6hH2A6HREMIVM9GrXOW/GGZ
                                                                                                                                    MD5:AB58A4FB2EC4B98FF542EF0D7883E5FA
                                                                                                                                    SHA1:A73D6AADCD6198976AE5B2DEB55422A28AFED08D
                                                                                                                                    SHA-256:B8CF0A003EAE35766A8B2D94CB6419DDF9D0AD31165769223F4642A8C3B1FBB6
                                                                                                                                    SHA-512:21E152FD959E01DCFCBCA46963C936A6C9052F5B49CDBDF5BD00D1ABBF3D9A33C9E0C905AED5721394EBC33BC6C5654DCA1FEE1A56CA4B77C009528289FE90EB
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..[Scan]....;Scan the Registry to obtain the installation status and Display name of the driver.....Method = Reg..PkgType = DRVR..Data=HKEY_LOCAL_MACHINE\SOFTWARE\ManageableUpdatePackage\STMicroelectronicsAccel;default..ComponentID = 22031..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31};DisplayName....[Version]....;Needed to extract Version from the Registry.....Method = REG..Data=HKEY_LOCAL_MACHINE\SOFTWARE\ST Microelectronics\3AxisDigitalAccelerometer;ff_protection_app..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DellFreeFall_X4\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):564
                                                                                                                                    Entropy (8bit):5.495596855787725
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:cdeRX6hHtpv4nALigiHfXJECaULetVjo9GrXCrWnt0mLqGZ:04X6hH2A6HREMCtVM9GrXOW/GGZ
                                                                                                                                    MD5:24FCFE82528EA376058FA9CA555BF4FA
                                                                                                                                    SHA1:2604AB9747609DB229A09044EBC45C04F8AE43CF
                                                                                                                                    SHA-256:214D6291EEFDE3AE002B4E30B024C2192FAC2A2951C3CE1C5A37421C76829B56
                                                                                                                                    SHA-512:1BDC763C047D63C7FBA93415A8770E3911D1B843E681C487E2F342233D02F13BFA65185C99E1A5041BFE042501B5ABEC47A56905196332EAE1CD16308B88C843
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]....;Scan the Registry to obtain the installation status and Display name of the driver.....Method = Reg..PkgType = DRVR..Data=HKEY_LOCAL_MACHINE\SOFTWARE\ManageableUpdatePackage\STMicroelectronicsAccel;default..ComponentID = 22031..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31};DisplayName....[Version]....;Needed to extract Version from the Registry.....Method = REG..Data=HKEY_LOCAL_MACHINE\SOFTWARE\ST Microelectronics\3AxisDigitalAccelerometer;ff_protection_app..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DellFreeFall_X4\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DellFreeFall_X4\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DellFreeFall_X5\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):595
                                                                                                                                    Entropy (8bit):5.530599734306479
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:tpdeRX6hHtpv4nALMVjo9GrXdXJECaULMVjo9GrXCrWnt0mLqGZ:tv4X6hH2AIVM9GrXbEMIVM9GrXOW/GGZ
                                                                                                                                    MD5:8751D915AE92329F1476DDCF38119FAE
                                                                                                                                    SHA1:28CE82818C6B335F577BE3A35DB15541A7EEB261
                                                                                                                                    SHA-256:1A02847D85B4ECC793B6D28DBB798698DEFDA65816A781F56B82D817B4D051AB
                                                                                                                                    SHA-512:F5973715BF16F4EF8FAA54FB71DEDAA0279C95FD171D4EFB4A4BE27798C56C36A4A3B8ABE625C728355299D52144972638755BF94BF232ABEB990F07073E777C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..[Scan]....;Scan the Registry to obtain the installation status and Display name of the driver.....Method = Reg..PkgType = DRVR..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31};DisplayVersion..ComponentID = 22031..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31};DisplayName....[Version]....;Needed to extract Version from the Registry.....Method = REG..Data=HKEY_LOCAL_MACHINE\SOFTWARE\ST Microelectronics\3AxisDigitalAccelerometer;ff_protection_app..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DellFreeFall_X5\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):619
                                                                                                                                    Entropy (8bit):5.555063249039144
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:tpdeRX6hHtpv4nALetVjo9GrXdXJECaULetVjo9GrXCrWnt0mLqGZ:tv4X6hH2ACtVM9GrXbEMCtVM9GrXOW/D
                                                                                                                                    MD5:EDA6FC0CC06B345B651429EF2583A3CA
                                                                                                                                    SHA1:3512546D4DAA6BC868EC88A335126C516B27EDF4
                                                                                                                                    SHA-256:31F1367F4AB8649094B7C867E477FF6E972ED6D748207CBCDDF74A98DE42DBF9
                                                                                                                                    SHA-512:DA894D4BFA4FAB4D4E749D89C444C5E53285881A803C9A51DD1C8ED3DAC85AD632E2C33ADE3A8F884B5FB7EC89C63951510019982EE43D492147078AEF07E624
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..[Scan]....;Scan the Registry to obtain the installation status and Display name of the driver.....Method = Reg..PkgType = DRVR..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31};DisplayVersion..ComponentID = 22031..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31};DisplayName....[Version]....;Needed to extract Version from the Registry.....Method = REG..Data=HKEY_LOCAL_MACHINE\SOFTWARE\ST Microelectronics\3AxisDigitalAccelerometer;ff_protection_app..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DellFreeFall_X5\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_Mobile_Connect\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):181
                                                                                                                                    Entropy (8bit):5.091303714442493
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFxvGFydki6UlErbVVjcVckhFdVBsSkFydki6UlErbVn:/QZgFxOFymPTXjkhFrBUFymPTd
                                                                                                                                    MD5:2CCB0600304A260C1934BBFCFB92EFC1
                                                                                                                                    SHA1:F15BE94983B84AD2AB76ED9B8A8ED75B809785D3
                                                                                                                                    SHA-256:7A94E0BFCEF76D49089C5396DB07215FBBC3FD6DAC246B778EFE8B72EAA008C0
                                                                                                                                    SHA-512:846D2CFBE0C9BD6F6E803E844D045370564E000D3F94647B748EEE9254555B0DE0E14EA2A169D28712736E959D7799DB6E631F2D00045932E850A00CEBC4D97E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106799..data = {2B90CCEC-88A0-496E-869A-6186B9527708}..pkgtype = APAC....[Version]..method = MSI..data = {2B90CCEC-88A0-496E-869A-6186B9527708}..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_Mobile_Connect\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):179
                                                                                                                                    Entropy (8bit):5.098969502280974
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFxvGFydki6UlErbVVjcVckhFdVBsSkFydki6UlErbY:/QZgFxOFymPTXjkhFrBUFymPTg
                                                                                                                                    MD5:E4D5C742B18D9E01FD7B20715A7EE69B
                                                                                                                                    SHA1:FDC129CE6FF51C157B7D8CE013FB637406D3C189
                                                                                                                                    SHA-256:B51F157AA27E0C8CEDF8E81CD7F9FB6C0648A763A29B3BF40725C7BCCE3D3867
                                                                                                                                    SHA-512:FFBDF3AE49D38D91E973A6C149880C8493057FEDA3D84B78311F87582F78E67E105C8AB27709150503546509D5376552BAC59F728300E5CFB507954E5EBDC324
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106799..data = {2B90CCEC-88A0-496E-869A-6186B9527708}..pkgtype = APAC....[Version]..method = MSI..data = {2B90CCEC-88A0-496E-869A-6186B9527708}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_Mobile_Connect\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_Power_Manager_Service\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.131370184403913
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFuUyRb+npVIn24jH9cVckhFdVBsSk+npVIn24jHwv:/QZgFupRbco24jH9khFrBUco24jHa
                                                                                                                                    MD5:18AD80D6CF0F05CDEDD9A26A44FE374A
                                                                                                                                    SHA1:09AA7279DB1644369CE2C3AFA27049DFBCA976D3
                                                                                                                                    SHA-256:C2EB3C0091195CA8FDC1592259C060D7B129ECC23FA672136091A246F4A28700
                                                                                                                                    SHA-512:92CAE179BE2647F68DB3B409E94564C555678676773E1D985C409FA70DDBFBC0B145256E59C66A749F5BC8F194AE3F61AFE5A979C5707A559FEB0E3CC5FA682D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106678..data = {99E3774C-4CD9-46D4-86DB-4F82F3867BFD}..pkgtype = APAC....[Version]..method = MSI..data = {99E3774C-4CD9-46D4-86DB-4F82F3867BFD}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_Power_Manager_Service\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.131370184403913
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFuUyRb+npVIn24jH9cVckhFdVBsSk+npVIn24jHwv:/QZgFupRbco24jH9khFrBUco24jHa
                                                                                                                                    MD5:18AD80D6CF0F05CDEDD9A26A44FE374A
                                                                                                                                    SHA1:09AA7279DB1644369CE2C3AFA27049DFBCA976D3
                                                                                                                                    SHA-256:C2EB3C0091195CA8FDC1592259C060D7B129ECC23FA672136091A246F4A28700
                                                                                                                                    SHA-512:92CAE179BE2647F68DB3B409E94564C555678676773E1D985C409FA70DDBFBC0B145256E59C66A749F5BC8F194AE3F61AFE5A979C5707A559FEB0E3CC5FA682D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106678..data = {99E3774C-4CD9-46D4-86DB-4F82F3867BFD}..pkgtype = APAC....[Version]..method = MSI..data = {99E3774C-4CD9-46D4-86DB-4F82F3867BFD}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_Power_Manager_Service\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_Proximity_Sensor\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.191231487367756
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFAmPn0j5CwQoRdSUYylcVckhFdVBsSkPn0j5CwQoRdSUYyov:/QZgFHPn4RRQWkhFrBUPn4RRQdv
                                                                                                                                    MD5:F67DF95DDF24FB43F1EECA3F5DF9DD6D
                                                                                                                                    SHA1:C8A8B5BB2C2F6E3D4937D42C2AFAD64A2C6EC8A9
                                                                                                                                    SHA-256:3D0BDD4EA38700A699007AF0CB0A2615E197C83B0F0C376797757C4445D92898
                                                                                                                                    SHA-512:67F33F1D6DE42A2B65902CB9B68145719C2D37DBBA3DF25882ED60D7D35BFB13811509E1C5034B543FDD2017F54827E6B638CB588666C933D2949B9DF98033E7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 108507..data = {01B66906-5F17-4927-A29B-4E53402D4871}..pkgtype = APAC....[Version]..method = MSI..data = {01B66906-5F17-4927-A29B-4E53402D4871}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_Proximity_Sensor\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.191231487367756
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFAmPn0j5CwQoRdSUYylcVckhFdVBsSkPn0j5CwQoRdSUYyov:/QZgFHPn4RRQWkhFrBUPn4RRQdv
                                                                                                                                    MD5:F67DF95DDF24FB43F1EECA3F5DF9DD6D
                                                                                                                                    SHA1:C8A8B5BB2C2F6E3D4937D42C2AFAD64A2C6EC8A9
                                                                                                                                    SHA-256:3D0BDD4EA38700A699007AF0CB0A2615E197C83B0F0C376797757C4445D92898
                                                                                                                                    SHA-512:67F33F1D6DE42A2B65902CB9B68145719C2D37DBBA3DF25882ED60D7D35BFB13811509E1C5034B543FDD2017F54827E6B638CB588666C933D2949B9DF98033E7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 108507..data = {01B66906-5F17-4927-A29B-4E53402D4871}..pkgtype = APAC....[Version]..method = MSI..data = {01B66906-5F17-4927-A29B-4E53402D4871}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_Proximity_Sensor\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_SupportAssist_OS_Recovery\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):4.997890864293463
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GF+WyBkq8iVHEXygFdX9YyLRcVckhFdVBsSkq8iVHEXygFdX9Yyov:/QZgF+3G7iVHEX/FQ8xkhFrBU7iVHEXO
                                                                                                                                    MD5:30ADB07A0805110DA17CE60E6AF71110
                                                                                                                                    SHA1:FF9A63E08B6BC6659768569F57C759395BE1B013
                                                                                                                                    SHA-256:59CAE6FC9232C10EA76760D1021800C335C3A796CA9DE5030473E09BB2FED1D9
                                                                                                                                    SHA-512:9C7318A7657B83EEA216506D35B6CB4A27BC92ED6186976501CEB8D9BEB165265F5B9B608911ED43C2F30DDFD0E56F370670DBD110DE8AF7A5C8EDA3ABF414D0
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104763..data = {2253caa0-0ba2-461c-a50e-fc18228ebadd}..pkgtype = APAC....[Version]..method = MSI..data = {2253caa0-0ba2-461c-a50e-fc18228ebadd}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_SupportAssist_OS_Recovery\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):4.997890864293463
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GF+WyBkq8iVHEXygFdX9YyLRcVckhFdVBsSkq8iVHEXygFdX9Yyov:/QZgF+3G7iVHEX/FQ8xkhFrBU7iVHEXO
                                                                                                                                    MD5:30ADB07A0805110DA17CE60E6AF71110
                                                                                                                                    SHA1:FF9A63E08B6BC6659768569F57C759395BE1B013
                                                                                                                                    SHA-256:59CAE6FC9232C10EA76760D1021800C335C3A796CA9DE5030473E09BB2FED1D9
                                                                                                                                    SHA-512:9C7318A7657B83EEA216506D35B6CB4A27BC92ED6186976501CEB8D9BEB165265F5B9B608911ED43C2F30DDFD0E56F370670DBD110DE8AF7A5C8EDA3ABF414D0
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104763..data = {2253caa0-0ba2-461c-a50e-fc18228ebadd}..pkgtype = APAC....[Version]..method = MSI..data = {2253caa0-0ba2-461c-a50e-fc18228ebadd}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_SupportAssist_OS_Recovery\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_Touch_Firmware\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):424
                                                                                                                                    Entropy (8bit):5.335090961834615
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:Cx+bz+NLTpNgJeLn3ECaULTpNgJtNTz+NLTpNgJeLBFsq+pG5:+vNvp5L3EMvpYNGNvp5LYFpG5
                                                                                                                                    MD5:86943C6C0A00F6715E195AE1090B0743
                                                                                                                                    SHA1:F8D2F07464218F1CCD99DF109574EC09064DA9EA
                                                                                                                                    SHA-256:67A945ACCB6C4021BB7E7CEEB027AAE6BF346E6870525869F092081C0A6AD623
                                                                                                                                    SHA-512:033B63DA02AA5C9169B255138F3A49E87BF30D0CA365968587FC2DDFA73C0DE0B1C33F0291C5B46DF0871FAE1FD77BAF74C30D506AE4CE79E39A523DDD7BD8B5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File.. ..[Scan]....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Wacom\Version\;..ComponentID = 105192..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Wacom\Display\;....[Version].. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Wacom\Version\;....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_Touch_Firmware\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):424
                                                                                                                                    Entropy (8bit):5.335090961834615
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:Cx+bz+NLTpNgJeLn3ECaULTpNgJtNTz+NLTpNgJeLBFsq+pG5:+vNvp5L3EMvpYNGNvp5LYFpG5
                                                                                                                                    MD5:86943C6C0A00F6715E195AE1090B0743
                                                                                                                                    SHA1:F8D2F07464218F1CCD99DF109574EC09064DA9EA
                                                                                                                                    SHA-256:67A945ACCB6C4021BB7E7CEEB027AAE6BF346E6870525869F092081C0A6AD623
                                                                                                                                    SHA-512:033B63DA02AA5C9169B255138F3A49E87BF30D0CA365968587FC2DDFA73C0DE0B1C33F0291C5B46DF0871FAE1FD77BAF74C30D506AE4CE79E39A523DDD7BD8B5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File.. ..[Scan]....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Wacom\Version\;..ComponentID = 105192..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Wacom\Display\;....[Version].. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Wacom\Version\;....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_Touch_Firmware\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_USB_Recovery_Tool\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):184
                                                                                                                                    Entropy (8bit):5.029631670608904
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFl4vB4bcQHWgwHW9cVckhFdVBsSkcQHWgwHP:/QZgF6vCbYgGekhFrBUYgGP
                                                                                                                                    MD5:DCC79552AB3C7669338207FCF6ADCAD6
                                                                                                                                    SHA1:741D345C9906386C692D43598DD7CEB01AA4334E
                                                                                                                                    SHA-256:4076608AA9F588D39354F6FEAB389232A619A497F4EA9A8A981E0CA9E553E231
                                                                                                                                    SHA-512:8DD3DAFA8E06CEE64D304514BA551093E8BDC6A0A0358E6C90DC0AE32D1D4B2DF705890DB42301D4A57D56743144B99AE7EA0ACA73577BB67A5A3E53B6FE48A9
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106822..data = {6e96d535-1603-435b-bfde-95848ea93cae}..pkgtype = APAC....[Version]..method = MSI..data = {6e96d535-1603-435b-bfde-95848ea93cae} ....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_USB_Recovery_Tool\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):184
                                                                                                                                    Entropy (8bit):5.029631670608904
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFl4vB4bcQHWgwHW9cVckhFdVBsSkcQHWgwHP:/QZgF6vCbYgGekhFrBUYgGP
                                                                                                                                    MD5:DCC79552AB3C7669338207FCF6ADCAD6
                                                                                                                                    SHA1:741D345C9906386C692D43598DD7CEB01AA4334E
                                                                                                                                    SHA-256:4076608AA9F588D39354F6FEAB389232A619A497F4EA9A8A981E0CA9E553E231
                                                                                                                                    SHA-512:8DD3DAFA8E06CEE64D304514BA551093E8BDC6A0A0358E6C90DC0AE32D1D4B2DF705890DB42301D4A57D56743144B99AE7EA0ACA73577BB67A5A3E53B6FE48A9
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106822..data = {6e96d535-1603-435b-bfde-95848ea93cae}..pkgtype = APAC....[Version]..method = MSI..data = {6e96d535-1603-435b-bfde-95848ea93cae} ....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_USB_Recovery_Tool\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_quickset\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):179
                                                                                                                                    Entropy (8bit):5.156130149220787
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFiEdUp8jXIPSV9jY8RcVckhFdVBsSkUp8jXIPSV9jYn:/QZgFd/cCVxkhFrBU/cCY
                                                                                                                                    MD5:7310FEB29D5CFAE5986CB90124DAC077
                                                                                                                                    SHA1:968B9A45C429C33DF053F5AEC783FA0CD65DBF5D
                                                                                                                                    SHA-256:6452AB6C168CC3AB94C6F5D3740821365BEC7D888F27B0EDC9A426F5F323599D
                                                                                                                                    SHA-512:3C83433BF2F156709DCC3B18196355BA4C3F4AAA7C3C12F11103ADD18A6BD899E1CC28F2671C5838BFDF68650CCC8BA2BBD25720EDD046B69D47B066A9A8097C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106169..data = {8254EBD8-F293-4F91-9024-48A95C48EC24}..pkgtype = APAC....[Version]..method = MSI..data = {8254EBD8-F293-4F91-9024-48A95C48EC24}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_quickset\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):179
                                                                                                                                    Entropy (8bit):5.156130149220787
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFiEdUp8jXIPSV9jY8RcVckhFdVBsSkUp8jXIPSV9jYn:/QZgFd/cCVxkhFrBU/cCY
                                                                                                                                    MD5:7310FEB29D5CFAE5986CB90124DAC077
                                                                                                                                    SHA1:968B9A45C429C33DF053F5AEC783FA0CD65DBF5D
                                                                                                                                    SHA-256:6452AB6C168CC3AB94C6F5D3740821365BEC7D888F27B0EDC9A426F5F323599D
                                                                                                                                    SHA-512:3C83433BF2F156709DCC3B18196355BA4C3F4AAA7C3C12F11103ADD18A6BD899E1CC28F2671C5838BFDF68650CCC8BA2BBD25720EDD046B69D47B066A9A8097C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106169..data = {8254EBD8-F293-4F91-9024-48A95C48EC24}..pkgtype = APAC....[Version]..method = MSI..data = {8254EBD8-F293-4F91-9024-48A95C48EC24}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Dell_quickset\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DisplayLink_Dock_Driver\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):181
                                                                                                                                    Entropy (8bit):5.176402246922693
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFpSm/gmwwIc8Xx1hTTyozRcVBIdVBsSk/gmwwIc8Xx1hTTyov:/QZgFpN/cTnp7zJrBU/cTnp7v
                                                                                                                                    MD5:272E7E7ED2F1FD03914CBC9A3C34361F
                                                                                                                                    SHA1:5A2DC873DD50B1A5094DA3D68D113694E33FF47C
                                                                                                                                    SHA-256:BE8B13A562EE23D73BE7E964D960BAB804BBC6C969BB90660CE2BC85A1CAB6A7
                                                                                                                                    SHA-512:E3F6DA7083650C2AE6213EB1920E73EC0725C50684C6BB7F358DB5050BBF997CFEE1BF5FF5078EB452EF679A3EB7803F11ADB8E812E329162CAA53759F68B44F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104095..data = {0AECE230-D5D2-4880-B3ED-F23905ED66A9}..pkgtype = DRVR....[Version]..method = MSI..data = {0AECE230-D5D2-4880-B3ED-F23905ED66A9}..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DisplayLink_Dock_Driver\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.166392675765801
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFpSm/gmwwIc8Xx1hTTyozRcVBIdVBsSk/gmwwIc8Xx1hTTyowvn:/QZgFpN/cTnp7zJrBU/cTnp7wvn
                                                                                                                                    MD5:5DD4F202ECA429C6E33F240290B0ACDB
                                                                                                                                    SHA1:DD84206531A0F23A6D499EB20F5EC482F0A33C3A
                                                                                                                                    SHA-256:03B12DB2F2FF392DDB11674EB53919A813898C28D660E9AEE3A223969BE4D757
                                                                                                                                    SHA-512:70104F9AB096DDF8A4780D85508CA6B7F57B8ECAD7410117EACA5A040DDDD84E5AFC20EA3C45831C56B98D74AA50090C26EF61C1BD0D36633B35460AAA3B2BF3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104095..data = {0AECE230-D5D2-4880-B3ED-F23905ED66A9}..pkgtype = DRVR....[Version]..method = MSI..data = {0AECE230-D5D2-4880-B3ED-F23905ED66A9}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DisplayLink_Dock_Driver\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_MSI\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1068
                                                                                                                                    Entropy (8bit):5.466864225122598
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+AB2GBu2FNavzM9oQBGAXlo+hzEqzMl52FNIVLuoBHZ3YFpG5:iz2aiTB/X2+hIqU8HIhuoBJYO5
                                                                                                                                    MD5:427D5F9142406E997BE86DA0395804A5
                                                                                                                                    SHA1:3ACEEAB961F1852E084A7E61171DB31B5A19E0A2
                                                                                                                                    SHA-256:B89D9FA4B4D8290851C7024B80560BA98F1A96BC8846ED10E2B99277B2CE027C
                                                                                                                                    SHA-512:3EE6C99C7BE3847ADD4B72D30FB8DEC2686E329DE2AC395AD7D2B05AF8359FEECD9575EA841311A28E0794F5D0D543CD6C77E5EBA8AE693928E49B19F45FA289
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe REBOOT=ReallySuppress /qn /quiet..[Regular]..1= Payload\Setup.exe REBOOT=ReallySuppress /qn /quiet..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = PCI....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables..;eg ..;Data = %windir%\system32\dcomcnfg.exe..;if Method is MSI the Data should hold product ID like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}..;..;If Method is Reg Data should hold complete Registry path followed by semicolan and data name..;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;..Method = MSI..Data = {FA026B12-71FB-4996-9B82-F64F70B06453}..Unsupported = {5368D82D-CAA5-48CC-9017-5BAAAB87591B}....;

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_MSI\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1068
                                                                                                                                    Entropy (8bit):5.466864225122598
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+AB2GBu2FNavzM9oQBGAXlo+hzEqzMl52FNIVLuoBHZ3YFpG5:iz2aiTB/X2+hIqU8HIhuoBJYO5
                                                                                                                                    MD5:427D5F9142406E997BE86DA0395804A5
                                                                                                                                    SHA1:3ACEEAB961F1852E084A7E61171DB31B5A19E0A2
                                                                                                                                    SHA-256:B89D9FA4B4D8290851C7024B80560BA98F1A96BC8846ED10E2B99277B2CE027C
                                                                                                                                    SHA-512:3EE6C99C7BE3847ADD4B72D30FB8DEC2686E329DE2AC395AD7D2B05AF8359FEECD9575EA841311A28E0794F5D0D543CD6C77E5EBA8AE693928E49B19F45FA289
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe REBOOT=ReallySuppress /qn /quiet..[Regular]..1= Payload\Setup.exe REBOOT=ReallySuppress /qn /quiet..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = PCI....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables..;eg ..;Data = %windir%\system32\dcomcnfg.exe..;if Method is MSI the Data should hold product ID like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}..;..;If Method is Reg Data should hold complete Registry path followed by semicolan and data name..;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;..Method = MSI..Data = {FA026B12-71FB-4996-9B82-F64F70B06453}..Unsupported = {5368D82D-CAA5-48CC-9017-5BAAAB87591B}....;

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_MSI\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1529
                                                                                                                                    Entropy (8bit):4.800644432987663
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCy3Ke+KLtr3M/aI3/zP:IQ8IhhtKLtzM/aI3b
                                                                                                                                    MD5:37F3ED70BC7353D8420E3DB113CAE27A
                                                                                                                                    SHA1:2562EDDAA575AF7141484D4B2E0424DDD752C66F
                                                                                                                                    SHA-256:745AEE51E739F979AB57CB23D852DCF9633F08B4AA293664051EEF3D57BB90E3
                                                                                                                                    SHA-512:182E9B2332197E56FFDE7EEE28AD841A9D7ADAFA30E8B17F7387B57967B5BACD0CFE71E16D0E2E7CCF339F547A77115171BBFB5BFDC45E2D999BC211BB435754
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="300">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_MSI\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_MSI\supportdev.cfg

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):636
                                                                                                                                    Entropy (8bit):4.905388766137308
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:DRVKOmR0VhQIyJzczZAk2vH41HhiEHh+uo+lHGFHfdMsZnMsYNMsYI:FV9mcdyFeakAu1dGFHfLXQZ
                                                                                                                                    MD5:E521CBA96E37002DE3178030ED36FD9D
                                                                                                                                    SHA1:32AE66E9688968476EB1E8BA14CE202024FDF005
                                                                                                                                    SHA-256:CEBFEB858F241FB0127C911E7405703F6CF80572136A15885234E4E9D51B2BFA
                                                                                                                                    SHA-512:78C167D2C2CE639B74DA52248128D8D58CF1EAAEFA0DAB9291893A5564C44D756B02F1C14680CB5C4BEAF603B9D7398395791E30C2419AB1325B1A1A8861F64A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:; Semicolan is considered as comment...; So in a line if semicolan is present the whole line is considered comment..; The below entry Mode specified whether device in list needs to be included or excluded..; for exclude specify [Mode] = Exclude..; for Include specify [Mode] = Include..[AppConfig]..[Mode] = Include..; The values below provided are in Hexa decimal..[Device]..VendorID = 8086..SubSystemVendorID = 8086..DeviceID = 4235..SubSystemID = 1121..[Device]..VendorID = 8086..SubSystemVendorID = 8086..DeviceID = 4232..SubSystemID = 1321..[Device]..VendorID = 8086..SubSystemVendorID = 8086..DeviceID = 4232..SubSystemID = 1326..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_PCI\DRVUpdate.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):267312
                                                                                                                                    Entropy (8bit):6.393123909234834
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:g6WaV2WJ2u6PupcWluM7nCL6h5nTJwdPnjSszac2eM3FjM1/GGa4arGOZYd92Nah:gBOAtE5bTSdk5FjHGa4yZYd92/VuEhC
                                                                                                                                    MD5:281C4E15D1FBE669754B0E300B5BB6CD
                                                                                                                                    SHA1:1FE48A008A542C79BE57D113692A68016E6807AF
                                                                                                                                    SHA-256:32B75BBED593E90B11A6627459AC2B660BDC15958C4DDC1D919F1AF95DBC6EFA
                                                                                                                                    SHA-512:717DA2953202F83ABD3AB46B64C20EBAB2BB892C4547C14CD4EDB4A63233357F59A98C6803103CB0B0DC4445D7E067533D6122198F58FEF5FABDC52C07C1CBDE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Bk.....P...P...Pi|8P...Pi|.PF..Pi|.P...P.r5P...P...Po..Pi|.P...Pi|<P...Pi|;P...PRich...P........................PE..L....%.]............................ $............@..........................@......%V....@.................................\...x.......................0...............................................@............................................text............................... ..`.rdata..............................@..@.data....=..........................@....rsrc...............................@..@.reloc..D+.......,..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_PCI\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1024
                                                                                                                                    Entropy (8bit):5.388461195283944
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+KF9cgFm2FNavzM9oQBGAXlo+hzEqzMl52FNIVLuoBJ0FpG5:WJ2aiTB/X2+hIqU8HIhuoBJ0O5
                                                                                                                                    MD5:AFBBEB17AD10CD407820D8FD490B6A45
                                                                                                                                    SHA1:9E3505EB8FE69FBD59B5C25228218FF521954074
                                                                                                                                    SHA-256:2EA6151061BB8CF807974DFF40EF6875799D83CC61F8ECF8B1BDCB5271141A98
                                                                                                                                    SHA-512:0F3EA781CC6B058455967151A9062B631075A0F6C753FCE3AC2A8A20EFD1B5BA5259ADC2BDD8D9E9EF11063FA08B0F6909C46E86C133DA1AD85573E25E940E37
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -f2 ".\drvupdatesetup.log"..[Regular]..1= Payload\Setup.exe -s -f2 ".\drvupdatesetup.log"..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = PCI....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables..;eg ..;Data = %windir%\system32\dcomcnfg.exe..;if Method is MSI the Data should hold product ID like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}..;..;If Method is Reg Data should hold complete Registry path followed by semicolan and data name..;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;..;Method = MSI..;Data = {F20AEE2D-A8FC-4CB5-9BF3-8069F118D346}..Method = PCI....; Reboot = 0 - Reboot not required or 1 - requ

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_PCI\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1024
                                                                                                                                    Entropy (8bit):5.388461195283944
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+KF9cgFm2FNavzM9oQBGAXlo+hzEqzMl52FNIVLuoBJ0FpG5:WJ2aiTB/X2+hIqU8HIhuoBJ0O5
                                                                                                                                    MD5:AFBBEB17AD10CD407820D8FD490B6A45
                                                                                                                                    SHA1:9E3505EB8FE69FBD59B5C25228218FF521954074
                                                                                                                                    SHA-256:2EA6151061BB8CF807974DFF40EF6875799D83CC61F8ECF8B1BDCB5271141A98
                                                                                                                                    SHA-512:0F3EA781CC6B058455967151A9062B631075A0F6C753FCE3AC2A8A20EFD1B5BA5259ADC2BDD8D9E9EF11063FA08B0F6909C46E86C133DA1AD85573E25E940E37
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -f2 ".\drvupdatesetup.log"..[Regular]..1= Payload\Setup.exe -s -f2 ".\drvupdatesetup.log"..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = PCI....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables..;eg ..;Data = %windir%\system32\dcomcnfg.exe..;if Method is MSI the Data should hold product ID like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}..;..;If Method is Reg Data should hold complete Registry path followed by semicolan and data name..;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;..;Method = MSI..;Data = {F20AEE2D-A8FC-4CB5-9BF3-8069F118D346}..Method = PCI....; Reboot = 0 - Reboot not required or 1 - requ

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_PCI\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_PCI\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\DrvAppIE_PCI\supportdev.cfg

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):690
                                                                                                                                    Entropy (8bit):4.92617353471453
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:dFoCP4I/UcUZMtLHdMtRuj7ZMtwyGTZMt+fM9jofO9joiQ9UwM9jofO9joiVVnMo:3oCnryM99MHQVM2ycM4fMsZnMsYNMsYI
                                                                                                                                    MD5:C4DFC47437C0AE387D0A93BE19E16082
                                                                                                                                    SHA1:45940C6BD85FA03C6040C9F01E26DA7B38BBFF6D
                                                                                                                                    SHA-256:20D703CEFC69AF230DDDE925836F636B77F9599AA4AB424AB058DD574DEECC06
                                                                                                                                    SHA-512:876D0F592CDECBBA609B7C5C77B26FB80D6B897E8A30797A4DFBFFBB3256DFFBC199FE98B4CD87FE0EA07504026A858D658DC7BDD3FBA1A39F9DED5C5CFE6705
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;File generated while build..[AppConfig]..[Mode] = Exclude..[Device]..VendorID = 14E4..SubSystemVendorID = 1028..DeviceID = 432B..SubSystemID = 000D..[Device]..VendorID = 14E4..SubSystemVendorID = 1028..DeviceID = 4315..SubSystemID = 000C..[Device]..VendorID = 14E4..SubSystemVendorID = 1028..DeviceID = 4328..SubSystemID = 000A..[Device]..VendorID = 14E4..SubSystemVendorID = 1028..DeviceID = 4353..SubSystemID = 000E..[Device]..VendorID = 8086..SubSystemVendorID = 8086..DeviceID = 4235..SubSystemID = 1121..[Device]..VendorID = 8086..SubSystemVendorID = 8086..DeviceID = 4232..SubSystemID = 1321..[Device]..VendorID = 8086..SubSystemVendorID = 8086..DeviceID = 4232..SubSystemID = 1326..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\EETI_Touch_Panel_Application\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):340
                                                                                                                                    Entropy (8bit):5.401332446312677
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:cbs6+5XLx1NrhgP5ZOXNxNowCakXLx1NrhgP5ZOXN3aAs6+5XLx1NrhgP5ZOXNx7:cbz+NLTJGPfOXNxewCaULTJGPfOXN3a3
                                                                                                                                    MD5:EE1F560918833D2DFAB8632B5195B09E
                                                                                                                                    SHA1:6379EA93CFF772A0F33E43A20F48B701BACFC151
                                                                                                                                    SHA-256:06023EAF207235DB041F6E132A1A69EF4C8F40B860DC20D524FDF26BC0B4B112
                                                                                                                                    SHA-512:4988F620879EAB73220E015A0BA8315F69C83787A1DEFE21BAF4F3F71F00CDBD6B552EE23A3BC6B80C425620D546F42662A8D061CDAE82DD2260434785EE17DF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\eGalaxDr.Touch\Uinstaller\Product_Version;..ComponentID = 104861..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\eGalaxDr.Touch\Uinstaller\Product_Display;.. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\eGalaxDr.Touch\Uinstaller\Product_Version;......

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\EETI_Touch_Panel_Application\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):340
                                                                                                                                    Entropy (8bit):5.401332446312677
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:cbs6+5XLx1NrhgP5ZOXNxNowCakXLx1NrhgP5ZOXN3aAs6+5XLx1NrhgP5ZOXNx7:cbz+NLTJGPfOXNxewCaULTJGPfOXN3a3
                                                                                                                                    MD5:EE1F560918833D2DFAB8632B5195B09E
                                                                                                                                    SHA1:6379EA93CFF772A0F33E43A20F48B701BACFC151
                                                                                                                                    SHA-256:06023EAF207235DB041F6E132A1A69EF4C8F40B860DC20D524FDF26BC0B4B112
                                                                                                                                    SHA-512:4988F620879EAB73220E015A0BA8315F69C83787A1DEFE21BAF4F3F71F00CDBD6B552EE23A3BC6B80C425620D546F42662A8D061CDAE82DD2260434785EE17DF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\eGalaxDr.Touch\Uinstaller\Product_Version;..ComponentID = 104861..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\eGalaxDr.Touch\Uinstaller\Product_Display;.. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\eGalaxDr.Touch\Uinstaller\Product_Version;......

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\EETI_Touch_Panel_Application\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\ESMMapping.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):89616
                                                                                                                                    Entropy (8bit):3.5364506566958394
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:TVHqJcU37d90oQ/y+QvyZMv9Ci379iSI/Wy:R
                                                                                                                                    MD5:304EC7217D6A2AD4C9819D42D8A4BE44
                                                                                                                                    SHA1:2D1F7A110CDAD38349A22C5477DF66A93E43C986
                                                                                                                                    SHA-256:C3E6F428C4D1C6E9584C71F83981B98899B0DB20715D86D15BD6F92F90846B13
                                                                                                                                    SHA-512:40A54FBC178D74004C1811BE83A04026BCEE0623B12B3C7C01E4A61912FA0E0EA98385AC7C42E03E819024E00E0F1ED3371228690309C80E3C0CE4813D8750DD
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.E.S.M.M.a.p.p.i.n.g.>..... . . . .<.S.y.s.t.e.m. .s.y.s.t.e.m.I.D.=.".0.0.7.C.".>..... . . . . . . . .<.E.S.M.R.e.f. .r.e.l.e.a.s.e.I.D.=.".R.1.3.0.7.1."./.>..... . . . . . . . .<.E.S.M.R.e.f. .r.e.l.e.a.s.e.I.D.=.".R.1.4.5.6.3."./.>..... . . . .<./.S.y.s.t.e.m.>..... . . . .<.S.y.s.t.e.m. .s.y.s.t.e.m.I.D.=.".0.0.7.F.".>..... . . . . . . . .<.E.S.M.R.e.f. .r.e.l.e.a.s.e.I.D.=.".R.1.3.0.7.1."./.>..... . . . . . . . .<.E.S.M.R.e.f. .r.e.l.e.a.s.e.I.D.=.".R.1.4.5.6.3."./.>..... . . . .<./.S.y.s.t.e.m.>..... . . . .<.S.y.s.t.e.m. .s.y.s.t.e.m.I.D.=.".0.0.8.1.".>..... . . . . . . . .<.E.S.M.R.e.f. .r.e.l.e.a.s.e.I.D.=.".R.1.3.0.7.1."./.>..... . . . . . . . .<.E.S.M.R.e.f. .r.e.l.e.a.s.e.I.D.=.".R.1.4.5.6.3."./.>..... . . . .<./.S.y.s.t.e.m.>..... . . . .<.S.y.s.t.e.m. .s.y.s.t.e.m.I.D.=.".0.0.8.3.".>..... . . . . . . . .<.E.S.M.R.e.f. .r.e.l.e.a.s.e.I.D.=.".R.1.3.0.7.1."./.>..... . . . . . . . .<.E.S.M.R.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Ethertronic_Active_Steering_Driver\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):185
                                                                                                                                    Entropy (8bit):5.130914011571749
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFCZkDdec0I9LdgoVBIdVBsSkDdec0I9Ldgyvn:/QZgFgkDjL4rBUDjLtn
                                                                                                                                    MD5:250A45296650658998B087FBA85DBE71
                                                                                                                                    SHA1:7209AE9A5A52544604633701C207E02C21202BF1
                                                                                                                                    SHA-256:B124C204F952A34A071C03380A9A64D3022CD8208B4C3775A8478B6A00FE7B45
                                                                                                                                    SHA-512:F699044E1205102D89CC0F58618A14E5964A4509403EA8CA94C5FBEA9DCF1C1BB736C25D9A3A438AC3129CE669F3B6C8CD5AB3867C2123EB5D4D3CD08F498409
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106798..data = {C8B20CA7-17C3-484A-9337-A7F7DE43C88E} ..pkgtype = DRVR....[Version]..method = MSI..data = {C8B20CA7-17C3-484A-9337-A7F7DE43C88E} ....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Ethertronic_Active_Steering_Driver\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):187
                                                                                                                                    Entropy (8bit):5.12039493172177
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFCZkDdec0I9LdgoVBIdVBsSkDdec0I9Ldgyvov:/QZgFgkDjL4rBUDjLtov
                                                                                                                                    MD5:08FD19E91455D93BA5A6C01005E17405
                                                                                                                                    SHA1:8073FF5AD8CCF558D94302AE5FF62D5089CF2756
                                                                                                                                    SHA-256:9565385BBA97183E22F34D5AAD38280E57523D1F92DAF51A1E4121F3DE5656D3
                                                                                                                                    SHA-512:835878873DB7EEFA259BE892E3EE563E2BEE6D5F9448D44F6E582DA98FF97F9345FE00912CEC5DE7E06A874F81B2820321CE6B4A5F7C052FFE857091E69B0743
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106798..data = {C8B20CA7-17C3-484A-9337-A7F7DE43C88E} ..pkgtype = DRVR....[Version]..method = MSI..data = {C8B20CA7-17C3-484A-9337-A7F7DE43C88E} ......

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Ethertronic_Active_Steering_Driver\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Executables\AppUpdate.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):245808
                                                                                                                                    Entropy (8bit):6.457023839917332
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:VY7Dt3AAc3uM7YDYf3j7AX2tHPn5UReV2:VJ3r7ZgX2tHPn52e
                                                                                                                                    MD5:9B506EEF48FBF87C978B55212361C3F6
                                                                                                                                    SHA1:C069EE60E4ED0663D615EE5737EF2BB3CE337963
                                                                                                                                    SHA-256:A1996C7C4D35516B17061834E6A21245D750C7675412F5AFC8695EF1EB80DD1A
                                                                                                                                    SHA-512:6BFF3913F6F5009DFBA93FCEC3740F1725A3E603FDC8365720E5360F462A53E9464E60676348BE751C46429615B50E50C89011E7934FF3EF5DDF62935128225B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......("..lC.LlC.LlC.L.59LxC.L.5.L,C.L.5.L.C.Le;4LgC.LlC.L.C.L.5.LcC.L.5=LmC.L.5:LmC.LRichlC.L........................PE..L....%.]............................P@............@.......................................@.................................da..x.......................0.......t....................................5..@............................................text.............................. ..`.rdata..............................@..@.data....=...p.......V..............@....rsrc................p..............@..@.reloc...,...........v..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Executables\DRVUpdate.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):267312
                                                                                                                                    Entropy (8bit):6.393123909234834
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:g6WaV2WJ2u6PupcWluM7nCL6h5nTJwdPnjSszac2eM3FjM1/GGa4arGOZYd92Nah:gBOAtE5bTSdk5FjHGa4yZYd92/VuEhC
                                                                                                                                    MD5:281C4E15D1FBE669754B0E300B5BB6CD
                                                                                                                                    SHA1:1FE48A008A542C79BE57D113692A68016E6807AF
                                                                                                                                    SHA-256:32B75BBED593E90B11A6627459AC2B660BDC15958C4DDC1D919F1AF95DBC6EFA
                                                                                                                                    SHA-512:717DA2953202F83ABD3AB46B64C20EBAB2BB892C4547C14CD4EDB4A63233357F59A98C6803103CB0B0DC4445D7E067533D6122198F58FEF5FABDC52C07C1CBDE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Bk.....P...P...Pi|8P...Pi|.PF..Pi|.P...P.r5P...P...Po..Pi|.P...Pi|<P...Pi|;P...PRich...P........................PE..L....%.]............................ $............@..........................@......%V....@.................................\...x.......................0...............................................@............................................text............................... ..`.rdata..............................@..@.data....=..........................@....rsrc...............................@..@.reloc..D+.......,..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Executables\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1529
                                                                                                                                    Entropy (8bit):4.800644432987663
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCy3Ke+KLtr3M/aI3/zP:IQ8IhhtKLtzM/aI3b
                                                                                                                                    MD5:37F3ED70BC7353D8420E3DB113CAE27A
                                                                                                                                    SHA1:2562EDDAA575AF7141484D4B2E0424DDD752C66F
                                                                                                                                    SHA-256:745AEE51E739F979AB57CB23D852DCF9633F08B4AA293664051EEF3D57BB90E3
                                                                                                                                    SHA-512:182E9B2332197E56FFDE7EEE28AD841A9D7ADAFA30E8B17F7387B57967B5BACD0CFE71E16D0E2E7CCF339F547A77115171BBFB5BFDC45E2D999BC211BB435754
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="300">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Executables\PNPUpdate.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):267312
                                                                                                                                    Entropy (8bit):6.3930262675533065
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:I6WaV2WJ2u6PupcWluM7nCL6h5nTJwdPnjSszac2eM3FjM1/GGa4arGOZYd92N9x:IBOAtE5bTSdk5FjHGa4yZYd92CjuEKV
                                                                                                                                    MD5:1C850603C4450D453C802C6E4C1B3793
                                                                                                                                    SHA1:47881F57311F34881FBCAF98672B17D26B7A5B72
                                                                                                                                    SHA-256:9B08766D82498BA083A4855A508ABA415C31FCDB9E05104B17D697B2EA529FF1
                                                                                                                                    SHA-512:04572EC3E01C01141A30F1C199433489A36D5C965421A74EAB832F777E083302E8F679178FD7FE83423E301FD50C66D51DFB4217597824927E2E13CC91676CB5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Bk.....P...P...Pi|8P...Pi|.PF..Pi|.P...P.r5P...P...Po..Pi|.P...Pi|<P...Pi|;P...PRich...P........................PE..L....&.]............................ $............@..........................@......R@....@.................................\...x.......................0...............................................@............................................text............................... ..`.rdata..............................@..@.data....=..........................@....rsrc...............................@..@.reloc..D+.......,..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Executables\SSDUpdate.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):254000
                                                                                                                                    Entropy (8bit):6.467134079075619
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:EJeijMS7ThuYRFdTRGuX7ggIk4OwbwwhB6:EJMYrdTvzIk4OIw1
                                                                                                                                    MD5:313800784C5145A877FAD75B6B242E02
                                                                                                                                    SHA1:CE4BD9BFDA69E18ACC811B52277152B2990A1AF2
                                                                                                                                    SHA-256:6BA888141C578FB6BC7455562E157128EE28205BAC40743A378B84591BA838B0
                                                                                                                                    SHA-512:749006EE293812213B1C8571AA9EE9E1C4CE5B0CB8A6C3EF701B21ABD65F29AF7376A6CD8E5286EB64DB5D910CCE2AF1400B30553930623247459B424ADDCE90
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........NyZ./.../.../...Y.../...Y.../...Y.../...W.../.../.../...Y.../...Y.../..Rich./..................PE..L....&.].............................^............@.......................................@.............................................................0............................................[..@............................................text...!........................... ..`.rdata.............................@..@.data....=...........|..............@....reloc...-..........................@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Executables\USBUpdate.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):250416
                                                                                                                                    Entropy (8bit):6.46803956839387
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:YoKnzGEUWJ3MLTo4ZUochmK52LLvRxx9Zy:YpzzMnouchmKoL7RK
                                                                                                                                    MD5:13AC760757E21895CB03D5DF074AA823
                                                                                                                                    SHA1:6968102F890B1C88C620D3A237667C2010C23D12
                                                                                                                                    SHA-256:5DDD30F26B9F49E8C46E9687408F20C88B331D2EA4B6050FE563CF6F9C2B7A40
                                                                                                                                    SHA-512:BFF6E469C9BC44962F7F461990E4BD8C95DCDB20B8D26099CD85B0EB5C58EE7045DC033683F81AF15F1183214EAE1660DA69B3E993854F197238F04A460735C3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........F ..'N..'N..'N..Q..'N..Q.'N..Q.b'N.._..'N..'O..'N..Q..'N..Q..'N..Q..'N.Rich.'N.................PE..L....%.]............................)P............@.......................................@..................................t..x.......................0.......T...................................0G..@............................................text...q........................... ..`.rdata..B...........................@..@.data....>...........h..............@....rsrc...............................@..@.reloc...-..........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\FW_ALPS_TP_A01\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):340
                                                                                                                                    Entropy (8bit):5.302668369046472
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HFodc5XLx1pNgetyL/mmnbAmtkXLx1pNge/BNrrqOc5XLx1pNgetyL/r:xcNLTpNgEemmnkmtULTpNgoNLcNLTpNS
                                                                                                                                    MD5:936A424D99F3720E8EFF982BA6D4BD7D
                                                                                                                                    SHA1:0D4B07A8B2C58B87A572247395199DB8BEAA7705
                                                                                                                                    SHA-256:1A8204BB8CBFB7323711AA8626E0EF7073CFE97E0842A2643D126B57F4A2DA83
                                                                                                                                    SHA-512:A02369E7DEE4175EB6BF553395D032582700B877412EC28256AA8FFF3AC44EF0AB8044A17A44ACD40DFCAA7784BE7FFC891E44D74BD2FEB02D27002732AB940C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 104696..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Alps\Version\;..pkgtype = Firmware..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Alps\Display\;....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Alps\Version\;....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\FW_ALPS_TP_A01\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):340
                                                                                                                                    Entropy (8bit):5.302668369046472
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HFodc5XLx1pNgetyL/mmnbAmtkXLx1pNge/BNrrqOc5XLx1pNgetyL/r:xcNLTpNgEemmnkmtULTpNgoNLcNLTpNS
                                                                                                                                    MD5:936A424D99F3720E8EFF982BA6D4BD7D
                                                                                                                                    SHA1:0D4B07A8B2C58B87A572247395199DB8BEAA7705
                                                                                                                                    SHA-256:1A8204BB8CBFB7323711AA8626E0EF7073CFE97E0842A2643D126B57F4A2DA83
                                                                                                                                    SHA-512:A02369E7DEE4175EB6BF553395D032582700B877412EC28256AA8FFF3AC44EF0AB8044A17A44ACD40DFCAA7784BE7FFC891E44D74BD2FEB02D27002732AB940C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 104696..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Alps\Version\;..pkgtype = Firmware..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Alps\Display\;....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Alps\Version\;....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\FW_ALPS_TP_A01\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Fingerprint_Cards_Fingerprint_Sensor_Device_Driver\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.121238944705605
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFKvBERbcRdFIYzEd6wRc6uyVtRcVBIdVBsSkcRdFIYzEd6wRc6uyy:/QZgF4ERbc7bz2R7tJrBUc7bz2R4
                                                                                                                                    MD5:563ED32B3D938FBCF6BAD4A85FBFA098
                                                                                                                                    SHA1:586BCF18BED3DDA6FA5E29BCC2665E7042F73909
                                                                                                                                    SHA-256:D2F620036255E6FFE679669F5EA7750EA7F0EF2EAB2EEAF9A657A2E89B0052D5
                                                                                                                                    SHA-512:A375628D0CA13016E245301EC6CDB9BBFBC774EB7CC3487EA0783EACFEEED92CD4C356E8D8A1A83B356FCF45D84BCA8FF5B45A754596A67D329BABF1952DE5B6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106552..data = {f3389122-94fe-40a8-bdc7-735671640cdd}..pkgtype = DRVR....[Version]..method = MSI..data = {f3389122-94fe-40a8-bdc7-735671640cdd}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Fingerprint_Cards_Fingerprint_Sensor_Device_Driver\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.121238944705605
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFKvBERbcRdFIYzEd6wRc6uyVtRcVBIdVBsSkcRdFIYzEd6wRc6uyy:/QZgF4ERbc7bz2R7tJrBUc7bz2R4
                                                                                                                                    MD5:563ED32B3D938FBCF6BAD4A85FBFA098
                                                                                                                                    SHA1:586BCF18BED3DDA6FA5E29BCC2665E7042F73909
                                                                                                                                    SHA-256:D2F620036255E6FFE679669F5EA7750EA7F0EF2EAB2EEAF9A657A2E89B0052D5
                                                                                                                                    SHA-512:A375628D0CA13016E245301EC6CDB9BBFBC774EB7CC3487EA0783EACFEEED92CD4C356E8D8A1A83B356FCF45D84BCA8FF5B45A754596A67D329BABF1952DE5B6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106552..data = {f3389122-94fe-40a8-bdc7-735671640cdd}..pkgtype = DRVR....[Version]..method = MSI..data = {f3389122-94fe-40a8-bdc7-735671640cdd}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Fingerprint_Cards_Fingerprint_Sensor_Device_Driver\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Gemalto\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):427
                                                                                                                                    Entropy (8bit):5.3563679996869835
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pA08IcGM/QCKSKw08IcGM/QCiFsq+pG5:+C5r85vSaIVyKSbIVyZFpG5
                                                                                                                                    MD5:798D00469FFE754912F662D6662EFFFC
                                                                                                                                    SHA1:8317B661C747321FF981D19BA0E12883F99B61DB
                                                                                                                                    SHA-256:D1714A25E7B1F169822D79F2FA0788A53392E9C04DFC15B6B74C12898EAB2329
                                                                                                                                    SHA-512:483064980261D8F4AC6C28D927DC5CA65BD9E73A4A02FD2833E972A9BB47D4748122F03D04B6DCE940AF863EB1BB9D07455AEA8061E6D27B3BBBC211E9B17EA5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]......Method = MSI..Data = {882B7D7B-4A11-449E-800D-B11DEA2E5122}..PkgType = DRVR..ComponentID=17011......[Version]....Method = MSI..Data = {882B7D7B-4A11-449E-800D-B11DEA2E5122}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Gemalto\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):427
                                                                                                                                    Entropy (8bit):5.3563679996869835
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pA08IcGM/QCKSKw08IcGM/QCiFsq+pG5:+C5r85vSaIVyKSbIVyZFpG5
                                                                                                                                    MD5:798D00469FFE754912F662D6662EFFFC
                                                                                                                                    SHA1:8317B661C747321FF981D19BA0E12883F99B61DB
                                                                                                                                    SHA-256:D1714A25E7B1F169822D79F2FA0788A53392E9C04DFC15B6B74C12898EAB2329
                                                                                                                                    SHA-512:483064980261D8F4AC6C28D927DC5CA65BD9E73A4A02FD2833E972A9BB47D4748122F03D04B6DCE940AF863EB1BB9D07455AEA8061E6D27B3BBBC211E9B17EA5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]......Method = MSI..Data = {882B7D7B-4A11-449E-800D-B11DEA2E5122}..PkgType = DRVR..ComponentID=17011......[Version]....Method = MSI..Data = {882B7D7B-4A11-449E-800D-B11DEA2E5122}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Gemalto\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Gemalto\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\HDD_SSD_Inventory\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1024
                                                                                                                                    Entropy (8bit):5.386874034199363
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+KF9cgFHFNavzM9oQBGAXlo+hzEqzMl52FNIVLuoB6LFpG5:W6aiTB/X2+hIqU8HIhuoB6LO5
                                                                                                                                    MD5:83C19684824A01DE55ACC5EE92BD3CFD
                                                                                                                                    SHA1:B86AC74453055DED5B4388A89C97C4FA29593E45
                                                                                                                                    SHA-256:E23F8C7960AA1A6EE0542280C82959AABBD4F8FF3C7EBF8D4B28139DA15531E6
                                                                                                                                    SHA-512:8182FBFDCDE27527E4A3B540DCB97BCF28DDB46816E1F262FB18BF4E6393ECE07A08CB9BE0E4E970755BD4A5B4DD9F12036F02C75EB59823930F7147A7CE5AA8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -f2 ".\drvupdatesetup.log"..[Regular]..1= Payload\Setup.exe -s -f2 ".\drvupdatesetup.log"..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = SSD....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables..;eg ..;Data = %windir%\system32\dcomcnfg.exe..;if Method is MSI the Data should hold product ID like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}..;..;If Method is Reg Data should hold complete Registry path followed by semicolan and data name..;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;..;Method = MSI..;Data = {F20AEE2D-A8FC-4CB5-9BF3-8069F118D346}..Method = SSD....; Reboot = 0 - Reboot not required or 1 - requ

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\HDD_SSD_Inventory\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1024
                                                                                                                                    Entropy (8bit):5.386874034199363
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+KF9cgFHFNavzM9oQBGAXlo+hzEqzMl52FNIVLuoB6LFpG5:W6aiTB/X2+hIqU8HIhuoB6LO5
                                                                                                                                    MD5:83C19684824A01DE55ACC5EE92BD3CFD
                                                                                                                                    SHA1:B86AC74453055DED5B4388A89C97C4FA29593E45
                                                                                                                                    SHA-256:E23F8C7960AA1A6EE0542280C82959AABBD4F8FF3C7EBF8D4B28139DA15531E6
                                                                                                                                    SHA-512:8182FBFDCDE27527E4A3B540DCB97BCF28DDB46816E1F262FB18BF4E6393ECE07A08CB9BE0E4E970755BD4A5B4DD9F12036F02C75EB59823930F7147A7CE5AA8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -f2 ".\drvupdatesetup.log"..[Regular]..1= Payload\Setup.exe -s -f2 ".\drvupdatesetup.log"..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = SSD....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables..;eg ..;Data = %windir%\system32\dcomcnfg.exe..;if Method is MSI the Data should hold product ID like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}..;..;If Method is Reg Data should hold complete Registry path followed by semicolan and data name..;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;..;Method = MSI..;Data = {F20AEE2D-A8FC-4CB5-9BF3-8069F118D346}..Method = SSD....; Reboot = 0 - Reboot not required or 1 - requ

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\HDD_SSD_Inventory\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\HDD_SSD_Inventory\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\HDD_SSD_Inventory\supportdev.cfg

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):690
                                                                                                                                    Entropy (8bit):4.92617353471453
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:dFoCP4I/UcUZMtLHdMtRuj7ZMtwyGTZMt+fM9jofO9joiQ9UwM9jofO9joiVVnMo:3oCnryM99MHQVM2ycM4fMsZnMsYNMsYI
                                                                                                                                    MD5:C4DFC47437C0AE387D0A93BE19E16082
                                                                                                                                    SHA1:45940C6BD85FA03C6040C9F01E26DA7B38BBFF6D
                                                                                                                                    SHA-256:20D703CEFC69AF230DDDE925836F636B77F9599AA4AB424AB058DD574DEECC06
                                                                                                                                    SHA-512:876D0F592CDECBBA609B7C5C77B26FB80D6B897E8A30797A4DFBFFBB3256DFFBC199FE98B4CD87FE0EA07504026A858D658DC7BDD3FBA1A39F9DED5C5CFE6705
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;File generated while build..[AppConfig]..[Mode] = Exclude..[Device]..VendorID = 14E4..SubSystemVendorID = 1028..DeviceID = 432B..SubSystemID = 000D..[Device]..VendorID = 14E4..SubSystemVendorID = 1028..DeviceID = 4315..SubSystemID = 000C..[Device]..VendorID = 14E4..SubSystemVendorID = 1028..DeviceID = 4328..SubSystemID = 000A..[Device]..VendorID = 14E4..SubSystemVendorID = 1028..DeviceID = 4353..SubSystemID = 000E..[Device]..VendorID = 8086..SubSystemVendorID = 8086..DeviceID = 4235..SubSystemID = 1121..[Device]..VendorID = 8086..SubSystemVendorID = 8086..DeviceID = 4232..SubSystemID = 1321..[Device]..VendorID = 8086..SubSystemVendorID = 8086..DeviceID = 4232..SubSystemID = 1326..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\ICINIT\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):130
                                                                                                                                    Entropy (8bit):4.536164830644544
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:vuFFLMKEJcAFKbFWJ9LDbGARZNFBeKj/QAm/GAOn:vuF5MfUhWJ9S8z7HjIXuR
                                                                                                                                    MD5:DD9F9C913DC476D6A64449E4842DE944
                                                                                                                                    SHA1:42FFF2606077CEE64232101DF710A653D2357F4C
                                                                                                                                    SHA-256:93D3534EDE6A89DA26A22CCA4856C007C7804F0F90337970FE7A2E9E9F3C0C8D
                                                                                                                                    SHA-512:63971868F96D350D8988E25CEB656769BDDCDBEB586AA0ED7A3571C4C84EDCEE70753CC98FBA469B76C891B2A20A7B9A68D5B7C4E8261EDF25DB704112446FBE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<dummy>.. This is a dummy file to subsitute for PIEConfig.xml for devices which do not have.. a supported systems list..</dummy>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\ICINIT\init.bat

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):395
                                                                                                                                    Entropy (8bit):5.297836219270588
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:xlo+H1F01QghxyBt2Shq+Z2hxM2Q4MHdunfK:xl/HPyhOhyudafK
                                                                                                                                    MD5:2096BC1AC8C231201351DAEE76BAA5C5
                                                                                                                                    SHA1:69FD91FF8029E5F5B92956B74309B2A4D2467E8A
                                                                                                                                    SHA-256:A2AC81FEFD49BEC7A9C07C3DD245B70A14AB1BE104CC90D48FDC1B522B646F63
                                                                                                                                    SHA-512:5CB1BA5B6E71B6434B69455EE7776CA8B2B2ACC7A17E7C415B0D785C1221B0F5666632E0FDA4684272B5C25D9C6339D0B4D1565B5557AB6708C981C95D81C359
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:@echo off..REM..REM.init.bat..REM.copies VC80 CRT files to relevant folders..REM....@PUSHD ....echo %CD% > %CD%\icinitlog.txt..REM Microsoft.VC80.CRT.manifest msvc*80.dll ....(..dir..rem copy /v Microsoft.VC80.CRT.manifest libsmbios..rem copy /v msvc*80.dll libsmbios..) 2>&1 1>> %CD%\icinitlog.txt....@POPD..echo ^<?xml version="1.0" encoding="UTF-8" ?^>..echo ^<SVMInventory lang="en"/^>..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IDT_AUDIO\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1026
                                                                                                                                    Entropy (8bit):5.403824244104087
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+KP9cgPwsFNavzM9oQBGAXlo+hzEqzMl52FNIVLuoBJKFpG5:QpsaiTB/X2+hIqU8HIhuoBJKO5
                                                                                                                                    MD5:C36BB53E343921BBFB336D52477DAE48
                                                                                                                                    SHA1:2634996BEC8BD85EFBE244FBAAB9585DB7BA6969
                                                                                                                                    SHA-256:59E727C9F18247EF021927592D0F81E4BEAFEB4C687766A0D5012E472E8796F9
                                                                                                                                    SHA-512:98AD08E53748E399F6945357C8FCE51833A1A395081566B2F9F78FE6E51163668DDAF7ED0DDED1211898C06FBE7AEB37F48F4B130CF5C379062F5A8076A8904F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -f2".\drvupdatesetup.log"..[Regular]..1= Payload\Setup.exe -s -f2".\drvupdatesetup.log"..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = AUDIO....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables..;eg ..;Data = %windir%\system32\dcomcnfg.exe..;if Method is MSI the Data should hold product ID like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}..;..;If Method is Reg Data should hold complete Registry path followed by semicolan and data name..;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;..;Method = MSI..;Data = {F20AEE2D-A8FC-4CB5-9BF3-8069F118D346}..Method = AUDIO....; Reboot = 0 - Reboot not required or 1 - re

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IDT_AUDIO\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1026
                                                                                                                                    Entropy (8bit):5.403824244104087
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+KP9cgPwsFNavzM9oQBGAXlo+hzEqzMl52FNIVLuoBJKFpG5:QpsaiTB/X2+hIqU8HIhuoBJKO5
                                                                                                                                    MD5:C36BB53E343921BBFB336D52477DAE48
                                                                                                                                    SHA1:2634996BEC8BD85EFBE244FBAAB9585DB7BA6969
                                                                                                                                    SHA-256:59E727C9F18247EF021927592D0F81E4BEAFEB4C687766A0D5012E472E8796F9
                                                                                                                                    SHA-512:98AD08E53748E399F6945357C8FCE51833A1A395081566B2F9F78FE6E51163668DDAF7ED0DDED1211898C06FBE7AEB37F48F4B130CF5C379062F5A8076A8904F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -f2".\drvupdatesetup.log"..[Regular]..1= Payload\Setup.exe -s -f2".\drvupdatesetup.log"..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = AUDIO....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables..;eg ..;Data = %windir%\system32\dcomcnfg.exe..;if Method is MSI the Data should hold product ID like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}..;..;If Method is Reg Data should hold complete Registry path followed by semicolan and data name..;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;..;Method = MSI..;Data = {F20AEE2D-A8FC-4CB5-9BF3-8069F118D346}..Method = AUDIO....; Reboot = 0 - Reboot not required or 1 - re

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IDT_AUDIO\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IDT_AUDIO\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IDT_X3\IDT_X3.cmd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):236
                                                                                                                                    Entropy (8bit):5.126595556633116
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:hmRe7SDCI9FzmxKaONjoNmKGKa5IrHFzmxMXNjoW:wU7SDNmxKnNjYkKvdmxQNjt
                                                                                                                                    MD5:A71E8D07E56A3506981A0A145B627924
                                                                                                                                    SHA1:A3EFEF3D65679B77D4571D4EF505F7431E7AF926
                                                                                                                                    SHA-256:7E5E83A2FC81041E1E619FA4486CD90FDAF885F0BC2EE8AD4845346D8B7677D8
                                                                                                                                    SHA-512:67FA875AD8310B8B9762C01B45125BAB8E50605B0547DAF65309C2560096AE2B45B366E7379FC56A981546B1E692F7EC4D75996443D309AB00DF636AE1824F03
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:@echo off..setlocal..if "%PROCESSOR_ARCHITEW6432%"=="" goto thirtytwo.. call %systemroot%\Sysnative\cscript /nologo IDT_X3.vbs %1.. endlocal..Exit....:thirtytwo.. call %systemroot%\system32\cscript /nologo IDT_X3.vbs %1....endlocal

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IDT_X3\IDT_X3.vbs

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with very long lines (355), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):13872
                                                                                                                                    Entropy (8bit):5.901141787292855
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:mjCvagq9qCT7x5crvdLQQrpFBRVfcbUuZP8TDydpIZqBCKjiSA:hagS7xyDJQQHVfgUyUTDydpExKeN
                                                                                                                                    MD5:C2EEA12844DF0AA8C772A2D7E09F186A
                                                                                                                                    SHA1:ECA31521CEAEF78951F39DFE7206A93EC6C14459
                                                                                                                                    SHA-256:D69EEA1FDC5C1045A0A1D4576E454F49ECBB54D02D8681A34F80C3A725670A11
                                                                                                                                    SHA-512:F3D26F37C8160E7FA053F0548BE5317F5B2B23AEF0A569DDBFDFEE99DFAD4A46B6FD43A85933796FD11BEE89E41E05CE93533E06DF080617E8C1FD0332C7D5EE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:' Global Declarations..Option Explicit..On Error Resume Next....Dim strDisplayName, strVersion, strComponentID..Dim status, LogName....Dim WshShell, theArgs..Set WshShell = WScript.CreateObject("WScript.Shell")....set theArgs = Wscript.Arguments..LogName = theArgs.Item(0)..' Check if installation is present..call findInstallation()..strComponentID = "16105"....If Not (strVersion <> "") Then...status = "error"..End If....' Print Output XML..call WriteXML(status)....set WshShell = Nothing....Function findInstallation()...strDisplayName = "IDT Audio"...strVersion = WshShell.RegRead("HKLM\SOFTWARE\ManageableUpdatePackage\IDT\default")...if Not ( strVersion <> "") then....strVersion = WshShell.RegRead("HKLM\SOFTWARE\Wow6432Node\ManageableUpdatePackage\IDT\default")...end if......End Function....' print output..Function WriteXML(status)......Dim QuoteObj, CrLfObj, XmlOpen, XmlClose, XmlData...Dim fso, log......QuoteObj = (Chr(34))...CrLfObj = (Chr(13)) & (Chr(10))...XmlOpen = "<?xml versio

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IDT_X3\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IMAGE\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):499
                                                                                                                                    Entropy (8bit):5.058403797357454
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtbitwCtgkJEtDIY1dBFsq+pGipXd72DhzqtnG8R0bov:+eCs8qYFpGipXd72DhOlkbov
                                                                                                                                    MD5:4228BBCA64F8930E731F86A04C315A97
                                                                                                                                    SHA1:832E5C640C186F23097012A05029435D9E334BC7
                                                                                                                                    SHA-256:1BC14F6AAE8579E18446FAD5FCA50568DC2EBBBDA16F7BC9FEE78E6F85D5EB71
                                                                                                                                    SHA-512:EA2646C663C84BF8C30D8B215E991991CC2033A3CC117BAC343275B59525B3F222C4B1471606F74AFFA00D59D633C659F62778E2D41A8CDF6B48941E6E64703F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = IMAGE..PkgType = DRVR....[Version]....; Need to extract Version from below given registry path..Method = PCI........; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map PID of each Image Device to its corresponsing Device Code..[Mapping]..; Creative Labs M10 Integrated camera..6413=22353..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IMAGE\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):499
                                                                                                                                    Entropy (8bit):5.058403797357454
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtbitwCtgkJEtDIY1dBFsq+pGipXd72DhzqtnG8R0bov:+eCs8qYFpGipXd72DhOlkbov
                                                                                                                                    MD5:4228BBCA64F8930E731F86A04C315A97
                                                                                                                                    SHA1:832E5C640C186F23097012A05029435D9E334BC7
                                                                                                                                    SHA-256:1BC14F6AAE8579E18446FAD5FCA50568DC2EBBBDA16F7BC9FEE78E6F85D5EB71
                                                                                                                                    SHA-512:EA2646C663C84BF8C30D8B215E991991CC2033A3CC117BAC343275B59525B3F222C4B1471606F74AFFA00D59D633C659F62778E2D41A8CDF6B48941E6E64703F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = IMAGE..PkgType = DRVR....[Version]....; Need to extract Version from below given registry path..Method = PCI........; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map PID of each Image Device to its corresponsing Device Code..[Mapping]..; Creative Labs M10 Integrated camera..6413=22353..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IMAGE\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1529
                                                                                                                                    Entropy (8bit):4.8044397229460545
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZReg5MM7reCzNtKeAKLtr3M/aI3xzP:IQ8DTjz+gLtzM/aI3R
                                                                                                                                    MD5:E5D2EAF60BC56B14989F57A58F5A0829
                                                                                                                                    SHA1:D53D62084936DFD5A8081B84D8FE0412B66109AC
                                                                                                                                    SHA-256:DA569FDF18A6D18CEEC6C1FA850FF702BB947A1559A2671817E2955E37481938
                                                                                                                                    SHA-512:29D19A8A5DD1DDEDF12E25A93C0903E57BABD7822669D839765583DD9834FE5D817E05DA52C2543FAF9BC8977D7446B4E391056F3FDF0677BCF23995F165CB35
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>USBUpdate.exe</Startfile>.. <CliToStdout>.. <Command>USBUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>USBUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>USBUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>USBUpdate.exe</Startfile>.. <CliToStdout>.. <Command>USBUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IMAGE\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\INTEL_DPTF_WIN8_14\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.12842404161189
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFjyydR3ce5Q4cmlhR4ZCRcVBIdVBsSkR3ce5Q4cmlhR47v:/QZgF2GRsUcmlhjJrBURsUcmlhK
                                                                                                                                    MD5:5A46F0C264E85B7CD3CD85832136982D
                                                                                                                                    SHA1:4B7EA876B3C3ED820C5ADA6C280A15321922A36E
                                                                                                                                    SHA-256:8B10FEACDD3ED177D9DD41FE2CCF7CAA7F5E4BA1EB2C6AAD938806810E27D2AD
                                                                                                                                    SHA-512:2F268E6B45A2610D1FC5E67D0DE7412D9B714CA1EBFCFA8443C7FA8D2359E31B45EEEB403C92B16D8797E3E1EA38B83CEFA90620EA5F1072B7F56565CA244ACB
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 102309..data = {654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}..pkgtype = DRVR....[Version]..method = MSI..data = {654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\INTEL_DPTF_WIN8_14\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.12842404161189
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFjyydR3ce5Q4cmlhR4ZCRcVBIdVBsSkR3ce5Q4cmlhR47v:/QZgF2GRsUcmlhjJrBURsUcmlhK
                                                                                                                                    MD5:5A46F0C264E85B7CD3CD85832136982D
                                                                                                                                    SHA1:4B7EA876B3C3ED820C5ADA6C280A15321922A36E
                                                                                                                                    SHA-256:8B10FEACDD3ED177D9DD41FE2CCF7CAA7F5E4BA1EB2C6AAD938806810E27D2AD
                                                                                                                                    SHA-512:2F268E6B45A2610D1FC5E67D0DE7412D9B714CA1EBFCFA8443C7FA8D2359E31B45EEEB403C92B16D8797E3E1EA38B83CEFA90620EA5F1072B7F56565CA244ACB
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 102309..data = {654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}..pkgtype = DRVR....[Version]..method = MSI..data = {654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\INTEL_DPTF_WIN8_14\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IPT\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):754
                                                                                                                                    Entropy (8bit):5.615749281711995
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtvitMCtAw8pClXLMVj7PrTcvWQVCiLMVj7PrTcvWQVQIY1mLMVj7PrTcvWQVY:+W+8pyIV3PrINFIV3PrINBLIV3PrINGd
                                                                                                                                    MD5:6EF79BB3485801550A74A008C749E15C
                                                                                                                                    SHA1:B717DB05B8FB8A34F00774581C318B3B08A33D46
                                                                                                                                    SHA-256:AD143D26125819BDB17EBD9E2F0A2FEF641ECC2C31F2AA6A7FD418D97B727804
                                                                                                                                    SHA-512:61813F15FE27C07A39E0F2CE3FAED4EFAE9323221FE6B5A72F6D6F359B6F3C821F7DA9D22144DF3AE78E278E8B66AE3FA793224C534B510F95DEFFC1C9971254
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\setup.exe /qn..[Regular]..1= Payload\setup.exe /qn..[FreshInstall]..1= Payload\setup.exe..; ..[Scan]..Method = Reg..PkgType = APAC..ComponentID=27992..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C01A86F5-56E7-101F-9BC9-E3F1025EB779};DisplayName..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C01A86F5-56E7-101F-9BC9-E3F1025EB779};DisplayVersion....[Version]..; Need to extract Version from below given registry path..Method = Reg..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C01A86F5-56E7-101F-9BC9-E3F1025EB779};DisplayVersion....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0........

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IPT\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):880
                                                                                                                                    Entropy (8bit):5.594527552367901
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+qmR8pyCtV3PrINFCtV3PrIN2yLCtV3PrIN2cFpG0Xd72oOoY:pmAyEtsFEtsTEtsvO5eY
                                                                                                                                    MD5:EAF4C073FEFE89A049214CB60E5EC9FC
                                                                                                                                    SHA1:924E31B2577A30EB99D5B20D2167A8139EC2B856
                                                                                                                                    SHA-256:154051739380085431FB82D2837A5D40980833FA964E31697D11708B35236FB9
                                                                                                                                    SHA-512:00210F8B365DA715C5F9F4E9F81111741ADC64B9EBFFE4B4C4183F5EE97F93B74F52E9107269CFD787258836F9B2DC8E644BBE5F6F76911B2022CFA69E8117F3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe ..[Regular]..1= Payload\Setup.exe..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = Reg..PkgType = APAC..ComponentID=27992..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C01A86F5-56E7-101F-9BC9-E3F1025EB779};DisplayName..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C01A86F5-56E7-101F-9BC9-E3F1025EB779};DisplayVersion......[Version]....; Need to extract Version from below given registry path..Method = Reg..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C01A86F5-56E7-101F-9BC9-E3F1025EB779};DisplayVersion......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0..; This enty is use to Map PID of each Bluetooth to its corresponsing Device Code....[Mapping]....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IPT\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2116
                                                                                                                                    Entropy (8bit):4.7866738721200734
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2Pt88ZRegZSEmMt6rQSBzNSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:Ih8DWLzcRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:1D79EF1DA7E7EDF5DE332052106FB3C6
                                                                                                                                    SHA1:3A10E1B2DCCB33358B0934F82FF99C0665221CE7
                                                                                                                                    SHA-256:6C6304BB142841747EA31C957600166BC9307AD7952C75948089EC07629E3084
                                                                                                                                    SHA-512:ACC3438CC7A5DB327612A8D73EDF6CB9319A20610F9475CD59AC2BBDB1CBD86242CD35633CA53740553F4B93F0A92A5B3644691C92133BBE59FD1AFEC288AD21
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>APP</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg32.ini</Module>.. <Module>DrvCfg64.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p pack

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IPT_X4\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):447
                                                                                                                                    Entropy (8bit):5.357399381730191
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtvitMCtAY+8Uf8kMYIY1kf8kM3Fsq+pGiT:+WJ8gDEPDlFpGiT
                                                                                                                                    MD5:0D97D442562C09EA12F0D26A3B3A7BD6
                                                                                                                                    SHA1:A22EB849BCC8753FFD1267F5EEB53FCEEEEA5BA2
                                                                                                                                    SHA-256:DDC0609FBDDCF64955B7B01D9D62FC68FCDC0BFDBA97FDF9541A016ABD744DDD
                                                                                                                                    SHA-512:07A5C4031741A39A4A50EF2B327C89026396CCA3B97A800CDDAA1A260CAB6A44BAACB623B8B6A37A1700DEE6B216C3339C5ECE2E34160C73315A5B120AF827C1
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\setup.exe /qn..[Regular]..1= Payload\setup.exe /qn..[FreshInstall]..1= Payload\setup.exe..; ..[Scan]..Method = MSI..PkgType = APAC..ComponentID=27992..Data={30D2F4C7-A822-4AB0-B5F7-3D41B730CAFF}....[Version]..; Need to extract Version from below given registry path..Method = MSI..Data={30D2F4C7-A822-4AB0-B5F7-3D41B730CAFF}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0........

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IPT_X4\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):389
                                                                                                                                    Entropy (8bit):5.357254018391961
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtvitMCtAY+8Uf8kMDf8kM3Fsq+pGiT:+WJ8gDmDlFpGiT
                                                                                                                                    MD5:CCE4CF4A438F43801014CFC5A169E39E
                                                                                                                                    SHA1:FA54AA8F65004E6F341BDF1F652A99CF55943077
                                                                                                                                    SHA-256:0482E07A4B5A30922CA6C8D3E4F815CC220D4072EFC10642B846D6C6DE516B9A
                                                                                                                                    SHA-512:50D13F142A2254122D6F630255F111519A3FFDD3AC423E116F83768EC1808AB51977B965C0D47182FE4621D214F0E7686741BC33C4CC223BD2198034DAD26089
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\setup.exe /qn..[Regular]..1= Payload\setup.exe /qn..[FreshInstall]..1= Payload\setup.exe..; ..[Scan]..Method = MSI..PkgType = APAC..ComponentID=27992..Data={30D2F4C7-A822-4AB0-B5F7-3D41B730CAFF}....[Version]..Method = MSI..Data={30D2F4C7-A822-4AB0-B5F7-3D41B730CAFF}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0........

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IPT_X4\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2116
                                                                                                                                    Entropy (8bit):4.7866738721200734
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2Pt88ZRegZSEmMt6rQSBzNSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:Ih8DWLzcRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:1D79EF1DA7E7EDF5DE332052106FB3C6
                                                                                                                                    SHA1:3A10E1B2DCCB33358B0934F82FF99C0665221CE7
                                                                                                                                    SHA-256:6C6304BB142841747EA31C957600166BC9307AD7952C75948089EC07629E3084
                                                                                                                                    SHA-512:ACC3438CC7A5DB327612A8D73EDF6CB9319A20610F9475CD59AC2BBDB1CBD86242CD35633CA53740553F4B93F0A92A5B3644691C92133BBE59FD1AFEC288AD21
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>APP</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg32.ini</Module>.. <Module>DrvCfg64.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p pack

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IRMT\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.151182495362604
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFOMdlgTnNCkeW26FWCRcVckhFdVBsSklgTnNCkeW26Fc:/QZgFOMlWnNeX6FFxkhFrBUlWnNeX6Fc
                                                                                                                                    MD5:EA3B1E5C28F94DD04A6040FEBB0C882E
                                                                                                                                    SHA1:78C801F25C425025A96014131F71CAAB0928C39A
                                                                                                                                    SHA-256:19B4F846F1D4DA3EBF21B8D0F8FAEBEA63F1A321EF509AD227D5F1E56532359F
                                                                                                                                    SHA-512:91BFEAF98810B0659A9D3BBDE8D27236F46DDF2495BBEDD9574479AAEEEBA055E0BB2427D9BAAF72C833D20D3CE56F616FD8DC12EE7DD4C226A7567EAA8D4C72
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103821..data = {B4F304A6-B23E-4AA5-9717-74561257FE12}..pkgtype = APAC....[Version]..method = MSI..data = {B4F304A6-B23E-4AA5-9717-74561257FE12}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IRMT\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.151182495362604
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFOMdlgTnNCkeW26FWCRcVckhFdVBsSklgTnNCkeW26Fc:/QZgFOMlWnNeX6FFxkhFrBUlWnNeX6Fc
                                                                                                                                    MD5:EA3B1E5C28F94DD04A6040FEBB0C882E
                                                                                                                                    SHA1:78C801F25C425025A96014131F71CAAB0928C39A
                                                                                                                                    SHA-256:19B4F846F1D4DA3EBF21B8D0F8FAEBEA63F1A321EF509AD227D5F1E56532359F
                                                                                                                                    SHA-512:91BFEAF98810B0659A9D3BBDE8D27236F46DDF2495BBEDD9574479AAEEEBA055E0BB2427D9BAAF72C833D20D3CE56F616FD8DC12EE7DD4C226A7567EAA8D4C72
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103821..data = {B4F304A6-B23E-4AA5-9717-74561257FE12}..pkgtype = APAC....[Version]..method = MSI..data = {B4F304A6-B23E-4AA5-9717-74561257FE12}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IRMT\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IRSTE_Drvr\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):456
                                                                                                                                    Entropy (8bit):5.359166435232762
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtbitwCtgY+S8mE1IY1wmEm6Fsq+pG1:+eZSDuFpG1
                                                                                                                                    MD5:BCA77628DAE63181E7A327C44706C3B1
                                                                                                                                    SHA1:969068D2B5D73B1DD72E702DACE6FA48EA085450
                                                                                                                                    SHA-256:1B91D27601B407DC439F03A87B668BC346675B49E09C9C9D163FBA946A4CDB50
                                                                                                                                    SHA-512:C9B6D1EB9A59C55B32A983B70BF10F69501A9BB736913C061D48FBA75AC5808D9FA6ACF49C877A53EC055C1584842C2458BC6AF9FE4BBE1972CE0D3273C3AD97
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = MSI..PkgType = DRVR..ComponentID=100346..Data={8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}....[Version]....; Need to extract Version from below given registry path..Method = MSI..Data={8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}........; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IRSTE_Drvr\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):454
                                                                                                                                    Entropy (8bit):5.364206323108398
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtbitwCtgY+S8mE1IY1wmEm6Fsq+pG4:+eZSDuFpG4
                                                                                                                                    MD5:B5C80B61E3E5192A245BF32D18A34BD3
                                                                                                                                    SHA1:40B340F03DDC2DCF7569B70D22570AD440BC9933
                                                                                                                                    SHA-256:91631A83E39D39CDBB9C7FBB69A95F5496BDF7538516F7D0E76441D7DE55BEFC
                                                                                                                                    SHA-512:0318516D75B79BEAB9AD608461EF37B8C5BEDD5C4B6CB3BD8E109B1907842066440799324F0FABEF1C1A3AAFF95E1132F4AE36797AF3F1564BDB58637402235D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = MSI..PkgType = DRVR..ComponentID=100346..Data={8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}....[Version]....; Need to extract Version from below given registry path..Method = MSI..Data={8B313BF5-9BD5-42a3-94C1-A28AF3AA51CC}........; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IRSTE_Drvr\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IRST\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):766
                                                                                                                                    Entropy (8bit):5.576123818534628
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtbitwCtgwSj5ClXLMVjhmrC1CiLMVjhmrC12hIY1/LMVjhmrC12iFsq+pGiv:+eOSj5yIV91FIV912yWIV912ZFpGiv
                                                                                                                                    MD5:0C92486B4E3AF25C0C486464629D62AF
                                                                                                                                    SHA1:046E724921FFE0EEC24C3CCB79C5D035708F64AA
                                                                                                                                    SHA-256:EF9738F7313EBEC796A184E5F1B62E104C58522C8916A6F19213561881EDF89D
                                                                                                                                    SHA-512:7649FA947C8947131405EF15E30D272D53ADCE171239478EC330F71BB81779EF673DB2C8D0F77859711ADA1C4D838E2C4B8C05B33884B966DD8BB8CCA6D45851
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = Reg..PkgType = DRVR..ComponentID=21047..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC};DisplayName..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC};DisplayVersion......[Version]....; Need to extract Version from below given registry path..Method = MSI..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC};DisplayVersion........; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IRST\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):899
                                                                                                                                    Entropy (8bit):5.54568810018123
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+eOSj5yCtV91FCtV912yLCtV912cFpG0Xd72oOos:/xyEP1FEP1TEP1vO5es
                                                                                                                                    MD5:92D94980241D2B29B2C79AF71693E2E5
                                                                                                                                    SHA1:BEC308ABEF3C5CF20D1D797DF0B5002BBFBC6670
                                                                                                                                    SHA-256:01A9437D1B779312AC1097C5926ED64EB28C6106FAC502743206D487957877A3
                                                                                                                                    SHA-512:1EBDF054EF7115CCF472585186D1261B78C5531F3D817BBCA26DA3802DE21A43F87B35967DBEFF852D2594B6BF26E8A220255E3D097E0D1CF00C802295B21367
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = Reg..PkgType = DRVR..ComponentID=21047..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC};DisplayName..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC};DisplayVersion......[Version]....; Need to extract Version from below given registry path..Method = Reg..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC};DisplayVersion......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0..; This enty is use to Map PID of each Bluetooth to its corresponsing Device Code....[Mapping]........

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IRST\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IRST\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IRST_X5\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):458
                                                                                                                                    Entropy (8bit):5.401488334148403
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtbitwCtgY+SDFjlMAIY1DjlMT6Fsq+pGiv:+eZSDaXFpGiv
                                                                                                                                    MD5:118402A00CEDD04B9E0462211368B8C4
                                                                                                                                    SHA1:B4209966F621B91DA2D4AF81B88A05DC54BC3B47
                                                                                                                                    SHA-256:63140204A3BB715B881C5B81FBDBBAEBE2399252BD7929C5C136BBC4C0A9EB42
                                                                                                                                    SHA-512:3FE834F6200AAEE575D608C461FDABDB056B5FC6989BDCDAAFF77D83B0E964C0B49DB229029072B615CF1A8514F7B3CD4677E157A21B59D2A814777812E78050
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = MSI..PkgType = DRVR..ComponentID=100638..Data={DBEC3A35-04A8-4A70-BD7B-F42654758956}....[Version]....; Need to extract Version from below given registry path..Method = MSI..Data={DBEC3A35-04A8-4A70-BD7B-F42654758956}........; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IRST_X5\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):910
                                                                                                                                    Entropy (8bit):5.291511090138694
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt7PEB0FNavzM9oQBGAXlo+6FpGiT:XUh1A+F7ECaiTB/X2+6Ow
                                                                                                                                    MD5:9F2F9FCA68A6C3A5A47E28600177F509
                                                                                                                                    SHA1:564D7C9C6C7D9345D0F5307249EE922494C8C755
                                                                                                                                    SHA-256:44A6729315F235CA3E169E11788F393E105477EDC97441144B241A5339C3BF9C
                                                                                                                                    SHA-512:A961B9224F22B007D71D1BB3FC4907066570589EBD98E82CF061E79BB0B0CE21E2EE5CBA6135009DB2AED3662BDF4824A05C435226824CB518CA1CBD7B9F795F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = MSI..componentID=100638..Data = {DBEC3A35-04A8-4A70-BD7B-F42654758956}..PkgType = DRVR........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {DBEC3A35-04A8-4A70-BD7B-F42654758956}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0........

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IRST_X5\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IRST_X5\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IntelAMTInv

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):610
                                                                                                                                    Entropy (8bit):3.7971867827500967
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:eRxSGSGvXJhs+yg3tkOtC6h1RmAlzyzkiJ:eR4GS+1y6tDCC5lzy/J
                                                                                                                                    MD5:4BCC746F3933E62BBA7D21399B7BC951
                                                                                                                                    SHA1:31D9A80846A2F8A62FEAA63EB534DF399D8222E4
                                                                                                                                    SHA-256:2EB4BA2C75D544EEBFD7F4F24B9A7AAD121FA5B102F8CE9291BAC7D2C0C1B465
                                                                                                                                    SHA-512:8958A7829D3CC2C1552282853C9551BAEF5301B301BCDBD23C0D3A394484A3C5D1BB3124712A3D65AF801818CAA5D0DEE7CA9BA6EDC15B82A683EE4BC67F2E8C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W...6...6...6...N...6..Vx..6...@..6...@..6...@..6...N..6...6~.g6...@..6...@..6...@..6...6..6...@..6..Rich.6..................PE..L....&.].................T...................p....@..........................................................................9..........H............................r..................................@............p......\8..@....................text...*S.......T.................. ..`.rdata..d....p.......X..............@..@.data...(....`....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IntelManagementEngineInterfaceDriver\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1194
                                                                                                                                    Entropy (8bit):5.465370931179174
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLlNIVWRh3BMIVWRh3O2FNavzM9oQPNIVWRh3GFpG5:P5r85vTh1A+n9oI8Rh3BMI8Rh3O2aiTd
                                                                                                                                    MD5:57088D28004016C91C9130984E98C2D6
                                                                                                                                    SHA1:F092A58E12562EED58A3F910DCC804CA2CDEADDB
                                                                                                                                    SHA-256:7534F99F1BAF8FA5798E01781CF1E47CD08F23C6FD4072FBE93A24C4AA8C44D3
                                                                                                                                    SHA-512:F757763B4A48723B878A3F56AF97A9B36F3FB6CD52B8710D9F17CCA07EBC8C5B1F4E2E1AC09291B582EC5A6DA6DC170F2AFFFAFFEB8DAA793FF923DD3AE9CF9A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1CEAC85D-2590-4760-800F-8DE5E91F3700};DisplayVersion..ComponentID = 100950..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1CEAC85D-2590-4760-800F-8DE5E91F3700};DisplayName....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg..Data = HKEY

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IntelManagementEngineInterfaceDriver\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1194
                                                                                                                                    Entropy (8bit):5.465370931179174
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLlNIVWRh3BMIVWRh3O2FNavzM9oQPNIVWRh3GFpG5:P5r85vTh1A+n9oI8Rh3BMI8Rh3O2aiTd
                                                                                                                                    MD5:57088D28004016C91C9130984E98C2D6
                                                                                                                                    SHA1:F092A58E12562EED58A3F910DCC804CA2CDEADDB
                                                                                                                                    SHA-256:7534F99F1BAF8FA5798E01781CF1E47CD08F23C6FD4072FBE93A24C4AA8C44D3
                                                                                                                                    SHA-512:F757763B4A48723B878A3F56AF97A9B36F3FB6CD52B8710D9F17CCA07EBC8C5B1F4E2E1AC09291B582EC5A6DA6DC170F2AFFFAFFEB8DAA793FF923DD3AE9CF9A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1CEAC85D-2590-4760-800F-8DE5E91F3700};DisplayVersion..ComponentID = 100950..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1CEAC85D-2590-4760-800F-8DE5E91F3700};DisplayName....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg..Data = HKEY

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IntelManagementEngineInterfaceDriver\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IntelUSB\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):177
                                                                                                                                    Entropy (8bit):4.968841622139228
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFuEiFsxkA5WD7rLRcVBIdVBsSksxkA5WD7y:/QZgFuEiFeJO7PJrBUeJO7y
                                                                                                                                    MD5:FD59E8DDAB4E833FF9F9FB467EC9FFCD
                                                                                                                                    SHA1:B0E5C7A617B71D1F5956FD4BF891BD250761B1DB
                                                                                                                                    SHA-256:7DDC2E690A1CA124F764A3C48803EC0AD6B9BC174A6C9729BE901501FCF4379B
                                                                                                                                    SHA-512:96BC0764F542F7349413B125F60C0F7CAFC99885C8FF1980B57DD16B75EBAE44F868214B448871BB23B7874D37613CD75EB541018C419D3D8382D0721DF47135
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 100347data = {240c3ddd-c5e9-4029-9df7-95650d040cf2}..pkgtype = DRVR....[Version]..method = MSI..data = {240c3ddd-c5e9-4029-9df7-95650d040cf2}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IntelUSB\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):177
                                                                                                                                    Entropy (8bit):4.968841622139228
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFuEiFsxkA5WD7rLRcVBIdVBsSksxkA5WD7y:/QZgFuEiFeJO7PJrBUeJO7y
                                                                                                                                    MD5:FD59E8DDAB4E833FF9F9FB467EC9FFCD
                                                                                                                                    SHA1:B0E5C7A617B71D1F5956FD4BF891BD250761B1DB
                                                                                                                                    SHA-256:7DDC2E690A1CA124F764A3C48803EC0AD6B9BC174A6C9729BE901501FCF4379B
                                                                                                                                    SHA-512:96BC0764F542F7349413B125F60C0F7CAFC99885C8FF1980B57DD16B75EBAE44F868214B448871BB23B7874D37613CD75EB541018C419D3D8382D0721DF47135
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 100347data = {240c3ddd-c5e9-4029-9df7-95650d040cf2}..pkgtype = DRVR....[Version]..method = MSI..data = {240c3ddd-c5e9-4029-9df7-95650d040cf2}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\IntelUSB\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_BT\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):180
                                                                                                                                    Entropy (8bit):5.172678653599074
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFFVTcBEdaUcM8oUWdaNILLdYAcVBIdVBsSkaUcM8oUWdaNILLdYn:/QZgFv3aUc9YduI35rBUaUc9YduI3a
                                                                                                                                    MD5:888EFD6F1E47CB9D72D359E1D3552464
                                                                                                                                    SHA1:B495E156480EE1DA7D0270F5C4A8591C85238BE7
                                                                                                                                    SHA-256:D20C277E6A19A784F69597E905F0173A6397FF40DEAD8A4E6B6E05A7ACCA2D0C
                                                                                                                                    SHA-512:4A6C63264F1F27EDCC0E85CCD259ECA6168F499548899BCDE0727ED7A4ED0F01DE257E1E3AF04604FAE157021D549EEF405C9866D56E96AACB4A17694FE0BED1
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103306 ..data = {7F919294-3EFF-4138-BAEF-945F9F3CE0D8}..pkgtype = DRVR....[Version]..method = MSI..data = {7F919294-3EFF-4138-BAEF-945F9F3CE0D8}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_BT\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):182
                                                                                                                                    Entropy (8bit):5.164332828564252
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFFVTcBEdaUcM8oUWdaNILLdYAcVBIdVBsSkaUcM8oUWdaNILLdYy:/QZgFv3aUc9YduI35rBUaUc9YduI3T
                                                                                                                                    MD5:6045841064CD14DA96D05E8206E1983A
                                                                                                                                    SHA1:F871B955051EEE5F8273A81167973AFD696AE95A
                                                                                                                                    SHA-256:8709CF89E363242BFFC8C196E3BEC6482E9BFB96CC0F98651169D1A8FA8CDCA2
                                                                                                                                    SHA-512:C74015A9533D269F662C51BEDD82D9D8E2D3FA2FE706889B17D454C8953B36E59A04766A1CB08886FD7F78C0BA675FD127D1D4F34BA8EB9F2D0ECA565512EA1B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103306 ..data = {7F919294-3EFF-4138-BAEF-945F9F3CE0D8}..pkgtype = DRVR....[Version]..method = MSI..data = {7F919294-3EFF-4138-BAEF-945F9F3CE0D8}..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_BT\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_ECD\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):906
                                                                                                                                    Entropy (8bit):5.282225588450222
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLto8H2FNavzM9oQBGAXlo+xFpGiv:XUh1A+FT2aiTB/X2+xOM
                                                                                                                                    MD5:7E69D1363CBD7AE8DAA9560D85CBC7B5
                                                                                                                                    SHA1:6D49CB5CB3322B199D3AC7619E18A083E4EF455C
                                                                                                                                    SHA-256:590C9133091451CA224739B4C48A634A7368FB3ACB1287322FEDABA06F36EB0D
                                                                                                                                    SHA-512:1C0FFC987BCE9FAF215B8250C3FA402D384A87637EB2338EECA4ADC9F3024B17B1E1FA7BE5BBDE66905CDCDE0793E25ED691539E8EA6CE086C50D1EB9190637E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {6446EFBE-4B02-4117-9478-57CC166BF07E}..PkgType = APAC..ComponentID=100967......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {6446EFBE-4B02-4117-9478-57CC166BF07E}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_ECD\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):906
                                                                                                                                    Entropy (8bit):5.282225588450222
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLto8H2FNavzM9oQBGAXlo+xFpGiv:XUh1A+FT2aiTB/X2+xOM
                                                                                                                                    MD5:7E69D1363CBD7AE8DAA9560D85CBC7B5
                                                                                                                                    SHA1:6D49CB5CB3322B199D3AC7619E18A083E4EF455C
                                                                                                                                    SHA-256:590C9133091451CA224739B4C48A634A7368FB3ACB1287322FEDABA06F36EB0D
                                                                                                                                    SHA-512:1C0FFC987BCE9FAF215B8250C3FA402D384A87637EB2338EECA4ADC9F3024B17B1E1FA7BE5BBDE66905CDCDE0793E25ED691539E8EA6CE086C50D1EB9190637E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {6446EFBE-4B02-4117-9478-57CC166BF07E}..PkgType = APAC..ComponentID=100967......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {6446EFBE-4B02-4117-9478-57CC166BF07E}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_ECD\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_GACS\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):213
                                                                                                                                    Entropy (8bit):5.168831920560967
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9ZCbvcRFYGgRyV1gF8kOWV/AWvcRFYGgRyVy:Cx+b0Mhey8a70Mhey
                                                                                                                                    MD5:30B8ED439CCEBDB4DDBE4EDC0E42AF84
                                                                                                                                    SHA1:FDEF7A7BF29B62EB7F9C8AF0813F3AE9DFA2D682
                                                                                                                                    SHA-256:CD5202990D57B973BA21715703E9075AA5F67CC899653C9B5C04613EADA4C310
                                                                                                                                    SHA-512:3A38084C4380AE3CF79C87B52FEE79E8ACD78111F24ADB587D9048B7616AE7FEFEB4D22219179B89FE3D40D45C956E1EB637C11B6FCF233B02381BD5715FE69C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File.. ..[Scan]....Method = MSI..Data = {B6EBD03F-005E-4DA7-A9AC-4DFFDC4E7B40}..PkgType = APAC..ComponentID=10133505......[Version]....Method = MSI..Data = {B6EBD03F-005E-4DA7-A9AC-4DFFDC4E7B40}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_GACS\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):213
                                                                                                                                    Entropy (8bit):5.168831920560967
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9ZCbvcRFYGgRyV1gF8kOWV/AWvcRFYGgRyVy:Cx+b0Mhey8a70Mhey
                                                                                                                                    MD5:30B8ED439CCEBDB4DDBE4EDC0E42AF84
                                                                                                                                    SHA1:FDEF7A7BF29B62EB7F9C8AF0813F3AE9DFA2D682
                                                                                                                                    SHA-256:CD5202990D57B973BA21715703E9075AA5F67CC899653C9B5C04613EADA4C310
                                                                                                                                    SHA-512:3A38084C4380AE3CF79C87B52FEE79E8ACD78111F24ADB587D9048B7616AE7FEFEB4D22219179B89FE3D40D45C956E1EB637C11B6FCF233B02381BD5715FE69C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File.. ..[Scan]....Method = MSI..Data = {B6EBD03F-005E-4DA7-A9AC-4DFFDC4E7B40}..PkgType = APAC..ComponentID=10133505......[Version]....Method = MSI..Data = {B6EBD03F-005E-4DA7-A9AC-4DFFDC4E7B40}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_GACS\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_HHHL\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):452
                                                                                                                                    Entropy (8bit):5.371657583907161
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9at3qeit3qBCt3QmRqFSTVnL4dFiFEQjY1vm4dFUhytYXFsCp+pot5:CxAtbitwCtgY+S9Md1IY1vdmFFsq+pG5
                                                                                                                                    MD5:74CFEDAB5374B8F4FB37A352F6351297
                                                                                                                                    SHA1:0F0CE57297ED22A75894799FF51CB50CF08D7BCA
                                                                                                                                    SHA-256:A45A999BDA0C8B5CBE22F809D774E200F5005E40FA75933227FE74016795166A
                                                                                                                                    SHA-512:0AE163FB0C345ECFF23A1981B1C047B589DF5DEAA6EA872116F1910533789CCE8EF688DA27C408DE6ED5D4D201F38B23C613AAE857818D29413595770B1FED87
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = MSI..PkgType = DRVR..ComponentID=107621..Data={8CD980B8-2D1B-4444-BB80-9F44A6027623}....[Version]....; Need to extract Version from below given registry path..Method = MSI..Data={8CD980B8-2D1B-4444-BB80-9F44A6027623}......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_HHHL\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):442
                                                                                                                                    Entropy (8bit):5.36940061266379
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAt7iteAYCtgY+S9Md1IY1vdmFFsq+pG5:+o/S2d+IdFFpG5
                                                                                                                                    MD5:0BD9BD40722E9FDEBA9F8B725438BDB0
                                                                                                                                    SHA1:F2A4D12228A9B88EFF471D98C7892E83E973CCDE
                                                                                                                                    SHA-256:D1CB9E8EDEB6A314EC3C6B901FE498F8C0095B3353BFA43C48B11FC2F866D961
                                                                                                                                    SHA-512:B5A8857E85191E7AAF3060770D61869E2721FCD17973749023E9C06ABA59CF0540A403BA2079334EE67D1BB7D2F489257199EF901A41C468B46BE4F07EAE0D7F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = MSI..PkgType = DRVR..ComponentID=107621..Data={8CD980B8-2D1B-4444-BB80-9F44A6027623}....[Version]....; Need to extract Version from below given registry path..Method = MSI..Data={8CD980B8-2D1B-4444-BB80-9F44A6027623}......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_HHHL\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2077
                                                                                                                                    Entropy (8bit):4.799847969143038
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9z6:IQ8Ihhz+KLtzM/aI3yoLtFQLtp
                                                                                                                                    MD5:3BC9419638E6EFCB11D31B43BA9F9F09
                                                                                                                                    SHA1:CD3FA5CBA7F739826218E8AD534D6C4B7AD10BB5
                                                                                                                                    SHA-256:1EAD51F375114ADFD0DFEF0DFD488F637F86F752B9F0242D4FE0B4BB7F1F512F
                                                                                                                                    SHA-512:C4A5AC923CD319E182E914E4B254C9E19AD8ADA8AE56DB4DD332CFEBC51EB3BBAF8EE124CD0F40C9F3732303616D1A13189AE27BDE54D44B46E14A33313B9160
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_HHHL\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):70
                                                                                                                                    Entropy (8bit):4.2087931853361935
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKx:WT0VJMww2YWFQQ
                                                                                                                                    MD5:704F986146BF214E6169E0FE37B27D4D
                                                                                                                                    SHA1:96F03946DBFDB2D45969878638C6D34679B52606
                                                                                                                                    SHA-256:171AE64DD5A99DC735E17BA9B0B5E74727ED563DCB63C5548C665313194A5A76
                                                                                                                                    SHA-512:53B35F883C9CE5C85CD33B7AD165D39218C8F59811EC3EB33085CA6859F4BD1D59F2FB6098CA51FE852B8970750E8DA8BCD73E5F60823768F4B88AD0E0404D4C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_Imaging\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):428
                                                                                                                                    Entropy (8bit):5.406321386705241
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pA0ts8b1ASp/0ts8b6Fsq+pG5:+C5r85vSFASpuFpG5
                                                                                                                                    MD5:BE178AB6466F3B41D41874A6B5C120AE
                                                                                                                                    SHA1:102447840AD2731B42B3C8F87EDB6D805732F6B2
                                                                                                                                    SHA-256:343258991EB00946135BDB374A07DFBC1559993E6324101D7D94C373B17EE06B
                                                                                                                                    SHA-512:9A9B5CDFE8813D17E5C0C819E5160E42437D3DE110B6A5ADA560D464E24503EEE3B9D45C9C82AC8415EAAAB2E5706B1F91E71AF0F6AD0F7A2987F5F8B1EBBEB9
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]......Method = MSI..Data = {FAAD1F64-E239-45A9-B521-CBD65BB84860}..PkgType = DRVR..ComponentID=104513......[Version]....Method = MSI..Data = {FAAD1F64-E239-45A9-B521-CBD65BB84860}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_Imaging\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):428
                                                                                                                                    Entropy (8bit):5.406321386705241
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pA0ts8b1ASp/0ts8b6Fsq+pG5:+C5r85vSFASpuFpG5
                                                                                                                                    MD5:BE178AB6466F3B41D41874A6B5C120AE
                                                                                                                                    SHA1:102447840AD2731B42B3C8F87EDB6D805732F6B2
                                                                                                                                    SHA-256:343258991EB00946135BDB374A07DFBC1559993E6324101D7D94C373B17EE06B
                                                                                                                                    SHA-512:9A9B5CDFE8813D17E5C0C819E5160E42437D3DE110B6A5ADA560D464E24503EEE3B9D45C9C82AC8415EAAAB2E5706B1F91E71AF0F6AD0F7A2987F5F8B1EBBEB9
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]......Method = MSI..Data = {FAAD1F64-E239-45A9-B521-CBD65BB84860}..PkgType = DRVR..ComponentID=104513......[Version]....Method = MSI..Data = {FAAD1F64-E239-45A9-B521-CBD65BB84860}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_Imaging\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_Imaging\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_LOM\IntelLOM_Inv.vbs

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with very long lines (411), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):13990
                                                                                                                                    Entropy (8bit):5.907205990489453
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:RjCPVEq9qCT7x5crvdLQQrctB2cbUuZP8TDydpIZqBCKjQ:AVES7xyDJQQpgUyUTDydpExKM
                                                                                                                                    MD5:8F06CA8769AA50E7F5B5FE21A62916F5
                                                                                                                                    SHA1:41AD91A72243674AB40816BC4E600C490F9D832A
                                                                                                                                    SHA-256:7A59B94186C84C05134B26529C5FB22DC32D872DB210D708298C80C55825E662
                                                                                                                                    SHA-512:A2A1D501B3A70D5F77ACED826C41D96CE7E7AE5A3FEBE7CBF4F61C6A93259D99C5821042B7DBDE75B9D5741F2D2149F02B17E47A43761A86CEE3CA3687FEB631
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:' Global Declarations..Option Explicit..On Error Resume Next....Dim strDisplayName, strVersion, strComponentID..Dim status, LogName....Dim WshShell, theArgs..Set WshShell = WScript.CreateObject("WScript.Shell")....set theArgs = Wscript.Arguments..LogName = theArgs.Item(0)..' Check if installation is present..call findInstallation()..strComponentID = "11814"....If Not (strVersion <> "") Then...status = "error"..End If....' Print Output XML..call WriteXML(status)....set WshShell = Nothing....Function findInstallation()...strDisplayName = "Intel 825xx 10/100/1000 Ethernet Network Drivers"...strVersion = WshShell.RegRead("HKLM\SOFTWARE\Dell\ManageableUpdatePackage\Intel\LAN\Version\")...if Not ( strVersion <> "") then....strVersion = WshShell.RegRead("HKLM\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\Intel\LAN\Version\")...end if......End Function....' print output..Function WriteXML(status)......Dim QuoteObj, CrLfObj, XmlOpen, XmlClose, XmlData...Dim fso, log......QuoteObj = (Chr(3

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_LOM\Intel_LOM.cmd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):248
                                                                                                                                    Entropy (8bit):5.103277094386454
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:hmRe7SDCI9FzmxKaONqR3JqNmKGKa5IrHFzmxMXNqR3JqW:wU7SDNmxKnNq3JukKvdmxQNq3Jn
                                                                                                                                    MD5:EAF656150853F8A8BAD6320E75CA1BB6
                                                                                                                                    SHA1:D0928F705179D83256F3015C1A9668D406286295
                                                                                                                                    SHA-256:83587DD4A6E27F28D7625C3EFA1FBD8BC631EE66C092A149BF51AF2A442A4F22
                                                                                                                                    SHA-512:3FDE6A4140F0A9A692F863CD8CE43F0662433743B34AA82666EA625D0B4A7D9E75AFB35989F8AAC7A795F2EB03F71C61EE43510D6832061951CEBA6679BA6A14
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:@echo off..setlocal..if "%PROCESSOR_ARCHITEW6432%"=="" goto thirtytwo.. call %systemroot%\Sysnative\cscript /nologo IntelLOM_Inv.vbs %1.. endlocal..Exit....:thirtytwo.. call %systemroot%\system32\cscript /nologo IntelLOM_Inv.vbs %1....endlocal

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_LOM\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_OLED_Panel\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):186
                                                                                                                                    Entropy (8bit):5.185393984847687
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFuXV3dBjadEZbjI8hUETqoyVOvVBIdVBsSkBjadEZbjI8hUETqoSvy:/QZgFurBadElHooykcrBUBadElHooSvy
                                                                                                                                    MD5:7993550724E848A9A437BB39449CA0B6
                                                                                                                                    SHA1:30A852308A829CFC70870752A61087B535D9FCDA
                                                                                                                                    SHA-256:A6ECD8033F9478452D42B9C421D353BE3223140AD04B0AC05468BFF8DF98F5D2
                                                                                                                                    SHA-512:A5A7C938301F8FAB4EBFC9EE47621AAA89B4CD0E4C2C77AE0FDCFCC373D8C540977EECD6A76673F0960DC669C1FA26F3FC52D8BD46BD6E29B437710646DBC5B5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 105220..data = {99F3C10B-C434-49D7-AFBF-26ED195731AF} ..pkgtype = DRVR....[Version]..method = MSI..data = {99F3C10B-C434-49D7-AFBF-26ED195731AF} ....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_OLED_Panel\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):186
                                                                                                                                    Entropy (8bit):5.185393984847687
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFuXV3dBjadEZbjI8hUETqoyVOvVBIdVBsSkBjadEZbjI8hUETqoSvy:/QZgFurBadElHooykcrBUBadElHooSvy
                                                                                                                                    MD5:7993550724E848A9A437BB39449CA0B6
                                                                                                                                    SHA1:30A852308A829CFC70870752A61087B535D9FCDA
                                                                                                                                    SHA-256:A6ECD8033F9478452D42B9C421D353BE3223140AD04B0AC05468BFF8DF98F5D2
                                                                                                                                    SHA-512:A5A7C938301F8FAB4EBFC9EE47621AAA89B4CD0E4C2C77AE0FDCFCC373D8C540977EECD6A76673F0960DC669C1FA26F3FC52D8BD46BD6E29B437710646DBC5B5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 105220..data = {99F3C10B-C434-49D7-AFBF-26ED195731AF} ..pkgtype = DRVR....[Version]..method = MSI..data = {99F3C10B-C434-49D7-AFBF-26ED195731AF} ....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_OLED_Panel\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_OTLK\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):213
                                                                                                                                    Entropy (8bit):5.176462659868676
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9ZCbvcRndDbvrqF8kOWVETAWvcRndDbvy:Cx+b01dDLy8b01dDLy
                                                                                                                                    MD5:0A2A6FB3AD2FD8E35B76F79C53A87832
                                                                                                                                    SHA1:0587A4C588F4851477E789DE2821401594FCAA33
                                                                                                                                    SHA-256:48D117F4E95BA6DB563ABE00105FD3D98509188EC678A9E94225861B14B11691
                                                                                                                                    SHA-512:3660CD0465D7CBE723175DA631D48BD9B9ADF3302FF0FC43D06DB28AA0934FA7DE09B657A4E360DB3977ABE1B2ED4B0D8933B9B2B16CFA96DC1F2AA315018977
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File.. ..[Scan]....Method = MSI..Data = {EB0FA701-97CA-458C-89A3-4C4C90C5B01D}..PkgType = APAC..ComponentID=10133504......[Version]....Method = MSI..Data = {EB0FA701-97CA-458C-89A3-4C4C90C5B01D}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_OTLK\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):213
                                                                                                                                    Entropy (8bit):5.176462659868676
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9ZCbvcRndDbvrqF8kOWVETAWvcRndDbvy:Cx+b01dDLy8b01dDLy
                                                                                                                                    MD5:0A2A6FB3AD2FD8E35B76F79C53A87832
                                                                                                                                    SHA1:0587A4C588F4851477E789DE2821401594FCAA33
                                                                                                                                    SHA-256:48D117F4E95BA6DB563ABE00105FD3D98509188EC678A9E94225861B14B11691
                                                                                                                                    SHA-512:3660CD0465D7CBE723175DA631D48BD9B9ADF3302FF0FC43D06DB28AA0934FA7DE09B657A4E360DB3977ABE1B2ED4B0D8933B9B2B16CFA96DC1F2AA315018977
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File.. ..[Scan]....Method = MSI..Data = {EB0FA701-97CA-458C-89A3-4C4C90C5B01D}..PkgType = APAC..ComponentID=10133504......[Version]....Method = MSI..Data = {EB0FA701-97CA-458C-89A3-4C4C90C5B01D}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_OTLK\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_SKYPE\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):213
                                                                                                                                    Entropy (8bit):5.194800619472501
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9ZCbvc5dphYerWqF8kOWVuTAWvc5dphYertn:Cx+b0DYe6+8FX0DYeJn
                                                                                                                                    MD5:9DEE77FF8171600F9124B61E7105C146
                                                                                                                                    SHA1:3FD2FD1DD9EC1E6965736E09141FD2234EC9BF42
                                                                                                                                    SHA-256:11CC59CAB9536C95C61B2A1F69AA3C4F812673709176449DDD556D6610EF133E
                                                                                                                                    SHA-512:05A038E4890A90892C3ADD8798B693BABA12687B25E908DE320646A1A0C1E1C264AEC02125626146C54BC706F38D76E678AFA3453B7698E8F26EA0810B0867FD
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File.. ..[Scan]....Method = MSI..Data = {B414F827-8E81-4C4B-B3B6-338C06DE3A11}..PkgType = APAC..ComponentID=10133506......[Version]....Method = MSI..Data = {B414F827-8E81-4C4B-B3B6-338C06DE3A11}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_SKYPE\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):213
                                                                                                                                    Entropy (8bit):5.194800619472501
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9ZCbvc5dphYerWqF8kOWVuTAWvc5dphYertn:Cx+b0DYe6+8FX0DYeJn
                                                                                                                                    MD5:9DEE77FF8171600F9124B61E7105C146
                                                                                                                                    SHA1:3FD2FD1DD9EC1E6965736E09141FD2234EC9BF42
                                                                                                                                    SHA-256:11CC59CAB9536C95C61B2A1F69AA3C4F812673709176449DDD556D6610EF133E
                                                                                                                                    SHA-512:05A038E4890A90892C3ADD8798B693BABA12687B25E908DE320646A1A0C1E1C264AEC02125626146C54BC706F38D76E678AFA3453B7698E8F26EA0810B0867FD
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File.. ..[Scan]....Method = MSI..Data = {B414F827-8E81-4C4B-B3B6-338C06DE3A11}..PkgType = APAC..ComponentID=10133506......[Version]....Method = MSI..Data = {B414F827-8E81-4C4B-B3B6-338C06DE3A11}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_SKYPE\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_Unite_Display\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):428
                                                                                                                                    Entropy (8bit):5.395985938895138
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pA0nmILSe70nmIBFsq+pG5:+C5r85vSQILSyIYFpG5
                                                                                                                                    MD5:4F10F2FF9FC0B09F8A90165CFC56616B
                                                                                                                                    SHA1:96F81630BD1FA08733464233EDA6A4ADB9C408A3
                                                                                                                                    SHA-256:25B9BD1F1182DF55E55FBD0A00761AC60CD74A616CB8C8E5EC5EF8DAE7A403F5
                                                                                                                                    SHA-512:9045453FABB0722A2B0CA5E0247B3C46BE60B323CC0CD381E4E41F393C18619F70B0D4C8E6410CF81724C8028607AFBA69ECB36153507A6DBDAD7227A02924A6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]......Method = MSI..Data = {FC750ECE-E328-47D0-90C2-8C7A1FC599A2}..PkgType = DRVR..ComponentID=106655......[Version]....Method = MSI..Data = {FC750ECE-E328-47D0-90C2-8C7A1FC599A2}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_Unite_Display\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):428
                                                                                                                                    Entropy (8bit):5.395985938895138
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pA0nmILSe70nmIBFsq+pG5:+C5r85vSQILSyIYFpG5
                                                                                                                                    MD5:4F10F2FF9FC0B09F8A90165CFC56616B
                                                                                                                                    SHA1:96F81630BD1FA08733464233EDA6A4ADB9C408A3
                                                                                                                                    SHA-256:25B9BD1F1182DF55E55FBD0A00761AC60CD74A616CB8C8E5EC5EF8DAE7A403F5
                                                                                                                                    SHA-512:9045453FABB0722A2B0CA5E0247B3C46BE60B323CC0CD381E4E41F393C18619F70B0D4C8E6410CF81724C8028607AFBA69ECB36153507A6DBDAD7227A02924A6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]......Method = MSI..Data = {FC750ECE-E328-47D0-90C2-8C7A1FC599A2}..PkgType = DRVR..ComponentID=106655......[Version]....Method = MSI..Data = {FC750ECE-E328-47D0-90C2-8C7A1FC599A2}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_Unite_Display\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_Unite_Display\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_Wifi\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):184
                                                                                                                                    Entropy (8bit):5.141744077981717
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFFVQyCEms9k2vIc7YSQlnYS+VBIdVBsSks9k2vIc7YSQlnYr:/QZgFvQNsvvIcsSQlY8rBUsvvIcsSQls
                                                                                                                                    MD5:689016BDC9B4CD28CEAC44EA927634B1
                                                                                                                                    SHA1:21175645E6D6643FB6CAD26297FCAE576773A7E8
                                                                                                                                    SHA-256:789DB48A705D999D7F23D64B1AE4A4EE36FD08F728598243179BD88D772E3030
                                                                                                                                    SHA-512:1F54670F1452ACCF957578F1C96C1AF39A29DE52D1784E407CA09A555D79A8B42DF66B4F0AC359BD731A1E0D141D550FD69DA510E021C4F2EDB98CBA3120BB29
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103305..data = {5368D82D-CAA5-48CC-9017-5BAAAB87591B} ..pkgtype = DRVR....[Version]..method = MSI..data = {5368D82D-CAA5-48CC-9017-5BAAAB87591B}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_Wifi\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):184
                                                                                                                                    Entropy (8bit):5.141744077981717
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFFVQyCEms9k2vIc7YSQlnYS+VBIdVBsSks9k2vIc7YSQlnYr:/QZgFvQNsvvIcsSQlY8rBUsvvIcsSQls
                                                                                                                                    MD5:689016BDC9B4CD28CEAC44EA927634B1
                                                                                                                                    SHA1:21175645E6D6643FB6CAD26297FCAE576773A7E8
                                                                                                                                    SHA-256:789DB48A705D999D7F23D64B1AE4A4EE36FD08F728598243179BD88D772E3030
                                                                                                                                    SHA-512:1F54670F1452ACCF957578F1C96C1AF39A29DE52D1784E407CA09A555D79A8B42DF66B4F0AC359BD731A1E0D141D550FD69DA510E021C4F2EDB98CBA3120BB29
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103305..data = {5368D82D-CAA5-48CC-9017-5BAAAB87591B} ..pkgtype = DRVR....[Version]..method = MSI..data = {5368D82D-CAA5-48CC-9017-5BAAAB87591B}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_Wifi\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_wifi_6300\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):908
                                                                                                                                    Entropy (8bit):5.2886733847471294
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLtCZltSZFNavzM9oQBGAXlo+gZcFpGiv:XUh1A+FlaiTB/X2+7OM
                                                                                                                                    MD5:D6E358EC4FE7143746057CE79FAE5097
                                                                                                                                    SHA1:4366FDF3275DB9AB3AF2C7208885A6D82BC96C67
                                                                                                                                    SHA-256:282BCE645F9D9D5F66EB487729D12F4E9FFCAA2CCCE2279641235DF5AB6EA3A6
                                                                                                                                    SHA-512:5612F949A76E0C15B616C6734396A276C1BC7B30CA1FC20646FBF01F68429BCD15AC57E7BF2AEAF1B927DC9F27D0FA8DD939CFCC62A2E00CC2D051A3CCA5E430
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {FA026B12-71FB-4996-9B82-F64F70B06453}..PkgType = DRVR..ComponentID=103305........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {FA026B12-71FB-4996-9B82-F64F70B06453}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_wifi_6300\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):908
                                                                                                                                    Entropy (8bit):5.2886733847471294
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLtCZltSZFNavzM9oQBGAXlo+gZcFpGiv:XUh1A+FlaiTB/X2+7OM
                                                                                                                                    MD5:D6E358EC4FE7143746057CE79FAE5097
                                                                                                                                    SHA1:4366FDF3275DB9AB3AF2C7208885A6D82BC96C67
                                                                                                                                    SHA-256:282BCE645F9D9D5F66EB487729D12F4E9FFCAA2CCCE2279641235DF5AB6EA3A6
                                                                                                                                    SHA-512:5612F949A76E0C15B616C6734396A276C1BC7B30CA1FC20646FBF01F68429BCD15AC57E7BF2AEAF1B927DC9F27D0FA8DD939CFCC62A2E00CC2D051A3CCA5E430
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {FA026B12-71FB-4996-9B82-F64F70B06453}..PkgType = DRVR..ComponentID=103305........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {FA026B12-71FB-4996-9B82-F64F70B06453}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_wifi_6300\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_wifi_6300_WN7\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):908
                                                                                                                                    Entropy (8bit):5.294502872099879
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLtUNSZFNavzM9oQBGAXlo+2+FpGiv:XUh1A+FUwaiTB/X2+2+OM
                                                                                                                                    MD5:DC6F1CCF841E84A9E106451EBF7A0FEF
                                                                                                                                    SHA1:505AD0B404BFB246386C0418393F308730FC40D6
                                                                                                                                    SHA-256:976D95F30B121E3E2CCFC92E4DA18A306A21B5FA2D980FE3CC8E75EB91FCFD6B
                                                                                                                                    SHA-512:CCA18AD6B24F962F1BFD64CA7B31CC44C8EE1B5E65484D54D848DB7EFCD298D374767F17FAC018B5A70956DD7E353FA6E60B1D8E10D2E5B358D0A79BCC9A6597
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {A0F7A0B8-BBC7-4F64-9B90-8235F18134EE}..PkgType = DRVR..ComponentID=103305........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {A0F7A0B8-BBC7-4F64-9B90-8235F18134EE}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_wifi_6300_WN7\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):908
                                                                                                                                    Entropy (8bit):5.294502872099879
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLtUNSZFNavzM9oQBGAXlo+2+FpGiv:XUh1A+FUwaiTB/X2+2+OM
                                                                                                                                    MD5:DC6F1CCF841E84A9E106451EBF7A0FEF
                                                                                                                                    SHA1:505AD0B404BFB246386C0418393F308730FC40D6
                                                                                                                                    SHA-256:976D95F30B121E3E2CCFC92E4DA18A306A21B5FA2D980FE3CC8E75EB91FCFD6B
                                                                                                                                    SHA-512:CCA18AD6B24F962F1BFD64CA7B31CC44C8EE1B5E65484D54D848DB7EFCD298D374767F17FAC018B5A70956DD7E353FA6E60B1D8E10D2E5B358D0A79BCC9A6597
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {A0F7A0B8-BBC7-4F64-9B90-8235F18134EE}..PkgType = DRVR..ComponentID=103305........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {A0F7A0B8-BBC7-4F64-9B90-8235F18134EE}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Intel_wifi_6300_WN7\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Killer_WLAN_New\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2064
                                                                                                                                    Entropy (8bit):5.403861387917771
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrDraiTB/X2+hIqU8HIhuoBPO5:hGvThi+nAEBL7uhuohRTB/2PBLhuo9O5
                                                                                                                                    MD5:38D9189C9952D3574D25C62F9632FC90
                                                                                                                                    SHA1:ED4D38DFE56983203C7794F65FF7A45185BADBA1
                                                                                                                                    SHA-256:1BC1AD65309804499E8D208285F0C93B490D096828629E245A1558176A4D6940
                                                                                                                                    SHA-512:E4E0577217568747569C5BFAD0CF06E1BADACB0360EFEAA582A4CED31DF16437EE26B52AAF9BB2A5F963DD9AA7192A9761881BD9DCC0258C75AC322EB491D04A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Killer_WLAN_New\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2064
                                                                                                                                    Entropy (8bit):5.403861387917771
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrDraiTB/X2+hIqU8HIhuoBPO5:hGvThi+nAEBL7uhuohRTB/2PBLhuo9O5
                                                                                                                                    MD5:38D9189C9952D3574D25C62F9632FC90
                                                                                                                                    SHA1:ED4D38DFE56983203C7794F65FF7A45185BADBA1
                                                                                                                                    SHA-256:1BC1AD65309804499E8D208285F0C93B490D096828629E245A1558176A4D6940
                                                                                                                                    SHA-512:E4E0577217568747569C5BFAD0CF06E1BADACB0360EFEAA582A4CED31DF16437EE26B52AAF9BB2A5F963DD9AA7192A9761881BD9DCC0258C75AC322EB491D04A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Killer_WLAN_New\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Killer_WLAN_New\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Killer_wireless\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2064
                                                                                                                                    Entropy (8bit):5.398038278511713
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrDjaiTB/X2+hIqU8HIhuoB3O5:hGvThi+nAEBL7uhuo5RTB/2PBLhuoFO5
                                                                                                                                    MD5:5D364632C4F50E1E5465697CCEAF4702
                                                                                                                                    SHA1:8A21564DF11CD575FE988014B20723CE9D7DECA7
                                                                                                                                    SHA-256:F00AE96368D24FBC903F25B17192ED93E6FCF5A353BF215E3F62E983947D5360
                                                                                                                                    SHA-512:BD5EE1695EA123130AD86165EC4D57CCA27F339B9114838C3E6E8D1789D1FFD0C4A46F6C6BBB16DE85095962055CB0D988492422DF9C735385D76DD8C5CF977E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Killer_wireless\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2064
                                                                                                                                    Entropy (8bit):5.398038278511713
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrDjaiTB/X2+hIqU8HIhuoB3O5:hGvThi+nAEBL7uhuo5RTB/2PBLhuoFO5
                                                                                                                                    MD5:5D364632C4F50E1E5465697CCEAF4702
                                                                                                                                    SHA1:8A21564DF11CD575FE988014B20723CE9D7DECA7
                                                                                                                                    SHA-256:F00AE96368D24FBC903F25B17192ED93E6FCF5A353BF215E3F62E983947D5360
                                                                                                                                    SHA-512:BD5EE1695EA123130AD86165EC4D57CCA27F339B9114838C3E6E8D1789D1FFD0C4A46F6C6BBB16DE85095962055CB0D988492422DF9C735385D76DD8C5CF977E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Killer_wireless\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Killer_wireless\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Killer_wireless_1550\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2066
                                                                                                                                    Entropy (8bit):5.404949423166998
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrDcNdNaiTB/X2+hIqU8HIhuoBKNx:hGvThi+nAEBL7uhuo+bRTB/2PBLhuo0x
                                                                                                                                    MD5:C35BA5D3B83700E91323058CF2ABDAA9
                                                                                                                                    SHA1:729DA8C4A11BCBB19A233C92F4DBFE35AB1D23FD
                                                                                                                                    SHA-256:3A6AB458720575E4E2581B189B29ACA86DA1B8693B2EBE02D4C1A3BD99D6B3D3
                                                                                                                                    SHA-512:3AFE191518B2C6BC9D054F62B99965C393F196B34E79D5CAC927607DA1DB7DF28268C80FC570DBE7D388F97BE860D502B9FEDFC0FBF8438ABEB142B3E0BBA43B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Killer_wireless_1550\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2066
                                                                                                                                    Entropy (8bit):5.404949423166998
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrDcNdNaiTB/X2+hIqU8HIhuoBKNx:hGvThi+nAEBL7uhuo+bRTB/2PBLhuo0x
                                                                                                                                    MD5:C35BA5D3B83700E91323058CF2ABDAA9
                                                                                                                                    SHA1:729DA8C4A11BCBB19A233C92F4DBFE35AB1D23FD
                                                                                                                                    SHA-256:3A6AB458720575E4E2581B189B29ACA86DA1B8693B2EBE02D4C1A3BD99D6B3D3
                                                                                                                                    SHA-512:3AFE191518B2C6BC9D054F62B99965C393F196B34E79D5CAC927607DA1DB7DF28268C80FC570DBE7D388F97BE860D502B9FEDFC0FBF8438ABEB142B3E0BBA43B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Killer_wireless_1550\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Killer_wireless_1550\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Killer_wireless_E2400_E2500\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2065
                                                                                                                                    Entropy (8bit):5.404902193332215
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrDF2aiTB/X2+hIqU8HIhuoBEO5:hGvThi+nAEBL7uhuoGRTB/2PBLhuomO5
                                                                                                                                    MD5:9B835DA2A9C033AB5F98E4F6C793F956
                                                                                                                                    SHA1:44E2C80EB61F3978A2F50D54D90895BCC849643B
                                                                                                                                    SHA-256:BF517AD78AC8EC016C06B5DE74BD18F64E5CA0074EC76EC9AC3C7AB395552B22
                                                                                                                                    SHA-512:57652D4B682B2AFF6690A6DA0EF5F71820FB2F526F7A1A14B0843CB504B687BDB678EB11D9311592A26D66D221B3814E4E45D8082BDD11EF7A40E6B7DD3EA2F8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Killer_wireless_E2400_E2500\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2065
                                                                                                                                    Entropy (8bit):5.404902193332215
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrDF2aiTB/X2+hIqU8HIhuoBEO5:hGvThi+nAEBL7uhuoGRTB/2PBLhuomO5
                                                                                                                                    MD5:9B835DA2A9C033AB5F98E4F6C793F956
                                                                                                                                    SHA1:44E2C80EB61F3978A2F50D54D90895BCC849643B
                                                                                                                                    SHA-256:BF517AD78AC8EC016C06B5DE74BD18F64E5CA0074EC76EC9AC3C7AB395552B22
                                                                                                                                    SHA-512:57652D4B682B2AFF6690A6DA0EF5F71820FB2F526F7A1A14B0843CB504B687BDB678EB11D9311592A26D66D221B3814E4E45D8082BDD11EF7A40E6B7DD3EA2F8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Killer_wireless_E2400_E2500\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Killer_wireless_E2400_E2500\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Mapping.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:JSON data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):138921
                                                                                                                                    Entropy (8bit):4.623513959763617
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:ulOAfJPJFHjyWr6UlJaTXvwmlzSwwnBxy9t2S47U+:ulOiklzSwwnBxR
                                                                                                                                    MD5:E34508B68FF7ABE9973A045FC63FCD89
                                                                                                                                    SHA1:75CA8E94600C068A13D027974070BAF38FCE2CF9
                                                                                                                                    SHA-256:8A0A3892975687E0108006443B08DE9A164BFE7F3990F0A8A39036667100AC37
                                                                                                                                    SHA-512:AFC32CCB58A77FAD66C4C96DD68C828C653D28099211BA1EEC18757A53D08D45079A609C18FF7013ECFADD12075098092EA3740DA2338DA94A660AB7015DFEA1
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[5907]..PCI\VEN_10EC&DEV_0668&SUBSYS_102805D1=5907..PCI\VEN_8086&DEV_0100=5907..PCI\VEN_8086&DEV_0101=5907..PCI\VEN_8086&DEV_0150=5907..PCI\VEN_8086&DEV_0151=5907..PCI\VEN_8086&DEV_0154=5907..PCI\VEN_8086&DEV_0155=5907..PCI\VEN_8086&DEV_0158=5907..PCI\VEN_8086&DEV_0159=5907..PCI\VEN_8086&DEV_015C=5907..PCI\VEN_8086&DEV_015D=5907..PCI\VEN_8086&DEV_0806=5907..PCI\VEN_8086&DEV_0811=5907..PCI\VEN_8086&DEV_0C00=5907..PCI\VEN_8086&DEV_0C00&SUBSYS_06251028=5907..PCI\VEN_8086&DEV_0C01=5907..PCI\VEN_8086&DEV_0C01&SUBSYS_060D1028=5907..PCI\VEN_8086&DEV_0C01&SUBSYS_06251028=5907..PCI\VEN_8086&DEV_0C04=5907..PCI\VEN_8086&DEV_0C04&SUBSYS_060D1028=5907..PCI\VEN_8086&DEV_0C05=5907..PCI\VEN_8086&DEV_0C08=5907..PCI\VEN_8086&DEV_0C09=5907..PCI\VEN_8086&DEV_0C50=5907..PCI\VEN_8086&DEV_0C51=5907..PCI\VEN_8086&DEV_0C52=5907..PCI\VEN_8086&DEV_0C53=5907..PCI\VEN_8086&DEV_0C59=5907..PCI\VEN_8086&DEV_0C5A=5907..PCI\VEN_8086&DEV_0C5B=5907..PCI\VEN_8086&DEV_0C5C=5907..PCI\VEN_8086&DEV_0C5D=5907..PCI\VEN_8086&DEV

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\NETWORK_M16_9350_Q4Y15\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.218675716719191
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFIdoZ4b/MhwjjsSuIndgkBKcScVBIdVBsSk/MhwjjsSuIndgkBKwv:/QZgFIdS4b/gWPuIdgkBkrBU/gWPuIdF
                                                                                                                                    MD5:600ADB7011848618825CA880E3E9D980
                                                                                                                                    SHA1:E36C0BF5AC18AF27A49EFE6A5200F1D9A2F3BBBD
                                                                                                                                    SHA-256:9665B9034D17411247F57C07CC01B921BC81463FECDAE1EFE8B3238180A3CD13
                                                                                                                                    SHA-512:4746CE37B4F364D77A5035F28FAB747094BF9515D123F88A85AFABABE9ADFE164E41FB788F7827AEDF961CFA752D315FDA8F88CC588B2EA0A43195681C8CB3B3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104128..data = {45B733D0-6F3A-4340-AE26-B8F91399C450}..pkgtype = DRVR....[Version]..method = MSI..data = {45B733D0-6F3A-4340-AE26-B8F91399C450}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\NETWORK_M16_9350_Q4Y15\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.218675716719191
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFIdoZ4b/MhwjjsSuIndgkBKcScVBIdVBsSk/MhwjjsSuIndgkBKwv:/QZgFIdS4b/gWPuIdgkBkrBU/gWPuIdF
                                                                                                                                    MD5:600ADB7011848618825CA880E3E9D980
                                                                                                                                    SHA1:E36C0BF5AC18AF27A49EFE6A5200F1D9A2F3BBBD
                                                                                                                                    SHA-256:9665B9034D17411247F57C07CC01B921BC81463FECDAE1EFE8B3238180A3CD13
                                                                                                                                    SHA-512:4746CE37B4F364D77A5035F28FAB747094BF9515D123F88A85AFABABE9ADFE164E41FB788F7827AEDF961CFA752D315FDA8F88CC588B2EA0A43195681C8CB3B3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 104128..data = {45B733D0-6F3A-4340-AE26-B8F91399C450}..pkgtype = DRVR....[Version]..method = MSI..data = {45B733D0-6F3A-4340-AE26-B8F91399C450}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\NETWORK_M16_9350_Q4Y15\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\NIC_Broadcom_reg\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):524
                                                                                                                                    Entropy (8bit):5.391892499570653
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pfz+NLTpGOXNxYnXAmhBCaULTpGOXNuz+NLTpGOXNxYQ:+C5r85vSiNvpG4NqBBMvpG4NjNvpG4N9
                                                                                                                                    MD5:4A3F8BBFD52B5A9F310C0F0FED0AFE4D
                                                                                                                                    SHA1:70FD40F22E257FB9684B1329ABBF5EE78852340F
                                                                                                                                    SHA-256:91889ACF41C45980CCF8F65002B255ADA0BA65C63D506401032FDE70AC295C63
                                                                                                                                    SHA-512:63C3BCC81283216E05C00508A60A632CA8954B8C09C86099A53973329DEA8248C6FF9B0C24D88691F41A5C2537B10E9FA87E30C8B0E3EA7B4AC16EAE5B31F29E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Broadcom\Uinstaller\Product_Version\;..ComponentID = 23556..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Broadcom\Uinstaller\Product_Name\;....[Version]......Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Broadcom\Uinstaller\Product_Version\;......[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\NIC_Broadcom_reg\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):524
                                                                                                                                    Entropy (8bit):5.391892499570653
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pfz+NLTpGOXNxYnXAmhBCaULTpGOXNuz+NLTpGOXNxYQ:+C5r85vSiNvpG4NqBBMvpG4NjNvpG4N9
                                                                                                                                    MD5:4A3F8BBFD52B5A9F310C0F0FED0AFE4D
                                                                                                                                    SHA1:70FD40F22E257FB9684B1329ABBF5EE78852340F
                                                                                                                                    SHA-256:91889ACF41C45980CCF8F65002B255ADA0BA65C63D506401032FDE70AC295C63
                                                                                                                                    SHA-512:63C3BCC81283216E05C00508A60A632CA8954B8C09C86099A53973329DEA8248C6FF9B0C24D88691F41A5C2537B10E9FA87E30C8B0E3EA7B4AC16EAE5B31F29E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Broadcom\Uinstaller\Product_Version\;..ComponentID = 23556..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Broadcom\Uinstaller\Product_Name\;....[Version]......Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Broadcom\Uinstaller\Product_Version\;......[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\NIC_Broadcom_reg\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\NIC_Broadcom_reg\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\NTrig_MultiTouch\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1084
                                                                                                                                    Entropy (8bit):5.447184850565073
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt784NXJMIVjVqOKFNavzM9oQBGAXlo+sNXkFpGiv:XUh1A+F/XJMILqOKaiTB/X2+2XkOM
                                                                                                                                    MD5:F0C587DDFBA73240D06A887EC48AFD54
                                                                                                                                    SHA1:7D8A34EC80788AA49303C2A0513E79B854FD293C
                                                                                                                                    SHA-256:38B64DFC232344AB4D01445065DFAFD9F60C4ECB8E0171B003B235D689A0EAE6
                                                                                                                                    SHA-512:C0AC9742A35B71E3A8DF6C1586FA4B81CECD2445EF7AAFB7117C20E14DC3E0CCD5CC67C9B2E65CBEFBDB46D9A08C2D4A2A48C5DDF370F51D2DFB0B6B8CCA02A3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = REG..componentID=18588..PkgType = DRVR..Data = HKEY_LOCAL_MACHINE\SOFTWARE\ManageableUpdatePackage\N-trig\;..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18C71DD4-0147-4318-8689-AE836278FBFE};DisplayName........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\ManageableUpdatePackage\

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\NTrig_MultiTouch\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1122
                                                                                                                                    Entropy (8bit):5.474781921287581
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt784NC6JMCtVjVqONFNavzM9oQBGAXlo+sNC6kFpGiT:XUh1A+F/zJMELqONaiTB/X2+2zkOw
                                                                                                                                    MD5:9A34241E9591792EB64CF12E21D5B66E
                                                                                                                                    SHA1:9E1386C4C6F7BF097F4ADE1C994B1D5A7889514C
                                                                                                                                    SHA-256:6B1D09301B070F8384C9E3102E7F467C879D77A4744ED9343010C3713A27E7A4
                                                                                                                                    SHA-512:A73A3DFB0839EAF96BE0E8877D8A968983803925E17409E9E6DAF9B0E011FB0F677B89B2701B76FA44DDC06DD1A702BA0034F7688B375E98EFE95A8AD90AD878
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = REG..componentID=18588..PkgType = DRVR..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ManageableUpdatePackage\N-trig\;..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{18C71DD4-0147-4318-8689-AE836278FBFE};DisplayName......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wo

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\NTrig_MultiTouch\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\NTrig_MultiTouch\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Nvidia_video\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1100
                                                                                                                                    Entropy (8bit):5.372629443042243
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+KLguFpcNESHB50cNESHMSiFNavzM9oQBGAXlo+hzEqzMl5YGpcNESHBfFpG1:hd/GESHB50GESHkaiTB/X2+hIqUKkGET
                                                                                                                                    MD5:70ECB07AFA03BE296FB23C8A82708E84
                                                                                                                                    SHA1:5CD6E7C106D27EED11CDCBA6917C52797FFA81A0
                                                                                                                                    SHA-256:E6927C34411D42796533D4E71AE6BAA5620AE5D6648FAE9911625811292F370E
                                                                                                                                    SHA-512:EC25D3F0A4072A58E734C91B32222906C33A49D82B60DE30B006FBE1E8612F34A21DF5A303190B9161CE6660FA406AA7D3617DD0EA723B24CA835643D211FF7F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -k..[Regular]..1= Payload\Setup.exe -s -k..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = REG..Data = HKEY_CLASSES_ROOT\SOFTWARE\Dell\MUP\NVIDIA Corporation\Installer\DisplayDriverVersion;Version..DisplayName = HKEY_CLASSES_ROOT\SOFTWARE\Dell\MUP\NVIDIA Corporation\Installer\Display;Description..PkgType = DRVR..ComponentID=105892....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables..;eg ..;Data = %windir%\system32\dcomcnfg.exe..;if Method is MSI the Data should hold product ID like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}..;..;If Method is Reg Data should hold complete Registry path followed by semicolan and data name....Method = REG..Data = HKEY_CLASSES_ROOT\SOFTWARE\Dell\MUP\NVIDIA Corporation\Installer\Disp

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Nvidia_video\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1100
                                                                                                                                    Entropy (8bit):5.372629443042243
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+KLguFpcNESHB50cNESHMSiFNavzM9oQBGAXlo+hzEqzMl5YGpcNESHBfFpG1:hd/GESHB50GESHkaiTB/X2+hIqUKkGET
                                                                                                                                    MD5:70ECB07AFA03BE296FB23C8A82708E84
                                                                                                                                    SHA1:5CD6E7C106D27EED11CDCBA6917C52797FFA81A0
                                                                                                                                    SHA-256:E6927C34411D42796533D4E71AE6BAA5620AE5D6648FAE9911625811292F370E
                                                                                                                                    SHA-512:EC25D3F0A4072A58E734C91B32222906C33A49D82B60DE30B006FBE1E8612F34A21DF5A303190B9161CE6660FA406AA7D3617DD0EA723B24CA835643D211FF7F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -k..[Regular]..1= Payload\Setup.exe -s -k..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = REG..Data = HKEY_CLASSES_ROOT\SOFTWARE\Dell\MUP\NVIDIA Corporation\Installer\DisplayDriverVersion;Version..DisplayName = HKEY_CLASSES_ROOT\SOFTWARE\Dell\MUP\NVIDIA Corporation\Installer\Display;Description..PkgType = DRVR..ComponentID=105892....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables..;eg ..;Data = %windir%\system32\dcomcnfg.exe..;if Method is MSI the Data should hold product ID like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}..;..;If Method is Reg Data should hold complete Registry path followed by semicolan and data name....Method = REG..Data = HKEY_CLASSES_ROOT\SOFTWARE\Dell\MUP\NVIDIA Corporation\Installer\Disp

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Nvidia_video\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1488
                                                                                                                                    Entropy (8bit):4.787060074000364
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCy3Ke+KLtr3M/aI3/SP:IQ8IhhtKLtzM/aI3w
                                                                                                                                    MD5:0AD3040C519FB22EABC7EAE87F759E9B
                                                                                                                                    SHA1:AE273B890F15784FDBD2AA2D65BC40F7235DB511
                                                                                                                                    SHA-256:625151F85603FD40250D81F9AA9293E1FB56D6AEEBC7FB51265382BCBFE9A9AC
                                                                                                                                    SHA-512:BA19BA05F110AB19761042B86F6DBA8039AEAF411A185A3E03EBAB497C74C491ECB2461C0A71D766CC487EED940B8C91C22E8A0B09C746C848B58FC06E60D684
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="300">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Nvidia_video\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Nvidia_video_reg\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1056
                                                                                                                                    Entropy (8bit):5.375033438914946
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+KLguFN4kNESHBuMM4kNESHNKSRFNavzM9oQBGAXlo+hzEqzMl5YGN4kNESHBuY8:hdHvESHBfMvESHNhaiTB/X2+hIqUK8vm
                                                                                                                                    MD5:5E89A73EEE537D80E49034CED0569816
                                                                                                                                    SHA1:4AFFD90852FFBBE3A952F9CCB1E316BD129FA92D
                                                                                                                                    SHA-256:3448323EB0EB8ABC5A66FE6C6F5C07FD7397B383AE2CCA1A01F25072F136C9A0
                                                                                                                                    SHA-512:EEDAAB3614F8158D104DE62E239008BBBD1DDF7530ABA1AB29530C2CBABA202478D7B165743B9135624A03897C4366E1A8FF36B5EEDE0E09ACEE2098D9F80C6B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -k..[Regular]..1= Payload\Setup.exe -s -k..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\NVIDIA Corporation\Installer\DisplayDriverVersion\;..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\NVIDIA Corporation\Installer\Display\;..PkgType = DRVR..ComponentID=105892......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables..;eg ..;Data = %windir%\system32\dcomcnfg.exe..;if Method is MSI the Data should hold product ID like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}..;..;If Method is Reg Data should hold complete Registry path followed by semicolan and data name....Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\NVIDIA Corporation\Installer\DisplayDriverVersion\;....; Reboot = 0 - R

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Nvidia_video_reg\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1056
                                                                                                                                    Entropy (8bit):5.375033438914946
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+KLguFN4kNESHBuMM4kNESHNKSRFNavzM9oQBGAXlo+hzEqzMl5YGN4kNESHBuY8:hdHvESHBfMvESHNhaiTB/X2+hIqUK8vm
                                                                                                                                    MD5:5E89A73EEE537D80E49034CED0569816
                                                                                                                                    SHA1:4AFFD90852FFBBE3A952F9CCB1E316BD129FA92D
                                                                                                                                    SHA-256:3448323EB0EB8ABC5A66FE6C6F5C07FD7397B383AE2CCA1A01F25072F136C9A0
                                                                                                                                    SHA-512:EEDAAB3614F8158D104DE62E239008BBBD1DDF7530ABA1AB29530C2CBABA202478D7B165743B9135624A03897C4366E1A8FF36B5EEDE0E09ACEE2098D9F80C6B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -k..[Regular]..1= Payload\Setup.exe -s -k..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\NVIDIA Corporation\Installer\DisplayDriverVersion\;..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\NVIDIA Corporation\Installer\Display\;..PkgType = DRVR..ComponentID=105892......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables..;eg ..;Data = %windir%\system32\dcomcnfg.exe..;if Method is MSI the Data should hold product ID like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}..;..;If Method is Reg Data should hold complete Registry path followed by semicolan and data name....Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\NVIDIA Corporation\Installer\DisplayDriverVersion\;....; Reboot = 0 - R

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Nvidia_video_reg\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1488
                                                                                                                                    Entropy (8bit):4.787060074000364
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCy3Ke+KLtr3M/aI3/SP:IQ8IhhtKLtzM/aI3w
                                                                                                                                    MD5:0AD3040C519FB22EABC7EAE87F759E9B
                                                                                                                                    SHA1:AE273B890F15784FDBD2AA2D65BC40F7235DB511
                                                                                                                                    SHA-256:625151F85603FD40250D81F9AA9293E1FB56D6AEEBC7FB51265382BCBFE9A9AC
                                                                                                                                    SHA-512:BA19BA05F110AB19761042B86F6DBA8039AEAF411A185A3E03EBAB497C74C491ECB2461C0A71D766CC487EED940B8C91C22E8A0B09C746C848B58FC06E60D684
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="300">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Nvidia_video_reg\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\O2Micro_CardReader1_X5\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):906
                                                                                                                                    Entropy (8bit):5.276542518409068
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt7PKDJ0FNavzM9oQBGAXlo+cDyFpGiv:XUh1A+F7K6aiTB/X2+0yOM
                                                                                                                                    MD5:B23CB589F73B53A5BF98B25D8AB3522E
                                                                                                                                    SHA1:3D0334446BEAE755D3DC830DFEF48F0C67F9842D
                                                                                                                                    SHA-256:E405B607C5CD7F470D3AC9CE266A7DA752E5C3F4AD5AFEEDBEB14D87C278DE50
                                                                                                                                    SHA-512:5C3561380630F66E19E05959971521853E4471F07A1706A7E4C5DC432AA5D3EDA61E4676AE43BCAB7CD6CC17125B79B6B4ED23A2C0EA44109EF1F896F0ADED9F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = MSI..componentID=103823..Data = {374109C1-AC01-4E9B-94EC-018DA874C958}..PkgType = DRVR........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {374109C1-AC01-4E9B-94EC-018DA874C958}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\O2Micro_CardReader1_X5\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):908
                                                                                                                                    Entropy (8bit):5.275043928074568
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt7PKDJLFNavzM9oQBGAXlo+cDyFpGiT:XUh1A+F7K9aiTB/X2+0yOw
                                                                                                                                    MD5:6F4FC41A1EF68931AB758D2EA92930E3
                                                                                                                                    SHA1:7E42FF65F66748EE3A98515CE3D975F28CD41AEB
                                                                                                                                    SHA-256:F9DFDDF048C85C6A21B0062F71C84777607A5F10F2ABCB831A5BA2BA4B3DA55F
                                                                                                                                    SHA-512:67E663EDED2DEAF49FE1D383D118B99464FF8628AB343A8968ABFEBF5DC203A7F81F1488814A12DE0D065A0811248BD44205360EFE8B844A54F8EC69AF0073A0
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = MSI..componentID=103823..Data = {374109C1-AC01-4E9B-94EC-018DA874C958}..PkgType = DRVR......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {374109C1-AC01-4E9B-94EC-018DA874C958}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0........

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\O2Micro_CardReader1_X5\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\O2Micro_CardReader\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):905
                                                                                                                                    Entropy (8bit):5.276525915822161
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt7PYzRk8K0FNavzM9oQBGAXlo+wRk8ZFpGiv:XUh1A+F7Yl1aiTB/X2+6fOM
                                                                                                                                    MD5:489F0A90548A62D28139F3FCAEF1C886
                                                                                                                                    SHA1:947F167BA45C55AD55EB191D64C4BE4A8942E398
                                                                                                                                    SHA-256:D31C35DED010BABF3BBB18FC0495FB7F1BFCEB10D6033789ACDDC0BF9D411375
                                                                                                                                    SHA-512:615A312446BDEAD5393706745A6E95F12AB1C3FF50078C60FD49E01B487072762875306E4854301ACA6B96CB4B855919961E65366D50EB41CC3F87EF7A9AE113
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = MSI..componentID=27129..Data = {D1097E59-E234-4AE0-BDED-E813BC050F10}..PkgType = DRVR........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {D1097E59-E234-4AE0-BDED-E813BC050F10}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\O2Micro_CardReader\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):907
                                                                                                                                    Entropy (8bit):5.275022200473969
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt7PYzRk8KLFNavzM9oQBGAXlo+wRk8ZFpGiT:XUh1A+F7YleaiTB/X2+6fOw
                                                                                                                                    MD5:EBCCFDC6C1AD205A10102855C40D4D7F
                                                                                                                                    SHA1:83B6235EEDA6247D802B80ADB448514032C874C7
                                                                                                                                    SHA-256:AFC44081B63885AFBC0CD3BEA513824EBDCCA06A1BCDFB2A43B39E28745777B6
                                                                                                                                    SHA-512:1D182479A8764AFEB2988D7BB2D262CE8C8125A17AE1A84E2F008DCA44CCD1E905902000DAD2C39F619C717A813B756BF3363859AD7A9A6C3E9F7F91A3D1EE0A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = MSI..componentID=27129..Data = {D1097E59-E234-4AE0-BDED-E813BC050F10}..PkgType = DRVR......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {D1097E59-E234-4AE0-BDED-E813BC050F10}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0........

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\O2Micro_CardReader\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\O2Micro_CardReader\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\O2Micro_CardReader_X5\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):905
                                                                                                                                    Entropy (8bit):5.282165372706867
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt7PYh80FNavzM9oQBGAXlo+IvFpGiv:XUh1A+F7YhlaiTB/X2+IvOM
                                                                                                                                    MD5:07BE1FB077C3B419387A8B7D7C5CD993
                                                                                                                                    SHA1:4CD36CFA530A645219263424890734600D160E18
                                                                                                                                    SHA-256:BBEA921AA97DF3D2A4A504338587B0CBD302ACB6EEA0EA7FEC95AA06612A719D
                                                                                                                                    SHA-512:D761151CC26F2875725AE218D509ED26E6BBB86698968B62B8299A45FC74EBF11E4C3D9B4B23C541E9550E77FC4516689B3128F45E024B0412045F6A7A39A983
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = MSI..componentID=27129..Data = {1E9286A7-E18A-4EBE-9F0F-B8AC1C8C5798}..PkgType = DRVR........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {1E9286A7-E18A-4EBE-9F0F-B8AC1C8C5798}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\O2Micro_CardReader_X5\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):907
                                                                                                                                    Entropy (8bit):5.2806492219520935
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt7PYh8LFNavzM9oQBGAXlo+IvFpGiT:XUh1A+F7YhOaiTB/X2+IvOw
                                                                                                                                    MD5:577D8B91649853B4E9D9DD8C12713B96
                                                                                                                                    SHA1:E6C7F76B4C19A41D493AA24E4DA0EEFD88475CA9
                                                                                                                                    SHA-256:E892DCE13D4C967F30CCFC625773229AEC1037585CE5B964D633552F984268F6
                                                                                                                                    SHA-512:1614213114889149770D92AF9B2B9640C9C477F1E6B097A6ABB3BE11D0471F5B7BD4E44D5D2E8908DB127D54F0E488CBB9E8E3D4239CE54F19E7A7E32ABADCB2
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = MSI..componentID=27129..Data = {1E9286A7-E18A-4EBE-9F0F-B8AC1C8C5798}..PkgType = DRVR......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {1E9286A7-E18A-4EBE-9F0F-B8AC1C8C5798}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0........

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\O2Micro_CardReader_X5\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\OC_Controls\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):294
                                                                                                                                    Entropy (8bit):5.290059553842133
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HFWGc5XLxJhojkaWjbAmtkXLxJzMEC7vMFrqOc5XLxJh5:lGcNLVojGjkmtULsECrWcNLV5
                                                                                                                                    MD5:009A505515D4051BABD5D753751DFD11
                                                                                                                                    SHA1:6FBE9BA63B225ACA2B50C87C547A88D16348DE5B
                                                                                                                                    SHA-256:FCF5D54803C772426D6B1AC93350640DD181CCF297A4D94E57A4ED18087CD5EC
                                                                                                                                    SHA-512:49EB66BE377AEBA8827FB7E244610E67CF2208A737FAB59F6673BBCF17C57D25A1FF07BA08E075FED003EA2BE6881C162AE7F8DD411B46A351F1736B45AA0592
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 106129..data = HKEY_LOCAL_MACHINE\SOFTWARE\Alienware\OC Controls;Version..pkgtype = APAC..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Alienware\OC Controls;DisplayName....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\Alienware\OC Controls;Version

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\OC_Controls\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):298
                                                                                                                                    Entropy (8bit):5.2846886340985275
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HFWGc5XLxJhojkaWjbAmtkXLxJzMEC7vMFrqOc5XLxJhFn:lGcNLVojGjkmtULsECrWcNLVF
                                                                                                                                    MD5:AC9C6A74B27C44B7B00161513249A57A
                                                                                                                                    SHA1:3230E5124FF8CCAC44A0915B300F0333B4A365FB
                                                                                                                                    SHA-256:4513E24B711AAF963229E2C58049E4F63EF64335588F106F00B428786FA3B968
                                                                                                                                    SHA-512:771947EB2CE688BDC866E284FB634BB279272C70FB8C891EAEC13A4787A1877FF23FFDC913683128FA0F942BC8EFB992D1D4B96D8B8184C7FAF06F72E46F18E0
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 106129..data = HKEY_LOCAL_MACHINE\SOFTWARE\Alienware\OC Controls;Version..pkgtype = APAC..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Alienware\OC Controls;DisplayName....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\Alienware\OC Controls;Version....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\OC_Controls\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\OMCI\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1715
                                                                                                                                    Entropy (8bit):5.470365984750511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:o7h1A+FBCUK0HIhuoB52O2aiTB/X2+hIqU8HIhuoB79O4:Ihi+FruhuoD2pRTB/2PBLhuo59O4
                                                                                                                                    MD5:0BCB220C454E4493DF3BF63D5A95D8CA
                                                                                                                                    SHA1:E157F7DB5FB4A69D4D4DE7910441D9BB6A0CE2B2
                                                                                                                                    SHA-256:0BC809F9B63357FC5C242D1E72473F34BDD9D5DC8B1300FBEE8E50030F1FF2BC
                                                                                                                                    SHA-512:0DC10023715BD33A51D022318C9096027EB8B0539C9488B9F8BA08F2767C5CF42A61E05587F4AF4E91EE248480FE7CDB6DBC75219CCE54D3129D19E4C8EC7F63
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\setup.exe /s /v"/qn REBOOT=ReallySuppress"..[Regular]..1= Payload\setup.exe /s /v"/qn REBOOT=ReallySuppress"..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971....;..;..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;ComponentID = 15971......Method = MSI..Data = {8328B75B-B7BF-42AA-93E7-293158535969}..ComponentID = 1517......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\OMCI\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1715
                                                                                                                                    Entropy (8bit):5.470365984750511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:o7h1A+FBCUK0HIhuoB52O2aiTB/X2+hIqU8HIhuoB79O4:Ihi+FruhuoD2pRTB/2PBLhuo59O4
                                                                                                                                    MD5:0BCB220C454E4493DF3BF63D5A95D8CA
                                                                                                                                    SHA1:E157F7DB5FB4A69D4D4DE7910441D9BB6A0CE2B2
                                                                                                                                    SHA-256:0BC809F9B63357FC5C242D1E72473F34BDD9D5DC8B1300FBEE8E50030F1FF2BC
                                                                                                                                    SHA-512:0DC10023715BD33A51D022318C9096027EB8B0539C9488B9F8BA08F2767C5CF42A61E05587F4AF4E91EE248480FE7CDB6DBC75219CCE54D3129D19E4C8EC7F63
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\setup.exe /s /v"/qn REBOOT=ReallySuppress"..[Regular]..1= Payload\setup.exe /s /v"/qn REBOOT=ReallySuppress"..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971....;..;..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;ComponentID = 15971......Method = MSI..Data = {8328B75B-B7BF-42AA-93E7-293158535969}..ComponentID = 1517......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\OMCI\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\OMCI\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\OMCI_MSI\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):598
                                                                                                                                    Entropy (8bit):5.352824452583716
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAthqithlCtgpb0wPel1Wvy8CFsDqaMczkj9oQJ80wPeRFsq+pG4:+bzP8CFNavzM9oQEFpG4
                                                                                                                                    MD5:4B88AD31ACBC310D0EA47F649BB8E095
                                                                                                                                    SHA1:F6FC67861839ADBFA4C4928AE80B566A6C1A77DD
                                                                                                                                    SHA-256:D5590FDA7A054554F9749EAFE5BA0EBFADD217462D0945B2ECD92F592973C135
                                                                                                                                    SHA-512:BF25668DA2E6D55453A58873B1F9F807E3A354BC676C0CE428DBE564E36434FFB87F505206CA8B46BD6214821577CFDBFF52BD84765F95399C9FE218CACCC15A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\setup.exe /s /v"/qn REBOOT=ReallySuppress"..[Regular]..1= Payload\setup.exe /s /v"/qn REBOOT=ReallySuppress"..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]....Method = MSI..Data = {73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}..ComponentID = 1517..PkgType = APAC....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = MSI..Data = {73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\OMCI_MSI\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):598
                                                                                                                                    Entropy (8bit):5.352824452583716
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAthqithlCtgpb0wPel1Wvy8CFsDqaMczkj9oQJ80wPeRFsq+pG4:+bzP8CFNavzM9oQEFpG4
                                                                                                                                    MD5:4B88AD31ACBC310D0EA47F649BB8E095
                                                                                                                                    SHA1:F6FC67861839ADBFA4C4928AE80B566A6C1A77DD
                                                                                                                                    SHA-256:D5590FDA7A054554F9749EAFE5BA0EBFADD217462D0945B2ECD92F592973C135
                                                                                                                                    SHA-512:BF25668DA2E6D55453A58873B1F9F807E3A354BC676C0CE428DBE564E36434FFB87F505206CA8B46BD6214821577CFDBFF52BD84765F95399C9FE218CACCC15A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\setup.exe /s /v"/qn REBOOT=ReallySuppress"..[Regular]..1= Payload\setup.exe /s /v"/qn REBOOT=ReallySuppress"..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]....Method = MSI..Data = {73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}..ComponentID = 1517..PkgType = APAC....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = MSI..Data = {73F1BDB6-11E1-11D5-9DC6-00C04F2FC33B}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\OMCI_MSI\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\OMCI_MSI\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\OSINV\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):130
                                                                                                                                    Entropy (8bit):4.536164830644544
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:vuFFLMKEJcAFKbFWJ9LDbGARZNFBeKj/QAm/GAOn:vuF5MfUhWJ9S8z7HjIXuR
                                                                                                                                    MD5:DD9F9C913DC476D6A64449E4842DE944
                                                                                                                                    SHA1:42FFF2606077CEE64232101DF710A653D2357F4C
                                                                                                                                    SHA-256:93D3534EDE6A89DA26A22CCA4856C007C7804F0F90337970FE7A2E9E9F3C0C8D
                                                                                                                                    SHA-512:63971868F96D350D8988E25CEB656769BDDCDBEB586AA0ED7A3571C4C84EDCEE70753CC98FBA469B76C891B2A20A7B9A68D5B7C4E8261EDF25DB704112446FBE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<dummy>.. This is a dummy file to subsitute for PIEConfig.xml for devices which do not have.. a supported systems list..</dummy>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\OSINV\osinv.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1417776
                                                                                                                                    Entropy (8bit):6.429894128826009
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24576:/mofAWwy2a5g+F5b18z2XeDmd9R8sDWJ+n2LWDeILg7t3enxKImKzaXBwXW/Byrv:/mofAWwy2aS2baz2XeARjDVn1KIQ3en/
                                                                                                                                    MD5:36EE60051D89A9AED0A76D025221BD49
                                                                                                                                    SHA1:371119C324659BD30BAD06C97AFFF98770259880
                                                                                                                                    SHA-256:E4B80E90C92BADAC6BED8B61A37A81A2A62B7D032FA5D0E431D216179AA9793F
                                                                                                                                    SHA-512:726D1070C6FEE76B02DA77CC1107955A6F28C144BEC35CAFC9091A52393D0696F930676EF1786AE4D8FAADB5064A6312E55539C606B79CCA5ED45E30A627F8F1
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........9G..X)..X)..X)......X).....tX).. ...X).. ...X)..X(.&Z).....[Y)......X)......X).Rich.X).........PE..L...t&.].................6...L......m&.......P....@.......................... ......>...........................................T.......................0...............................................@............P...............................text....4.......6.................. ..`.rdata.......P.......:..............@..@.data........@...X...(..............@....rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\PREMIER_COLOR_FY16\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):312
                                                                                                                                    Entropy (8bit):5.353616458440707
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HFc2kc5XLx17Cx3M2MkaWjbAmtkXLx17Cx3M2YrqOc5XLx17Cx3M2f:JBcNLTc36GjkmtULTc3McNLTc3p
                                                                                                                                    MD5:652A2DDA702F0F31C545B4A9CF639AE7
                                                                                                                                    SHA1:EB9966E4F1FBF8D2DCEFF46F043E7655AD1F177A
                                                                                                                                    SHA-256:2BDCA36CF4CC172585212FCE96C3CE05F2CF33F09AE36825ADB6D33F539426E4
                                                                                                                                    SHA-512:129E6E664EB93DAC96634B4B6DC6DF4B673AFA55AAAB6F4962259A0DFB50D35C2C85BE13870FA9C61755AA3E5F892D9000D4970A2A70BF2B91D9C7DE83C8CE6F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 104526..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Portrait Displays\Version;..pkgtype = APAC..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Portrait Displays\Version;....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Portrait Displays\Version;....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\PREMIER_COLOR_FY16\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):312
                                                                                                                                    Entropy (8bit):5.353616458440707
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HFc2kc5XLx17Cx3M2MkaWjbAmtkXLx17Cx3M2YrqOc5XLx17Cx3M2f:JBcNLTc36GjkmtULTc3McNLTc3p
                                                                                                                                    MD5:652A2DDA702F0F31C545B4A9CF639AE7
                                                                                                                                    SHA1:EB9966E4F1FBF8D2DCEFF46F043E7655AD1F177A
                                                                                                                                    SHA-256:2BDCA36CF4CC172585212FCE96C3CE05F2CF33F09AE36825ADB6D33F539426E4
                                                                                                                                    SHA-512:129E6E664EB93DAC96634B4B6DC6DF4B673AFA55AAAB6F4962259A0DFB50D35C2C85BE13870FA9C61755AA3E5F892D9000D4970A2A70BF2B91D9C7DE83C8CE6F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 104526..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Portrait Displays\Version;..pkgtype = APAC..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Portrait Displays\Version;....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Portrait Displays\Version;....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\PREMIER_COLOR_FY16\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\PackageVersion.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):3466
                                                                                                                                    Entropy (8bit):4.506734893949776
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:XKd9NCN8KtUIgl4l4TB/mOmg7bMuilIXjRMAaJEeSzdHQ7SE8vdtSHSzSa0SWSQO:Xo98WKvr4o5dnAuK9VnNP
                                                                                                                                    MD5:81631D95998F88DB25DAE3F80ECC95D2
                                                                                                                                    SHA1:75F90C401B194304599DA219A9EC29DF445D451B
                                                                                                                                    SHA-256:B41D5CA461B1E2E4C7426E396A6C255509FA34FBB273807E382617D4B1D5B27F
                                                                                                                                    SHA-512:0C85E127D4147291E24CA5DD0C289FD001EEEA96D228717C4BA1858A133207BB1DB8C866B4C5832CF04DF7EBCACEB14513B4CB3598FFD2ADB8551F2DA9DF4B65
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[VersionMapping]..PCI\VEN_168C&DEV_0034&SUBSYS_20031A56=10.0.0.338_1.1.61.1297..PCI\VEN_168C&DEV_003E&SUBSYS_03101028=12.0.0.281_12.0.0.282..PCI\VEN_168C&DEV_003E&SUBSYS_15351A56=11.0.0.688_1.1.61.1297..PCI\VEN_1969&DEV_E091=9.0.0.39_1.1.61.1296..PCI\VEN_1969&DEV_E0A1=9.0.0.39_1.1.61.1296..PCI\VEN_8086&DEV_0082&SUBSYS_13218086=15.18.0.1_19.2.0.1..PCI\VEN_8086&DEV_0082&SUBSYS_13268086=15.18.0.1_19.2.0.1..PCI\VEN_8086&DEV_0082&SUBSYS_13288086=15.18.0.1_19.2.0.1..PCI\VEN_8086&DEV_0083&SUBSYS_12258086=15.11.0.9_18.40.0.9..PCI\VEN_8086&DEV_0083&SUBSYS_12268086=15.11.0.9_18.40.0.9..PCI\VEN_8086&DEV_0083&SUBSYS_13258086=15.11.0.9_18.40.0.9..PCI\VEN_8086&DEV_0083&SUBSYS_13268086=15.11.0.9_18.40.0.9..PCI\VEN_8086&DEV_0087&SUBSYS_13218086=15.11.0.9_18.40.0.9..PCI\VEN_8086&DEV_0087&SUBSYS_13268086=15.11.0.9_18.40.0.9..PCI\VEN_8086&DEV_008A&SUBSYS_53258086=15.11.0.9_18.40.0.9..PCI\VEN_8086&DEV_008A&SUBSYS_53278086=15.11.0.9_18.40.0.9..PCI\VEN_8086&DEV_0091&SUBSYS_52218086=15.17.0.1_19.2.0.1..PCI\V

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\PnP_Devices\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):3695
                                                                                                                                    Entropy (8bit):4.684382508965686
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:9YOesiqBYeXR1+FU7KZYaj39Iv21ErCRZY/GFUnAByDctuf4woiEr6JIvQ1yk3kz:PJBXlz3kz
                                                                                                                                    MD5:A5F4DF9E58EC4B6CEFD2F90FE9A930A6
                                                                                                                                    SHA1:161116AE3FB430EA22DE181184B154C6628A6BDD
                                                                                                                                    SHA-256:0ADC13C2B896DA76521D1367A2F9BB5F754824F9501F31FDF6E46EA8B3C9CA2B
                                                                                                                                    SHA-512:B36D2DBFF31C8AD19E235513D76617CBF7C5876992D44045B7A4C1CB7BF5130DDF08365B636668539325276E242011E099D6E5D4915E1E82F4E10980E41426C7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = PNP..PkgType = DRVR....[Version]......Method = PCI........; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map PID of each Bluetooth to its corresponsing Device Code....[Mapping]..;Alps Touchpad..10EC_0280=100352..10EC_0292=100352..10EC_0293=100352..10EC_0255=100352..10EC_0295=100352..10EC_0298=100352..10EC_0299=100352..10EC_0288=100352..10EC_0899=100352..413C_8143=100358..8087_07DC=103306 ..0CF3_817A=100594..NXP_5442=100650..0271_0419=100670..DLAB_3002=100670..8087_07DA=100863..413C_81A3=100919..413C_81A4=100920..413C_81A8=100921..413C_81A9=100922..DELL_ABCE=100925..138A_003F=101161..138A_0091=105990..INT_33D6=101262..0271_0418=101270..0403_6014=105146..0CF3_E005=101698..0424_7500=101717..0403_6001=101829..0403_7BE8=101829..0403_6010=101829..0483_91D1=101830..IEI_0003=101831..0BD

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\PnP_Devices\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):3695
                                                                                                                                    Entropy (8bit):4.684382508965686
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:9YOesiqBYeXR1+FU7KZYaj39Iv21ErCRZY/GFUnAByDctuf4woiEr6JIvQ1yk3kz:PJBXlz3kz
                                                                                                                                    MD5:A5F4DF9E58EC4B6CEFD2F90FE9A930A6
                                                                                                                                    SHA1:161116AE3FB430EA22DE181184B154C6628A6BDD
                                                                                                                                    SHA-256:0ADC13C2B896DA76521D1367A2F9BB5F754824F9501F31FDF6E46EA8B3C9CA2B
                                                                                                                                    SHA-512:B36D2DBFF31C8AD19E235513D76617CBF7C5876992D44045B7A4C1CB7BF5130DDF08365B636668539325276E242011E099D6E5D4915E1E82F4E10980E41426C7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = PNP..PkgType = DRVR....[Version]......Method = PCI........; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map PID of each Bluetooth to its corresponsing Device Code....[Mapping]..;Alps Touchpad..10EC_0280=100352..10EC_0292=100352..10EC_0293=100352..10EC_0255=100352..10EC_0295=100352..10EC_0298=100352..10EC_0299=100352..10EC_0288=100352..10EC_0899=100352..413C_8143=100358..8087_07DC=103306 ..0CF3_817A=100594..NXP_5442=100650..0271_0419=100670..DLAB_3002=100670..8087_07DA=100863..413C_81A3=100919..413C_81A4=100920..413C_81A8=100921..413C_81A9=100922..DELL_ABCE=100925..138A_003F=101161..138A_0091=105990..INT_33D6=101262..0271_0418=101270..0403_6014=105146..0CF3_E005=101698..0424_7500=101717..0403_6001=101829..0403_7BE8=101829..0403_6010=101829..0483_91D1=101830..IEI_0003=101831..0BD

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\PnP_Devices\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\PnP_Devices\pnpDevices.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):24938
                                                                                                                                    Entropy (8bit):4.816789168338478
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:EbWI3qtw6yqb24ABlcMdrI8aApVn65qj8UVb1YHNFsycQ1lqCzxeoX9XzXAX/XYX:7kVqj
                                                                                                                                    MD5:B3C76CC091D8D8A4670720632D5F9205
                                                                                                                                    SHA1:C7F454EE5B0819C5E93BE1A9ADD05323039D76F7
                                                                                                                                    SHA-256:5578E48EAA2D33DA3A286CA73CC1FA018B66625108EB00EF7A101F207F3A4114
                                                                                                                                    SHA-512:94CAC54CED98BC8DC49EAB23F5A2C770A4B07971B8C3C2D1EA47AECC6D4A8C50C104C11E821F282865C21F5AE0C3E4CB5B461F66B68F0854D62874518DD7A381
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<?xml version="1.0" encoding="utf-8"?>..<PnPDevices>...<PnPDevice ComponentID="100352">....<DevInfo>.....<pnpidstring>......<ACPIID>10EC</ACPIID>......<PnPProductID>0280</PnPProductID>.....</pnpidstring>....</DevInfo>....<DevInfo>.....<pnpidstring>......<ACPIID>10EC</ACPIID>......<PnPProductID>0292</PnPProductID>.....</pnpidstring>....</DevInfo>....<DevInfo>.....<pnpidstring>......<ACPIID>10EC</ACPIID>......<PnPProductID>0293</PnPProductID>.....</pnpidstring>....</DevInfo>....<DevInfo>.....<pnpidstring>......<ACPIID>10EC</ACPIID>......<PnPProductID>0255</PnPProductID>.....</pnpidstring>....</DevInfo>.... BITS342756 fixed-->.... <DevInfo>.....<pnpidstring>......<ACPIID>10EC</ACPIID>......<PnPProductID>0256</PnPProductID>.....</pnpidstring>....</DevInfo -->....<DevInfo>.....<pnpidstring>......<ACPIID>10EC</ACPIID>......<PnPProductID>0295</PnPProductID>.....</pnpidstring>....</DevInfo>....<DevInfo>.....<pnpidstring>......<ACPIID>10EC</ACPIID>......<PnPProductID>0298</PnPProductID>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\PnP_Devices\pnpDevicesList.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2845
                                                                                                                                    Entropy (8bit):4.814264154186837
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:ErNEI8vCehl6LnS+1GWWQqHyQ/ry/dPQVLUl:ErND80Sv/mdoq
                                                                                                                                    MD5:8C5EBDB3AD7BEC0DCCF2735D2B290619
                                                                                                                                    SHA1:5A3B9083A97D3B694C580F87D03EDFD3374944C8
                                                                                                                                    SHA-256:369B0F0506EA4D878030ABD33674A59A95655E81E57235F35D284098E6C4C42D
                                                                                                                                    SHA-512:B59111F85103965A94B0597F73E3FE67C4594684692B42C12EEC19E5750D56D609C721121E83A8FC0037ED13C53C48A3DA69A400597E8D64F281A5554F4FE2A5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:PnP=ACPI\VEN_NXP&DEV_5442..CompID=100650..PnP=ACPI\VEN_DELL&DEV_ABCE..CompID=100925..PnP=SD\VID_0271&PID_0418..CompID=101270..PnP=USB\VID_8087&PID_07DA..CompID=100863..PnP=USB\VID_8087&PID_07DC..CompID=100359..PnP=USB\VID_0CF3&PID_817A..CompID=100594..PnP=USB\VID_413C&PID_8143..CompID=100358..PnP=USB\VID_413C&PID_81A3..CompID=100919..PnP=USB\VID_413C&PID_81A4..CompID=100920..PnP=USB\VID_413C&PID_81A8..CompID=100921..PnP=USB\VID_413C&PID_81A9..CompID=100922..PnP=SD\VID_0271&PID_0419..CompID=100670..PnP=ACPI\VEN_DLAB&DEV_3002..CompID=100670..PnP=USB\VID_0CF3&PID_E005..CompID=101698..PnP=USB\VID_0BDA&PID_0177..CompID=101846..PnP=USB\VID_413C&PID_81A9..CompID=101684..PnP=USB\VID_413C&PID_81B1..CompID=102237..PnP=ACPI\DELLABCE..CompID=100925..PnP=PnP\ACPIID_DELL&Prod_ABCE..CompID=100925..PnP=ACPI\IEI0003..CompID=101831..PnP=ACPI\VEN_IEI&DEV_0003..CompID=101831..PnP=FTDIBUS\COMPORT&VID_0403&PID_6001..CompID=101829..PnP=FTDIBUS\COMPORT&VID_0403&PID_7BE8..CompID=101829..PnP=USB\VID_0EEF&PID_00

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\PnP_Devices\pnpdevices_inv.cmd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):230
                                                                                                                                    Entropy (8bit):5.3673424773254546
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:hGh9U1aXVvmNVQAt0HF7+nzmxMXNVQAt0HF7yrhn:498eVvmNVbwlYzmxQNVbwlyrh
                                                                                                                                    MD5:858B540E00E5AC1212CBAD9A786CE2F7
                                                                                                                                    SHA1:56BFEA5FAF5B6B3BFB83FF59450B0ED218F9A806
                                                                                                                                    SHA-256:7029CAD7D1C8DC39EE4723ACD6979BE73718D5621EBB5E5D67A9868610690A0A
                                                                                                                                    SHA-512:2C3EA33A50D854AA830902229A225C5F9EDE075D717D17B03F81933A2D97252A41143A5592C70FECA67687E2379331BD0AC1216CF9E8CA2D60ABBDBDB941795D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:@echo off..IF EXIST "%PROGRAMFILES(X86)%" (GOTO 64BIT) ELSE (GOTO 32BIT)....:64BIT..call cscript /nologo pnpdevices_inv.vbs %1..GOTO END....:32BIT..call %systemroot%\system32\cscript /nologo pnpdevices_inv.vbs %1..GOTO END....:END

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\PnP_Devices\pnpdevices_inv.vbs

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with very long lines (354), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):3598
                                                                                                                                    Entropy (8bit):5.327301709031122
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:tPZLOZ9OpT6QEPj5tToAEmMEE+rEbS9PNDk56AWYiwcBxv:pI9nDMEBnPNsrDiwcPv
                                                                                                                                    MD5:4031D686BE05F2510B9FA1819C590E25
                                                                                                                                    SHA1:799ED9B88C240988203C625656820E04280DCE6A
                                                                                                                                    SHA-256:795D04A283B532A796761ECB4057E570261CC8FE944822C03F01A32CC420B8F5
                                                                                                                                    SHA-512:5BE55C9C7861DEF85BAD64F273E1BAA87A4F5FF80EB7E4F5EA624C00F7ECBF1D95EA7CD7E555F296084F28FC49AD06DFA6979884941C98DCD74B0FDFE248A96E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:Option Explicit....Dim strDisplayName, strVersion, strComponentID..Dim LogName, theArgs..Dim QuoteObj, CrLfObj, XmlOpen, XmlClose, XmlData..Dim fso, log, XMLlog..Dim strComputer: strComputer = "."..Dim objWMIService..Dim PIDcnt: PIDcnt=45..Dim arrVID_PID(45), arrCompID(45) '45 - count of PID/CompID list in pnpDeviceList.ini.PLEASE check this everytime...QuoteObj = (Chr(34))..CrLfObj = (Chr(13)) & (Chr(10))......' set the output file name as passed in cmdline..set theArgs = Wscript.Arguments..LogName = theArgs.Item(0)....Function ReadINIfile()...Dim count: count=0...Dim arrCount: arrCount=0....Dim spltstr: spltstr=""......Dim objFSO,INIFile,strLine.....Set objFSO = CreateObject("Scripting.FileSystemObject")....If objFSO.FileExists("pnpDevicesList.ini") Then.....Set INIFile = objFSO.OpenTextFile("pnpDevicesList.ini", 1).....Do Until INIFile.AtEndOfStream......strLine = INIFile.ReadLine ..........count=count+1......'Wscript.Echo arrCount & " : " & count & " " & strLine ......if count=

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\PowerManager\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):907
                                                                                                                                    Entropy (8bit):5.256557656003416
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt3848JZFNavzM9oQBGAXlo+98CcFpGiv:XUh1A+FMtZaiTB/X2+ODOM
                                                                                                                                    MD5:18E5C4CEEC6611E4A016F90265EF6846
                                                                                                                                    SHA1:58BD2ABC2E2A1C9F2CD2C45FCF6C97FC8F4F21B7
                                                                                                                                    SHA-256:09BCA07D9298E89C119F14A60195043D4D701D241427D0C65038239E4C546BFF
                                                                                                                                    SHA-512:1A50DC97E5826E2C9CCB2B76469A8B2987FC9C0C7B77B38AE3C60746E398E68164191C8445E6DA560A4DA1883246612EA1CB8258D42B2115402C2AF14D61A7F7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {C9A3C20C-D935-4DA5-B67C-D51F01945D70}..PkgType = APAC..ComponentID=27394........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {C9A3C20C-D935-4DA5-B67C-D51F01945D70}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\PowerManager\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):907
                                                                                                                                    Entropy (8bit):5.256557656003416
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt3848JZFNavzM9oQBGAXlo+98CcFpGiv:XUh1A+FMtZaiTB/X2+ODOM
                                                                                                                                    MD5:18E5C4CEEC6611E4A016F90265EF6846
                                                                                                                                    SHA1:58BD2ABC2E2A1C9F2CD2C45FCF6C97FC8F4F21B7
                                                                                                                                    SHA-256:09BCA07D9298E89C119F14A60195043D4D701D241427D0C65038239E4C546BFF
                                                                                                                                    SHA-512:1A50DC97E5826E2C9CCB2B76469A8B2987FC9C0C7B77B38AE3C60746E398E68164191C8445E6DA560A4DA1883246612EA1CB8258D42B2115402C2AF14D61A7F7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {C9A3C20C-D935-4DA5-B67C-D51F01945D70}..PkgType = APAC..ComponentID=27394........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {C9A3C20C-D935-4DA5-B67C-D51F01945D70}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\PowerManager\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\QLogicInstaller_Reg\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):385
                                                                                                                                    Entropy (8bit):5.396891062887846
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:Go6bcNLTLOXESH7uJkmtULTLOXESHlPLcNLTLOXESH7U+5:Go6gNv0ESH69mv0ESHl4Nv0ESHQ+5
                                                                                                                                    MD5:3C8D8DDEA8E5437C72A4004801E671E2
                                                                                                                                    SHA1:3EBD1463B3AAD3AACA53C6DEE9331DBBE1CF609C
                                                                                                                                    SHA-256:A0740814DBC9FE5B9E3A7B4C9B7F7202F9EA2D685398175941F80D5778DC18D0
                                                                                                                                    SHA-512:00EC6E2D09B45DF714E0D4F6001E32F0A34C416C75E4A10EFBE73662D94591FC3C227BB688F6B0EE76885F946392B7635735FF52433FC278F3A56A6F2C4DC205
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 16930..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\QLogicInstaller\DisplayVersion;InstallVersion..pkgtype = DRVR..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\QLogicInstaller\DisplayVersion;(Default)....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\QLogicInstaller\DisplayVersion;InstallVersion........[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\QLogicInstaller_Reg\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):385
                                                                                                                                    Entropy (8bit):5.396891062887846
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:Go6bcNLTLOXESH7uJkmtULTLOXESHlPLcNLTLOXESH7U+5:Go6gNv0ESH69mv0ESHl4Nv0ESHQ+5
                                                                                                                                    MD5:3C8D8DDEA8E5437C72A4004801E671E2
                                                                                                                                    SHA1:3EBD1463B3AAD3AACA53C6DEE9331DBBE1CF609C
                                                                                                                                    SHA-256:A0740814DBC9FE5B9E3A7B4C9B7F7202F9EA2D685398175941F80D5778DC18D0
                                                                                                                                    SHA-512:00EC6E2D09B45DF714E0D4F6001E32F0A34C416C75E4A10EFBE73662D94591FC3C227BB688F6B0EE76885F946392B7635735FF52433FC278F3A56A6F2C4DC205
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 16930..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\QLogicInstaller\DisplayVersion;InstallVersion..pkgtype = DRVR..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\QLogicInstaller\DisplayVersion;(Default)....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\QLogicInstaller\DisplayVersion;InstallVersion........[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\QLogicInstaller_Reg\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2077
                                                                                                                                    Entropy (8bit):4.799847969143038
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9z6:IQ8Ihhz+KLtzM/aI3yoLtFQLtp
                                                                                                                                    MD5:3BC9419638E6EFCB11D31B43BA9F9F09
                                                                                                                                    SHA1:CD3FA5CBA7F739826218E8AD534D6C4B7AD10BB5
                                                                                                                                    SHA-256:1EAD51F375114ADFD0DFEF0DFD488F637F86F752B9F0242D4FE0B4BB7F1F512F
                                                                                                                                    SHA-512:C4A5AC923CD319E182E914E4B254C9E19AD8ADA8AE56DB4DD332CFEBC51EB3BBAF8EE124CD0F40C9F3732303616D1A13189AE27BDE54D44B46E14A33313B9160
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\QLogicInstaller_Reg\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):70
                                                                                                                                    Entropy (8bit):4.2087931853361935
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKx:WT0VJMww2YWFQQ
                                                                                                                                    MD5:704F986146BF214E6169E0FE37B27D4D
                                                                                                                                    SHA1:96F03946DBFDB2D45969878638C6D34679B52606
                                                                                                                                    SHA-256:171AE64DD5A99DC735E17BA9B0B5E74727ED563DCB63C5548C665313194A5A76
                                                                                                                                    SHA-512:53B35F883C9CE5C85CD33B7AD165D39218C8F59811EC3EB33085CA6859F4BD1D59F2FB6098CA51FE852B8970750E8DA8BCD73E5F60823768F4B88AD0E0404D4C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RapidStart\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1222
                                                                                                                                    Entropy (8bit):5.502974054788077
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+2SFmjc1zs+TLt38/NIVLPRmyIVLPROZFNavzM9oQBGAXlo+sNIVLPR2cFpGiv:rSh1A+FaIZ5myIZ5OZaiTB/X2+2IZ5vx
                                                                                                                                    MD5:D7ECCAEBD6B18B4B6B850D609EA598C3
                                                                                                                                    SHA1:34DF7F582026E05B029B8D13187C820C5B82D372
                                                                                                                                    SHA-256:602F014FE2C2AEF9C1830337F7F81CAF9A3DAA64B04868CCB0F6237D1E14DF22
                                                                                                                                    SHA-512:F9C8A97BAA6B0FFA2B1C0FC99977B5D33173ACB11BDA5068BC75794C56E507F0F38B96975DF0B7E156B0C3A65E60563F98622483B8AD17597F6F6DA3A9FBFBF9
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn..[Regular]..1= Payload\Setup.exe /qn..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = Reg..PkgType = APAC..ComponentID = 29761..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6};DisplayVersion..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6};DisplayName..........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Met

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RapidStart\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1250
                                                                                                                                    Entropy (8bit):5.521932757383918
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+2SFmjc1zs+TLt38/NCtVLPRmyCtVLPRO2FNavzM9oQBGAXlo+sNCtVLPRGFpGiv:rSh1A+FaEZ5myEZ5O2aiTB/X2+2EZ5Gx
                                                                                                                                    MD5:FBCCF8395E38D0A56191BD406F132964
                                                                                                                                    SHA1:623E375D941B910A89EE72CE9BCD74976F4F0124
                                                                                                                                    SHA-256:1A146A97CA44AA794698CE2DA58D746723A2704EB65C42E5BED2F7EDAA655816
                                                                                                                                    SHA-512:15D8962D4CC9245402E17F0E5123387EAA6F5A0BCA5F9249BFB008F9C6CE11D59F46722FD1B330C31A568BC4049C5011462AA4D38446AB964F9C43B340CEC280
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn..[Regular]..1= Payload\Setup.exe /qn..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = Reg..PkgType = APAC..ComponentID = 29761..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6};DisplayVersion..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3D073343-CEEB-4ce7-85AC-A69A7631B5D6};DisplayName....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromenta

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RapidStart\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RapidStart\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RapidStart_msi\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):362
                                                                                                                                    Entropy (8bit):5.385486419597068
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9at3KKV5lFit3KKV5gCt3LSy+pfvcDqgxTTYcqF8kOWVLRvcDqgxTTYr:CxAtBV5ritBV5gCt7Sy+pf0Dqgt48w0W
                                                                                                                                    MD5:1C934A50A98837EBFDFDB8318468C553
                                                                                                                                    SHA1:10045F9B9C7F191A36600E052941788B2058B6DA
                                                                                                                                    SHA-256:224DEFB153E173BB6B26BC21B84B942EDA10C2AA05D9E7A929833911E5BCB4AC
                                                                                                                                    SHA-512:67C1FBAE18B450AED880C2A915C4D7A475A15E37D4D7450072CA58E3C6EE1D735FDC28CBB52337E5EA9F2DF048F4602B7A1B02329FB831809BC3FAE83559E989
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {3D073343-CEEB-4ce7-85AC-A69A7631B5D6}..PkgType = APAC..ComponentID=101340......[Version]......Method = MSI..Data = {3D073343-CEEB-4ce7-85AC-A69A7631B5D6}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RapidStart_msi\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):362
                                                                                                                                    Entropy (8bit):5.385486419597068
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9at3KKV5lFit3KKV5gCt3LSy+pfvcDqgxTTYcqF8kOWVLRvcDqgxTTYr:CxAtBV5ritBV5gCt7Sy+pf0Dqgt48w0W
                                                                                                                                    MD5:1C934A50A98837EBFDFDB8318468C553
                                                                                                                                    SHA1:10045F9B9C7F191A36600E052941788B2058B6DA
                                                                                                                                    SHA-256:224DEFB153E173BB6B26BC21B84B942EDA10C2AA05D9E7A929833911E5BCB4AC
                                                                                                                                    SHA-512:67C1FBAE18B450AED880C2A915C4D7A475A15E37D4D7450072CA58E3C6EE1D735FDC28CBB52337E5EA9F2DF048F4602B7A1B02329FB831809BC3FAE83559E989
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {3D073343-CEEB-4ce7-85AC-A69A7631B5D6}..PkgType = APAC..ComponentID=101340......[Version]......Method = MSI..Data = {3D073343-CEEB-4ce7-85AC-A69A7631B5D6}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RapidStart_msi\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RapidStart_msi\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RealTek_LAN\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):660
                                                                                                                                    Entropy (8bit):5.421757853261432
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtbitwCtgwSkClXLTpNgb7YCiLTpNgb7/hIY1mLTpNgb72Fsq+pG1:+eOSkyvpE7YFvpE7/yLvpE7lFpG1
                                                                                                                                    MD5:D850282531E875117C65E6B4863B23B1
                                                                                                                                    SHA1:B12EDF4A9DDFF7FBD9DF8E2C86456245C06515EC
                                                                                                                                    SHA-256:49F52A3D278ED1A2D449103B3D6CA8E6C7C368059688CF9D2D4FD06AB98C56B5
                                                                                                                                    SHA-512:CFE97CDFC1A3D7B30BC255CF9404B1D715A0701C91980EDBD1B4B6090BA2D50ADF922C1190CCF9A351CA16147AA61F0498E10CAF2CA19516193B7B3B7FCC15AC
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = Reg..PkgType = DRVR..ComponentID=103014..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\RTNIC_DELL_INST\Version;DisplayName..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\RTNIC_DELL_INST\Version;Version......[Version]....; Need to extract Version from below given registry path..Method = Reg..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\RTNIC_DELL_INST\Version;Version....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RealTek_LAN\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):660
                                                                                                                                    Entropy (8bit):5.421757853261432
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtbitwCtgwSkClXLTpNgb7YCiLTpNgb7/hIY1mLTpNgb72Fsq+pG1:+eOSkyvpE7YFvpE7/yLvpE7lFpG1
                                                                                                                                    MD5:D850282531E875117C65E6B4863B23B1
                                                                                                                                    SHA1:B12EDF4A9DDFF7FBD9DF8E2C86456245C06515EC
                                                                                                                                    SHA-256:49F52A3D278ED1A2D449103B3D6CA8E6C7C368059688CF9D2D4FD06AB98C56B5
                                                                                                                                    SHA-512:CFE97CDFC1A3D7B30BC255CF9404B1D715A0701C91980EDBD1B4B6090BA2D50ADF922C1190CCF9A351CA16147AA61F0498E10CAF2CA19516193B7B3B7FCC15AC
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = Reg..PkgType = DRVR..ComponentID=103014..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\RTNIC_DELL_INST\Version;DisplayName..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\RTNIC_DELL_INST\Version;Version......[Version]....; Need to extract Version from below given registry path..Method = Reg..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\RTNIC_DELL_INST\Version;Version....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RealTek_LAN\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RealtekAudio\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1111
                                                                                                                                    Entropy (8bit):5.448471159667083
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+KP9cgPwsFNavzM9oQBGAXlo+hzEqzMl52FNIVLuoBiNv0LKFpG5:QpsaiTB/X2+hIqU8HIhuoBwv0LKO5
                                                                                                                                    MD5:9EE0F7EBD650DC506532A5CB948E0844
                                                                                                                                    SHA1:8827F17EE9166A9EC06F7F6529E960CB8E5603AF
                                                                                                                                    SHA-256:AD277B060ECD9C8815B10F281D8F75C013FD11635E6730D084EFC8CDB34052B3
                                                                                                                                    SHA-512:D8D44874F2B21962BAADD1769A2A31728BA9A39968E4A18D54F3C37274A6B814FC2B0ADB7AD82C954FC3AC1273BD414DB5387243522B51E736F0A82626E1BBCA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -f2".\drvupdatesetup.log"..[Regular]..1= Payload\Setup.exe -s -f2".\drvupdatesetup.log"..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = AUDIO....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables..;eg ..;Data = %windir%\system32\dcomcnfg.exe..;if Method is MSI the Data should hold product ID like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}..;..;If Method is Reg Data should hold complete Registry path followed by semicolan and data name..;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;..;Method = MSI..;Data = {F20AEE2D-A8FC-4CB5-9BF3-8069F118D346}..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Au

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RealtekAudio\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1111
                                                                                                                                    Entropy (8bit):5.448471159667083
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+KP9cgPwsFNavzM9oQBGAXlo+hzEqzMl52FNIVLuoBiNv0LKFpG5:QpsaiTB/X2+hIqU8HIhuoBwv0LKO5
                                                                                                                                    MD5:9EE0F7EBD650DC506532A5CB948E0844
                                                                                                                                    SHA1:8827F17EE9166A9EC06F7F6529E960CB8E5603AF
                                                                                                                                    SHA-256:AD277B060ECD9C8815B10F281D8F75C013FD11635E6730D084EFC8CDB34052B3
                                                                                                                                    SHA-512:D8D44874F2B21962BAADD1769A2A31728BA9A39968E4A18D54F3C37274A6B814FC2B0ADB7AD82C954FC3AC1273BD414DB5387243522B51E736F0A82626E1BBCA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -f2".\drvupdatesetup.log"..[Regular]..1= Payload\Setup.exe -s -f2".\drvupdatesetup.log"..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = AUDIO....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables..;eg ..;Data = %windir%\system32\dcomcnfg.exe..;if Method is MSI the Data should hold product ID like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}..;..;If Method is Reg Data should hold complete Registry path followed by semicolan and data name..;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;..;Method = MSI..;Data = {F20AEE2D-A8FC-4CB5-9BF3-8069F118D346}..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\Au

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RealtekAudio\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799021601156922
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCy3Ke+KLtr3M/aI3TEK41EKLtkVKlKLtHzP:IQ8IhhtKLtzM/aI3dQLtpoLtz
                                                                                                                                    MD5:3DFD63F25EE255BD263E45B1F3B9A48B
                                                                                                                                    SHA1:45A93BA1F70849F7C023E235057BFA66381BFEFB
                                                                                                                                    SHA-256:BEED49DA3C1658CE899C2440D6FB0BBAAE08F525605BE059FC6D46FE166F47A2
                                                                                                                                    SHA-512:AE731AA9A70DD684A115F1BA0F661CFFE11DE4BD5F50559AFC61139C16FF8A11B07EE29D3DB435219D3625EFC555C73BBD9B8891106E6D8ED66BED1B5BAE973F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="300">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RealtekAudio\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RealtekAudio\supportdev.cfg

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):456
                                                                                                                                    Entropy (8bit):4.709300202897579
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:DRVKOmR0VhQIyJzczZAk2vH41HhiEHh+uo+lHGFHfdMF22a:FV9mcdyFeakAu1dGFHfW22a
                                                                                                                                    MD5:FF8598A23115C556D7E00D14E88447ED
                                                                                                                                    SHA1:859D4902054532BA6372CB569E1AF57EE935AE4F
                                                                                                                                    SHA-256:0536689E1F039A695ACDA04BAFE3CEA5E38E27897BA7801EDEA438CFD9DD6B76
                                                                                                                                    SHA-512:B2A471DC06F7529D1E05F3109D6EFA4E3B501F699226E270E3F8B76CF7C08A163C7976ACAAE64C5DE1E9C80A556DD60F7788F28553B5A563C16FCA12607DE536
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:; Semicolan is considered as comment...; So in a line if semicolan is present the whole line is considered comment..; The below entry Mode specified whether device in list needs to be included or excluded..; for exclude specify [Mode] = Exclude..; for Include specify [Mode] = Include..[AppConfig]..[Mode] = Include..; The values below provided are in Hexa decimal..[Device]..VendorID = 10EC..SubSystemVendorID = 0..DeviceID = 0269..SubSystemID = 0........

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RealtekHDAudio\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):611
                                                                                                                                    Entropy (8bit):5.357599302195662
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pbz+NLTpNguh/Lsy09BCaULTpNguh/LgCRz+NLTpNguA:+C5r85vSmNvpVlB0BMvpVlgqyNvpVlBM
                                                                                                                                    MD5:1EE6BA7C6C62F45B420342135034E0A2
                                                                                                                                    SHA1:FC0B19DF71F18E5F66F41D1D0F9BEFE6DB02CF3B
                                                                                                                                    SHA-256:A4F4622242328D653C5A3629B78A17941BD218E18BBD0CC20CB3C95B52E0F1DD
                                                                                                                                    SHA-512:E8E5A3754C68CB6DA8A7F97ADA55ECE275D0BD1133D42FD43CFF08B75546774268ADC4FD945964D0554FF0072C037DFD76A6B7ADE02B4D090B9772BA0FCA45FF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Realtek\HDAudio;Version..ComponentID = 100352..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Realtek\HDAudio;DisplayName..pkgtype = DRVR....[Version].. ..Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Realtek\HDAudio;Version....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RealtekHDAudio\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):611
                                                                                                                                    Entropy (8bit):5.357599302195662
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pbz+NLTpNguh/Lsy09BCaULTpNguh/LgCRz+NLTpNguA:+C5r85vSmNvpVlB0BMvpVlgqyNvpVlBM
                                                                                                                                    MD5:1EE6BA7C6C62F45B420342135034E0A2
                                                                                                                                    SHA1:FC0B19DF71F18E5F66F41D1D0F9BEFE6DB02CF3B
                                                                                                                                    SHA-256:A4F4622242328D653C5A3629B78A17941BD218E18BBD0CC20CB3C95B52E0F1DD
                                                                                                                                    SHA-512:E8E5A3754C68CB6DA8A7F97ADA55ECE275D0BD1133D42FD43CFF08B75546774268ADC4FD945964D0554FF0072C037DFD76A6B7ADE02B4D090B9772BA0FCA45FF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Realtek\HDAudio;Version..ComponentID = 100352..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Realtek\HDAudio;DisplayName..pkgtype = DRVR....[Version].. ..Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Realtek\HDAudio;Version....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RealtekHDAudio\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\RealtekHDAudio\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Realtek_8723DE\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):510
                                                                                                                                    Entropy (8bit):5.4246020811370075
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtZPjitZPm/Ctgg+NLT5rK/MCaULT5r3NT+S6Dz+NLT5rK/BFsq+pG1:+KLguFNv5rqMMv5r3NKS62Nv5rqYFpG1
                                                                                                                                    MD5:57035B4F98B5598A23F9949920792C1B
                                                                                                                                    SHA1:6C0B09DF4BA545BAD140E385F6696858DF897BFC
                                                                                                                                    SHA-256:CB9BDCD18489EDA9A0C161252434CCE4F0FB767F3194B37E406ADF52BF6A25E6
                                                                                                                                    SHA-512:8751E26E5DBA89DE2D56319ABE64378BCD7EA58BF0B072CE8E353AF6608B20BC0FD01631D5EDFB0377BCE3C8B4BFDB4F569D843D521046FBB1559BBA8071145B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -k..[Regular]..1= Payload\Setup.exe -s -k..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\RealtekWLAN\Version\;..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\RealtekWLAN\Display\;..PkgType = DRVR..ComponentID=108880......[Version]....Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\RealtekWLAN\Version\;....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Realtek_8723DE\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):510
                                                                                                                                    Entropy (8bit):5.4246020811370075
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtZPjitZPm/Ctgg+NLT5rK/MCaULT5r3NT+S6Dz+NLT5rK/BFsq+pG1:+KLguFNv5rqMMv5r3NKS62Nv5rqYFpG1
                                                                                                                                    MD5:57035B4F98B5598A23F9949920792C1B
                                                                                                                                    SHA1:6C0B09DF4BA545BAD140E385F6696858DF897BFC
                                                                                                                                    SHA-256:CB9BDCD18489EDA9A0C161252434CCE4F0FB767F3194B37E406ADF52BF6A25E6
                                                                                                                                    SHA-512:8751E26E5DBA89DE2D56319ABE64378BCD7EA58BF0B072CE8E353AF6608B20BC0FD01631D5EDFB0377BCE3C8B4BFDB4F569D843D521046FBB1559BBA8071145B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -k..[Regular]..1= Payload\Setup.exe -s -k..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\RealtekWLAN\Version\;..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\RealtekWLAN\Display\;..PkgType = DRVR..ComponentID=108880......[Version]....Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP\RealtekWLAN\Version\;....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Realtek_8723DE\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1488
                                                                                                                                    Entropy (8bit):4.787060074000364
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCy3Ke+KLtr3M/aI3/SP:IQ8IhhtKLtzM/aI3w
                                                                                                                                    MD5:0AD3040C519FB22EABC7EAE87F759E9B
                                                                                                                                    SHA1:AE273B890F15784FDBD2AA2D65BC40F7235DB511
                                                                                                                                    SHA-256:625151F85603FD40250D81F9AA9293E1FB56D6AEEBC7FB51265382BCBFE9A9AC
                                                                                                                                    SHA-512:BA19BA05F110AB19761042B86F6DBA8039AEAF411A185A3E03EBAB497C74C491ECB2461C0A71D766CC487EED940B8C91C22E8A0B09C746C848B58FC06E60D684
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="300">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Realtek_8723DE\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Realtek_USB_Audio_Driver_Reg\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):366
                                                                                                                                    Entropy (8bit):5.325661285341819
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HFArc5XLx1pNgudjsybJbAmtkXLx1pNgudj+BC7vMFrqOc5XLx1pNgudjsy0:PrcNLTpNguZsybJkmtULTpNguZgCrWcq
                                                                                                                                    MD5:DEA7C993C1866E47AA69CB0BF61F9979
                                                                                                                                    SHA1:615E43594A7E9702BB56E9FF71AD88E7C93380EE
                                                                                                                                    SHA-256:9D2868AD55ACF0AC2617E3B339E5C2D646F555F221859EF74FD2D34C08A1C5AE
                                                                                                                                    SHA-512:30C8E31AFC52750014F7DEEEB8F5FE1A04A34E10578A2C786FC963E5EB53EECA14335AE8533B124F0A0D78481811D82A4B1D53C1D340DEE17D68545EA2EDB67C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 103620..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Realtek\USBAudio;Version..pkgtype = DRVR..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Realtek\USBAudio;DisplayName....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Realtek\USBAudio;Version

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Realtek_USB_Audio_Driver_Reg\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):366
                                                                                                                                    Entropy (8bit):5.325661285341819
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HFArc5XLx1pNgudjsybJbAmtkXLx1pNgudj+BC7vMFrqOc5XLx1pNgudjsy0:PrcNLTpNguZsybJkmtULTpNguZgCrWcq
                                                                                                                                    MD5:DEA7C993C1866E47AA69CB0BF61F9979
                                                                                                                                    SHA1:615E43594A7E9702BB56E9FF71AD88E7C93380EE
                                                                                                                                    SHA-256:9D2868AD55ACF0AC2617E3B339E5C2D646F555F221859EF74FD2D34C08A1C5AE
                                                                                                                                    SHA-512:30C8E31AFC52750014F7DEEEB8F5FE1A04A34E10578A2C786FC963E5EB53EECA14335AE8533B124F0A0D78481811D82A4B1D53C1D340DEE17D68545EA2EDB67C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 103620..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Realtek\USBAudio;Version..pkgtype = DRVR..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Realtek\USBAudio;DisplayName....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Realtek\USBAudio;Version

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Realtek_USB_Audio_Driver_Reg\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SCSI_ODD\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):493
                                                                                                                                    Entropy (8bit):5.276723723957003
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:Cx8DWI2mKdDNIY1mLPKvEHNFsq+pGipXdKb2/zqoh47Yvn:+8DWFZqLdHcFpGipXdg2/OowC
                                                                                                                                    MD5:0C293130C9579ACEB6B184AFCFBD9D0D
                                                                                                                                    SHA1:F38C728214FFF16C7E78AA02A0B4AA4971D66DAA
                                                                                                                                    SHA-256:C93431087499FB92F363D613E2FD2972F327A8FBDE249BB1F2755E857B8D716A
                                                                                                                                    SHA-512:FB3DB124B2DEB6B69E109CEDA7F9270AC467FC045A3E156540FCA80B13CBC936966EE6C4203899789F8D33DB4A87C9A204A50538A79C3CBFFBDE62295D49C1CA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= GS20N.exe /sm..[Regular]..1= GS20N.exe /sm..[FreshInstall]..1= GS20N.exe..; ..[Scan]..Method = ODD..PkgType = FRMW....[Version]....; Need to extract Version from below given registry path..Method = Reg..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Widcomm\Install;Version......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map Product ID of each ODD to its corresponsing Device Code....[Mapping]..DVD+-RW GS20N=16913....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SCSI_ODD\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):493
                                                                                                                                    Entropy (8bit):5.276723723957003
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:Cx8DWI2mKdDNIY1mLPKvEHNFsq+pGipXdKb2/zqoh47Yvn:+8DWFZqLdHcFpGipXdg2/OowC
                                                                                                                                    MD5:0C293130C9579ACEB6B184AFCFBD9D0D
                                                                                                                                    SHA1:F38C728214FFF16C7E78AA02A0B4AA4971D66DAA
                                                                                                                                    SHA-256:C93431087499FB92F363D613E2FD2972F327A8FBDE249BB1F2755E857B8D716A
                                                                                                                                    SHA-512:FB3DB124B2DEB6B69E109CEDA7F9270AC467FC045A3E156540FCA80B13CBC936966EE6C4203899789F8D33DB4A87C9A204A50538A79C3CBFFBDE62295D49C1CA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= GS20N.exe /sm..[Regular]..1= GS20N.exe /sm..[FreshInstall]..1= GS20N.exe..; ..[Scan]..Method = ODD..PkgType = FRMW....[Version]....; Need to extract Version from below given registry path..Method = Reg..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Widcomm\Install;Version......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map Product ID of each ODD to its corresponsing Device Code....[Mapping]..DVD+-RW GS20N=16913....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SCSI_ODD\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1496
                                                                                                                                    Entropy (8bit):4.75689088692868
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgBjiMamrECtjnKeanKLtr3M/aI35SP:IQ8I1tsuLtzM/aI3S
                                                                                                                                    MD5:42ECD4A7C06BE30504BDB8D309F342E4
                                                                                                                                    SHA1:8875ECF7F43DDFCCEAA9BF3F0E938D060D209BC5
                                                                                                                                    SHA-256:E655997B64AB83D6A93311F10864F482116D465DA4D7C88992677CDD6B2B6370
                                                                                                                                    SHA-512:D97F710AEBFEB71A703CBDDDD91B87B55200BE9D7D9FF246C936C40A0F4D272434729E0DDC09DDBDC61A7E49806E78DF7171BA254B0506B590E21F91D6FFAD0F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>SCSIupdate.exe</Startfile>.. <CliToStdout>.. <Command>SCSIupdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>SCSIupdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>SCSIupdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="300">... <CopyRequired>1</CopyRequired>.. <Startfile>SCSIupdate.exe</Startfile>.. <CliToStdout>.. <Command>SCSIupdate.exe -u -p package.xml</Command>.. </CliToS

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SCSI_ODD\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SCSI_ODD\SCSIUpdate.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):258112
                                                                                                                                    Entropy (8bit):6.523325695843476
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:/lyl5gAj8McSzEA8yV+99vjyuItViwXlQ:/ej9XcyV+zjyHjiU
                                                                                                                                    MD5:F5593FDD67D8BD1FEE572BF70B4C84F7
                                                                                                                                    SHA1:DD488E834412E25781129801F3D2FFD4461D22F4
                                                                                                                                    SHA-256:0CB4CCF8F2099CCF37B748AB298BE4E1B9E4EA57276DB8805CDED7CC448B685C
                                                                                                                                    SHA-512:51A448667AA14C9C89EF7317CBD81A950675ADFBD5C2E2E583AC6FF0EE7ECDA8FC84C67E4CAE98598D95E06853D7CEA3B80FDDE8F99180989808092B2205C1D3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......KW...6.S.6.S.6.S..CS.6.S..vSN6.S..wS.6.S.NNS.6.S.6.Sb6.S..rS.6.S..@S.6.SRich.6.S........................PE..L...R.SZ............................@M............@.......................................@..................................x..x.......................@8......l....................................K..@............................................text............................... ..`.rdata..............................@..@.data....=...........l..............@....rsrc...............................@..@.reloc...-..........................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SGX_XLOB\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.163485195024601
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFOBbILIrRmQFcCrgVhFNOScVBIdVBsSkILIrRmQFcCrgVhFa:/QZgFOBbILIrRs+gV8crBUILIrRs+gV6
                                                                                                                                    MD5:46FBF1EAC8F2FA0CBDE3332714C99BBF
                                                                                                                                    SHA1:117B9E256031B84D290AAF9D955F764C71250939
                                                                                                                                    SHA-256:2D61AADCB59F4112DA866141452CD3CEF1C81B1B5F9F6AC42EDD715B2A0DDB43
                                                                                                                                    SHA-512:29ADE77D7DBE3CF4070E4C5D9E602CAA106EC07D1914BB54B6669D9B9F6199DFB03BFDD723CFD0425FA91F58397B90E00640BE3E382F5F2C36AAAD671E459A6F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103822..data = {EEE2D917-B2B7-4C7F-969B-F80491E1E0C3}..pkgtype = DRVR....[Version]..method = MSI..data = {EEE2D917-B2B7-4C7F-969B-F80491E1E0C3}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SGX_XLOB\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.163485195024601
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFOBbILIrRmQFcCrgVhFNOScVBIdVBsSkILIrRmQFcCrgVhFa:/QZgFOBbILIrRs+gV8crBUILIrRs+gV6
                                                                                                                                    MD5:46FBF1EAC8F2FA0CBDE3332714C99BBF
                                                                                                                                    SHA1:117B9E256031B84D290AAF9D955F764C71250939
                                                                                                                                    SHA-256:2D61AADCB59F4112DA866141452CD3CEF1C81B1B5F9F6AC42EDD715B2A0DDB43
                                                                                                                                    SHA-512:29ADE77D7DBE3CF4070E4C5D9E602CAA106EC07D1914BB54B6669D9B9F6199DFB03BFDD723CFD0425FA91F58397B90E00640BE3E382F5F2C36AAAD671E459A6F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103822..data = {EEE2D917-B2B7-4C7F-969B-F80491E1E0C3}..pkgtype = DRVR....[Version]..method = MSI..data = {EEE2D917-B2B7-4C7F-969B-F80491E1E0C3}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SGX_XLOB\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SWB_UTIL_INTEL_VIRTUAL_BTN\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):4.982419154246199
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFPVWSkptiD30GFWElcVckhFdVBsSkptiD30GFWEov:/QZgFtWNptgEGDFkhFrBUptgEGDov
                                                                                                                                    MD5:A72FFAFAEAA8E3D47A89D96B10A4291B
                                                                                                                                    SHA1:81EC2F38B96580A9E40A73947911E1C0166615A3
                                                                                                                                    SHA-256:09006B5735997582F13184772FC4DB2E5A50F666EBFE5EFB5DC9593DFAB56A98
                                                                                                                                    SHA-512:8FC480B1A0792A530E91B854534191C2FC599F2428E13A754A640900CE2DF99FE02B76B9584CBEB36E4B321BADD31D590BA58C8AD1467BCAA0F4568B518D509E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103903..data = {6eacf0ff-ea0f-4307-b3c6-e3cc3e752135}..pkgtype = APAC....[Version]..method = MSI..data = {6eacf0ff-ea0f-4307-b3c6-e3cc3e752135}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SWB_UTIL_INTEL_VIRTUAL_BTN\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):4.982419154246199
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFPVWSkptiD30GFWElcVckhFdVBsSkptiD30GFWEov:/QZgFtWNptgEGDFkhFrBUptgEGDov
                                                                                                                                    MD5:A72FFAFAEAA8E3D47A89D96B10A4291B
                                                                                                                                    SHA1:81EC2F38B96580A9E40A73947911E1C0166615A3
                                                                                                                                    SHA-256:09006B5735997582F13184772FC4DB2E5A50F666EBFE5EFB5DC9593DFAB56A98
                                                                                                                                    SHA-512:8FC480B1A0792A530E91B854534191C2FC599F2428E13A754A640900CE2DF99FE02B76B9584CBEB36E4B321BADD31D590BA58C8AD1467BCAA0F4568B518D509E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103903..data = {6eacf0ff-ea0f-4307-b3c6-e3cc3e752135}..pkgtype = APAC....[Version]..method = MSI..data = {6eacf0ff-ea0f-4307-b3c6-e3cc3e752135}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SWB_UTIL_INTEL_VIRTUAL_BTN\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2076
                                                                                                                                    Entropy (8bit):4.798485328856543
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCf3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8IhhiKLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:653C27298CB050249ABCE44F33A36479
                                                                                                                                    SHA1:A9112088C02A5E6C3B652D0ADF876BF8D6259571
                                                                                                                                    SHA-256:E14473C8FB694BC6377EED1116C98BD33A7ECA936E3691D12FE2D04661DA1186
                                                                                                                                    SHA-512:83434AF09F4484C9462978058FD5DFE65E713D95FBB582DBCB2160995084663C5B3FE3870A2D25C7A747F707269BDD7950674FF7D986F064562524B2E8D011CF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600" >... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SW_APP_LRN-CTR_V2_0_WEB\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.136689172579025
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFPUg4bseDDTgLdSrtKyVjcVckhFdVBsSkseDDTgLdSrtKyyn:/QZgFP4bNDDTgpEtKyVjkhFrBUNDDTgt
                                                                                                                                    MD5:240FEE45CF3E6611238EC6F0F755860A
                                                                                                                                    SHA1:1A0FFB46F7F0FD6827623A8966D741B4632F94CB
                                                                                                                                    SHA-256:7B63BC84369CA6661529B753FE3DB5941149DB57D5BC25335BCE742097F4DD58
                                                                                                                                    SHA-512:F9C630828DB793B9DDB7666923FC24E0D6134F426F366A3602955F88945931E31522AA1A22FDB45AF8849AB834B35DF05DB11AA3DEEDCB26F5BA3CBFB68C15F5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103910..data = {24F432D0-EF1A-49D6-823D-3A87EF9F4163}..pkgtype = APAC....[Version]..method = MSI..data = {24F432D0-EF1A-49D6-823D-3A87EF9F4163}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SW_APP_LRN-CTR_V2_0_WEB\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.136689172579025
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFPUg4bseDDTgLdSrtKyVjcVckhFdVBsSkseDDTgLdSrtKyyn:/QZgFP4bNDDTgpEtKyVjkhFrBUNDDTgt
                                                                                                                                    MD5:240FEE45CF3E6611238EC6F0F755860A
                                                                                                                                    SHA1:1A0FFB46F7F0FD6827623A8966D741B4632F94CB
                                                                                                                                    SHA-256:7B63BC84369CA6661529B753FE3DB5941149DB57D5BC25335BCE742097F4DD58
                                                                                                                                    SHA-512:F9C630828DB793B9DDB7666923FC24E0D6134F426F366A3602955F88945931E31522AA1A22FDB45AF8849AB834B35DF05DB11AA3DEEDCB26F5BA3CBFB68C15F5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103910..data = {24F432D0-EF1A-49D6-823D-3A87EF9F4163}..pkgtype = APAC....[Version]..method = MSI..data = {24F432D0-EF1A-49D6-823D-3A87EF9F4163}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SW_APP_LRN-CTR_V2_0_WEB\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SW_DBAR_1_8_WEB\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):334
                                                                                                                                    Entropy (8bit):5.481333924301751
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HF7c5XLxIqEG/uH0jkaWjbAmtkXLxIqEG/uHlRC7vMFrqOc5XLxIqEG/uHhn:KcNLe//0jGjkmtULe//fCrWcNLe//h
                                                                                                                                    MD5:F153D616614EEEB61E0981A25E022C29
                                                                                                                                    SHA1:D317908F30BE76B3A6E5E33A34666DCF2BF43F9E
                                                                                                                                    SHA-256:22B6FD07987F950B6AEEC3CF17454417337436EA72D851EC751C2B3ECED5DE7A
                                                                                                                                    SHA-512:A2655C89B0CD6B256B8545A5E9D66EE067C4E8F499287EDD839603D4F9DAD657AF579C98979C3521809D866A77F1554DFD5A30D6FDB4574B65382847AF3D52AB
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 103911..data = HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DellBackupandRecovery;Version..pkgtype = APAC..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DellBackupandRecovery;DisplayName....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DellBackupandRecovery;Version....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SW_DBAR_1_8_WEB\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):334
                                                                                                                                    Entropy (8bit):5.481333924301751
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HF7c5XLxIqEG/uH0jkaWjbAmtkXLxIqEG/uHlRC7vMFrqOc5XLxIqEG/uHhn:KcNLe//0jGjkmtULe//fCrWcNLe//h
                                                                                                                                    MD5:F153D616614EEEB61E0981A25E022C29
                                                                                                                                    SHA1:D317908F30BE76B3A6E5E33A34666DCF2BF43F9E
                                                                                                                                    SHA-256:22B6FD07987F950B6AEEC3CF17454417337436EA72D851EC751C2B3ECED5DE7A
                                                                                                                                    SHA-512:A2655C89B0CD6B256B8545A5E9D66EE067C4E8F499287EDD839603D4F9DAD657AF579C98979C3521809D866A77F1554DFD5A30D6FDB4574B65382847AF3D52AB
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 103911..data = HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DellBackupandRecovery;Version..pkgtype = APAC..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DellBackupandRecovery;DisplayName....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DellBackupandRecovery;Version....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SW_DBAR_1_8_WEB\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SW_DFND_SVC_TRIB_1_1\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.1934173538396085
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFdo6b1VLXzdVWITcXh+ylcVckhFdVBsSk1VLXzdVWITcXh+yy:/QZgFqOX3dVPTcEgkhFrBUX3dVPTcEr
                                                                                                                                    MD5:F3245EAEFAE863DE3329AE61171B727A
                                                                                                                                    SHA1:DCDB110B0359A5C8F01F425DB3A17AD90FCFF7EA
                                                                                                                                    SHA-256:D1328DFDB2802E846977545CB2F556CF8A0E6A8ECAC197A28BA0E2D128A51BD3
                                                                                                                                    SHA-512:4C4565D5A1D1E5E128D86D8D8B5147F4C611915F5EC65EDBC98DBE7CE376D29DBE026C19C7D9C0448950113C9C238027A43CBD6981583F1191A0E44E4A13BC09
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 102941..data = {BDB50421-E961-42F3-B803-6DAC3FC9F833}..pkgtype = APAC....[Version]..method = MSI..data = {BDB50421-E961-42F3-B803-6DAC3FC9F833}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SW_DFND_SVC_TRIB_1_1\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.1934173538396085
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFdo6b1VLXzdVWITcXh+ylcVckhFdVBsSk1VLXzdVWITcXh+yy:/QZgFqOX3dVPTcEgkhFrBUX3dVPTcEr
                                                                                                                                    MD5:F3245EAEFAE863DE3329AE61171B727A
                                                                                                                                    SHA1:DCDB110B0359A5C8F01F425DB3A17AD90FCFF7EA
                                                                                                                                    SHA-256:D1328DFDB2802E846977545CB2F556CF8A0E6A8ECAC197A28BA0E2D128A51BD3
                                                                                                                                    SHA-512:4C4565D5A1D1E5E128D86D8D8B5147F4C611915F5EC65EDBC98DBE7CE376D29DBE026C19C7D9C0448950113C9C238027A43CBD6981583F1191A0E44E4A13BC09
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 102941..data = {BDB50421-E961-42F3-B803-6DAC3FC9F833}..pkgtype = APAC....[Version]..method = MSI..data = {BDB50421-E961-42F3-B803-6DAC3FC9F833}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SW_DFND_SVC_TRIB_1_1\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SYSID.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):28
                                                                                                                                    Entropy (8bit):3.896291529045928
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:h4GR9NLYu:hfdJ
                                                                                                                                    MD5:EB8DA4FE82603C168D4AA07354219FEF
                                                                                                                                    SHA1:965B7A7D1CD6759234AD5EDCF86F132B977F59AB
                                                                                                                                    SHA-256:9409D25382A0D08F2F7982C7F215D40D7D9E71FCC8476F1AE0AFFB7A23335653
                                                                                                                                    SHA-512:BC7B7A763F0C93FB46B0D35D37E16FFD6B4A3305BA4A0029933CF8576BB68E945AD7C60B64EFB1068E9CD288E206EAA34872148F8653B7777F86B88252C4129C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[SYSIDS]..048C = 1..061A = 1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SalomonDock\SalomonDock.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):31600
                                                                                                                                    Entropy (8bit):6.587503669524279
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:768:JObccuYvV+xwUbbSdeSdOE3chmeyj3hPr:J3cuBxwUbUlOZh1A3hPr
                                                                                                                                    MD5:4A7D2AB9B87C9A4603D0A21C145C99A8
                                                                                                                                    SHA1:DB4CDDBD66B74402AE74BD13F1C55228900D66C4
                                                                                                                                    SHA-256:789F25AD57A0DBD0E447363ECFEC47AE7E5F0A110C16784C54D3CF06820F5874
                                                                                                                                    SHA-512:A0EE8D1EF00B8AF255DA72793C94C57A6156D14AA882E7021536B1219BB43FFD5C2018FBC4C2C2F62B462E50482C3369BB5703C4A2751A3B66A279DB3DE0ADE4
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........O..............e`.......X.......X=......X.......V..........x....X<......X8......X......Rich............PE..L.....F\.................2...*.......8.......P....@.................................|.....@..................................\..d....................`..p.......$... R...............................T..@............P...............................text....1.......2.................. ..`.rdata.......P.......6..............@..@.data........p.......T..............@....rsrc................V..............@..@.reloc...............X..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Serial_IO_Drvr\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):458
                                                                                                                                    Entropy (8bit):5.383939054028679
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtbitwCtgY+SHSDaihIY1waia6Fsq+pGiv:+eZSiabXa3FpGiv
                                                                                                                                    MD5:9D8B218305F6325E99C4D09A27A7DD88
                                                                                                                                    SHA1:BEA5DF74E701BB359A96FCC54894CBD63C71C0B0
                                                                                                                                    SHA-256:464A83ECE67F90AD401DE0D98868DC2335E2346E71DCC0DC1F6A28D0BB94465F
                                                                                                                                    SHA-512:40972923A78F9FAF5E750E89454CE385A2A8C6F877010F210FCC0D7683260D9953762DB3DE01A686B0C50B42BCEF629B998D88991E61DFD455D29CEA7C31BCA1
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = MSI..PkgType = DRVR..ComponentID=103954..Data={A2E02A9B-E18C-4F02-B3B8-89B17FAE1A54}....[Version]....; Need to extract Version from below given registry path..Method = MSI..Data={A2E02A9B-E18C-4F02-B3B8-89B17FAE1A54}........; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Serial_IO_Drvr\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):456
                                                                                                                                    Entropy (8bit):5.389290908136972
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtbitwCtgY+SHSDaihIY1waia6Fsq+pG1:+eZSiabXa3FpG1
                                                                                                                                    MD5:ACA016A27DB12C5F4F78728E7CAA36A4
                                                                                                                                    SHA1:483F07AA362BFE4739F7B22F4F49F99BF0A9A44E
                                                                                                                                    SHA-256:FE9BBA2139156F294E59E1564D0F7936F4EC0939D5D73F077BD3CF3B052DEAA7
                                                                                                                                    SHA-512:EA10FDBCC16951F7C8DA46DB5733D0BE0065A99C8511ED18BB5A69E060E78319A4F26844AFD8FD6F1E7E33EE2318D0A7353D25AFCA61FB61A90B0D2702F2C6C6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = MSI..PkgType = DRVR..ComponentID=103954..Data={A2E02A9B-E18C-4F02-B3B8-89B17FAE1A54}....[Version]....; Need to extract Version from below given registry path..Method = MSI..Data={A2E02A9B-E18C-4F02-B3B8-89B17FAE1A54}........; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Serial_IO_Drvr\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Sierra_multiPNP\Sierra.cmd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):244
                                                                                                                                    Entropy (8bit):5.054833554144858
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:hmRe7SDCI9FzmxKaON0JqNmKGKa5IrHFzmxMXN0JqW:wU7SDNmxKnNkukKvdmxQNkn
                                                                                                                                    MD5:C4A5814B958FE8AE32CC9C4BDEBF5817
                                                                                                                                    SHA1:A66623BDBB7F67B921FF1BC4DDF93DEA51FD65D4
                                                                                                                                    SHA-256:5CF55C9340DA3044D3A13A97D0CB5F73BFDC07299070D5D0ECC25DF17E9DDAD1
                                                                                                                                    SHA-512:17EBCE4478F3C1B137E095EFDCE0190EE4BB076087403B1884762325F31D7BA4AEBE910F3E0DC0AC2160290027A6C91207BF67019552FB398CA5214A2948BFB6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:@echo off..setlocal..if "%PROCESSOR_ARCHITEW6432%"=="" goto thirtytwo.. call %systemroot%\Sysnative\cscript /nologo Sierra_Inv.vbs %1.. endlocal..Exit....:thirtytwo.. call %systemroot%\system32\cscript /nologo Sierra_Inv.vbs %1....endlocal

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Sierra_multiPNP\Sierra_Inv.vbs

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with very long lines (354), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2653
                                                                                                                                    Entropy (8bit):5.485397205022771
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:TJjEoZ3H+2Un6uiEzkn5tbOSR3gKkag3JWqWSJWwzB8J820gVXB8JGRhYgV6ClW+:tPZX3uiEzK5tFOJ56hYWYiwcBxv
                                                                                                                                    MD5:0A210F0EBE4CD12F9FD596877D10BA9B
                                                                                                                                    SHA1:5A19DBD06B81987ADAEE9B55D48E4F70AC3D0D09
                                                                                                                                    SHA-256:DBC10C5ADB7FC4C7845AC36EFC625DE11E806B771C704CF2C992CF973B5B97F9
                                                                                                                                    SHA-512:EAB8899AE330968803DD0992E1369E36BECED4741EAB56549A31BBAF2ABE14F43739DD962295F0EDAEB208B639C53462CDCC113EE452434E1F1EEC81BE9CA8FE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:Option Explicit....Dim strDisplayName, strVersion, strComponentID..Dim LogName, theArgs..Dim QuoteObj, CrLfObj, XmlOpen, XmlClose, XmlData..Dim fso, log, XMLlog..Dim strComputer: strComputer = "."..Dim objWMIService..Dim PIDcnt: PIDcnt=4..Dim arrVID_PID(5), arrCompID(5) '45 - count of PID/CompID list in pnpDeviceList.ini.PLEASE check this everytime...QuoteObj = (Chr(34))..CrLfObj = (Chr(13)) & (Chr(10))....Function ReadData().....arrVID_PID(0)="USB\VID_413C&PID_81B6"...arrVID_PID(1)="USB\VID_413C&PID_81B8"...arrVID_PID(2)="USB\VID_413C&PID_81CC"...arrVID_PID(3)="USB\VID_413C&PID_81C2"...arrVID_PID(4)="USB\VID_413C&PID_81C4"......arrCompID(0)=104010...arrCompID(1)=104010...arrCompID(2)=106158...arrCompID(3)=105305...arrCompID(4)=105305.....End Function......' set the output file name as passed in cmdline..set theArgs = Wscript.Arguments..LogName = theArgs.Item(0)........Function DeviceInfo(XMLlog)...Dim colItems, objItem,Query...Set objWMIService = GetObject("winmgmts:\\" & strCompute

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SmallBusinessAdv\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1222
                                                                                                                                    Entropy (8bit):5.512195840337825
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+2SFmjc1zs+TLt38SGNIVnO+myIVnO+OZFNavzM9oQBGAXlo+sNIVnO+2cFpGiv:rSh1A+FkIA+myIA+OZaiTB/X2+2IA+vx
                                                                                                                                    MD5:2C94D6EC82AFD2ABBDB92B65C6B517F2
                                                                                                                                    SHA1:C75E681672D2E896CFD2FA6F4DFAAA75AF7BACE6
                                                                                                                                    SHA-256:1E3C328F9EA34B765732F1A216C5FE7C21F362AD8C7708FCD86C9CE8867B9558
                                                                                                                                    SHA-512:31A59D73AFE3A0D69921885A955A87912B9A873A31D5F77CB0AE077764638B2FF46AA27B0EF94E0C068CF046AA6E5D9A37954F5C6DAED7509349B844BB9C884F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn..[Regular]..1= Payload\Setup.exe /qn..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = Reg..PkgType = APAC..ComponentID = 30765..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A6D86CD-B004-46b7-8951-7BB75A776F8C};DisplayVersion..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6A6D86CD-B004-46b7-8951-7BB75A776F8C};DisplayName..........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Met

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SmallBusinessAdv\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1250
                                                                                                                                    Entropy (8bit):5.53589202867503
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+2SFmjc1zs+TLt38SGNCtVnO+myCtVnO+O2FNavzM9oQBGAXlo+sNCtVnO+GFpGM:rSh1A+FkEA+myEA+O2aiTB/X2+2EA+Gx
                                                                                                                                    MD5:B082E1208EC0D7926030CF5AA0670AA8
                                                                                                                                    SHA1:3995F0A3EA8FFCDAA0B10C1D26700DFE28FE7124
                                                                                                                                    SHA-256:EF6C2D67CD1B96EBC1C0798A3FA5F7B8EDDBCDD44542DAA51064F85CB6A54E9F
                                                                                                                                    SHA-512:C5BD56697CB6A6B754E9AFBB81A7F68D3C7C51566D01656D026312886A07EF045AB978887CD6AAF7628958384C7AB185077296B2CFFB4F9EBF310387E3293B10
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn..[Regular]..1= Payload\Setup.exe /qn..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = Reg..PkgType = APAC..ComponentID = 30765..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6A6D86CD-B004-46b7-8951-7BB75A776F8C};DisplayVersion..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6A6D86CD-B004-46b7-8951-7BB75A776F8C};DisplayName....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromenta

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SmallBusinessAdv\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SmallBusinessAdv\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SmartByte\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):184
                                                                                                                                    Entropy (8bit):5.095954439778443
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFGBbGdVTj1QdrBIHneIyLRcVckhFdVBsSkGdVTj1QdrBIHneIFyyn:/QZgFGBbgKNACxkhFrBUgKNAfyyn
                                                                                                                                    MD5:9ECEC5C4F2D6C381677911D65E91DBB8
                                                                                                                                    SHA1:4CEF5804F27A7909BD80A3EB088671B128BFE712
                                                                                                                                    SHA-256:1DC7362F528A2B883843C29D09BB4EF6D38195AC37E8F43CD04EE460075B5170
                                                                                                                                    SHA-512:D09A2EB45E680946A0FC8DD1D1A0E5A8B35FA65D2CE613840670C7E6B7D2A45305FC52CC50AC8FB7D743A33781C2F8D199541014658C99013140E8591BA78C3B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103022..data = {08805D42-F958-4558-A024-57E498B071E2}..pkgtype = APAC....[Version]..method = MSI..data = {08805D42-F958-4558-A024-57E498B071E2} ....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SmartByte\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):184
                                                                                                                                    Entropy (8bit):5.095954439778443
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFGBbGdVTj1QdrBIHneIyLRcVckhFdVBsSkGdVTj1QdrBIHneIFyyn:/QZgFGBbgKNACxkhFrBUgKNAfyyn
                                                                                                                                    MD5:9ECEC5C4F2D6C381677911D65E91DBB8
                                                                                                                                    SHA1:4CEF5804F27A7909BD80A3EB088671B128BFE712
                                                                                                                                    SHA-256:1DC7362F528A2B883843C29D09BB4EF6D38195AC37E8F43CD04EE460075B5170
                                                                                                                                    SHA-512:D09A2EB45E680946A0FC8DD1D1A0E5A8B35FA65D2CE613840670C7E6B7D2A45305FC52CC50AC8FB7D743A33781C2F8D199541014658C99013140E8591BA78C3B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103022..data = {08805D42-F958-4558-A024-57E498B071E2}..pkgtype = APAC....[Version]..method = MSI..data = {08805D42-F958-4558-A024-57E498B071E2} ....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SmartByte\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SmartConnect\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):912
                                                                                                                                    Entropy (8bit):5.269125679441178
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+2SFmjc1zs+TLtrdt8gFNavzM9oQBGAXlo+FhFpGiv:rSh1A+FZaiTB/X2+fOM
                                                                                                                                    MD5:881775E17ACC0D13A7371DE07535DD9E
                                                                                                                                    SHA1:7D67E1C2D83484CF690E35A4B5B08D9E1E2F5F26
                                                                                                                                    SHA-256:AA0C40F334FE501AC7169C80C110C52F30BE6506221923BB700745F172C09829
                                                                                                                                    SHA-512:8A9A9C2E82EEDDDB8792687F68E5BA35E3A96D435CFDDC89120F19CB1457CF06A7B0A49AFF5F53F44248E4B6E43B81D3C28D94BA423AE353569E008A871E1419
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn..[Regular]..1= Payload\Setup.exe /qn..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {25511E70-5ED7-4DA5-95AB-D1A839E7EFEC}..PkgType = APAC..componentID=100058........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {25511E70-5ED7-4DA5-95AB-D1A839E7EFEC}......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SmartConnect\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):912
                                                                                                                                    Entropy (8bit):5.269125679441178
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+2SFmjc1zs+TLtrdt8gFNavzM9oQBGAXlo+FhFpGiv:rSh1A+FZaiTB/X2+fOM
                                                                                                                                    MD5:881775E17ACC0D13A7371DE07535DD9E
                                                                                                                                    SHA1:7D67E1C2D83484CF690E35A4B5B08D9E1E2F5F26
                                                                                                                                    SHA-256:AA0C40F334FE501AC7169C80C110C52F30BE6506221923BB700745F172C09829
                                                                                                                                    SHA-512:8A9A9C2E82EEDDDB8792687F68E5BA35E3A96D435CFDDC89120F19CB1457CF06A7B0A49AFF5F53F44248E4B6E43B81D3C28D94BA423AE353569E008A871E1419
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn..[Regular]..1= Payload\Setup.exe /qn..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {25511E70-5ED7-4DA5-95AB-D1A839E7EFEC}..PkgType = APAC..componentID=100058........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {25511E70-5ED7-4DA5-95AB-D1A839E7EFEC}......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SmartConnect\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\SmartConnect\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Stardock\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):358
                                                                                                                                    Entropy (8bit):5.42579437919606
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9at3KKV5lFit3KKV5gCt3LSy+pfvccUYd95gF8kOWVokWvccUYd9T:CxAtBV5ritBV5gCt7Sy+pf0+d95A8zXP
                                                                                                                                    MD5:68AC5BFFC1BB347840478503349DE7AC
                                                                                                                                    SHA1:1CC4D1FF3E9FC1D4F27D3E7792EDC63CF87FEFCA
                                                                                                                                    SHA-256:C852392957AF58AB52634B677BAF1A31419F740D8B87C1429E6030F83A117436
                                                                                                                                    SHA-512:544588F704CB5DB137EAA5836E51A4C45D835AC6C9A3BCA009318DF6A49A966310604AC923C2548E239BC8010B6483AF40D2C3B0C06A76A2FE489219B88DD0A4
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {977BAEAE-2B9D-4EB2-81B6-2F961B84A544}..PkgType = APAC..ComponentID=106323......[Version]....Method = MSI..Data = {977BAEAE-2B9D-4EB2-81B6-2F961B84A544}..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Stardock\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):358
                                                                                                                                    Entropy (8bit):5.42579437919606
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9at3KKV5lFit3KKV5gCt3LSy+pfvccUYd95gF8kOWVokWvccUYd9T:CxAtBV5ritBV5gCt7Sy+pf0+d95A8zXP
                                                                                                                                    MD5:68AC5BFFC1BB347840478503349DE7AC
                                                                                                                                    SHA1:1CC4D1FF3E9FC1D4F27D3E7792EDC63CF87FEFCA
                                                                                                                                    SHA-256:C852392957AF58AB52634B677BAF1A31419F740D8B87C1429E6030F83A117436
                                                                                                                                    SHA-512:544588F704CB5DB137EAA5836E51A4C45D835AC6C9A3BCA009318DF6A49A966310604AC923C2548E239BC8010B6483AF40D2C3B0C06A76A2FE489219B88DD0A4
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {977BAEAE-2B9D-4EB2-81B6-2F961B84A544}..PkgType = APAC..ComponentID=106323......[Version]....Method = MSI..Data = {977BAEAE-2B9D-4EB2-81B6-2F961B84A544}..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Stardock\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2080
                                                                                                                                    Entropy (8bit):4.780047987689396
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSz6:IQ8DW6NRLtzM/aI35HLt27LtI
                                                                                                                                    MD5:608A850B65747E6AED9BCFCFC3BA3524
                                                                                                                                    SHA1:9E19ADAE84D527149882F85ED4B6609810E42041
                                                                                                                                    SHA-256:9B399B28ABB5F346E4EE55D33FB1E1F9E2F07CDAE3674EC0B36BC36EC5F82659
                                                                                                                                    SHA-512:42BD7A219C6FA165BA1EB32DE2C6C1AF88695AECDB09F9E921D88F58DF21842CC1A1640FA5D88EB5EAB8A62595D582B7F5324CC94A6B45E7AC824C2355EF0887
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Stardock\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):70
                                                                                                                                    Entropy (8bit):4.2087931853361935
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKx:WT0VJMww2YWFQQ
                                                                                                                                    MD5:704F986146BF214E6169E0FE37B27D4D
                                                                                                                                    SHA1:96F03946DBFDB2D45969878638C6D34679B52606
                                                                                                                                    SHA-256:171AE64DD5A99DC735E17BA9B0B5E74727ED563DCB63C5548C665313194A5A76
                                                                                                                                    SHA-512:53B35F883C9CE5C85CD33B7AD165D39218C8F59811EC3EB33085CA6859F4BD1D59F2FB6098CA51FE852B8970750E8DA8BCD73E5F60823768F4B88AD0E0404D4C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\StaticIC\StaticIC.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):219184
                                                                                                                                    Entropy (8bit):6.406491567164491
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:Xo0oNt7/xQ1efuray4SaLgdNdgIXr9RxdLnJQf+nIXlns07ryyyr5IC+C4L:aySurMSaLqlr9RXLJQf+nMXdL
                                                                                                                                    MD5:2B5DF9597EE4BBB73D095C6DA1955EFE
                                                                                                                                    SHA1:8D8299A6C7FD4003EA20D87F4112D4242FE76D69
                                                                                                                                    SHA-256:39E753920D3899D29B58B7923FE71888B29360C4BB48B1235666B5D5C68911E6
                                                                                                                                    SHA-512:38C0657C97DE9B0A297CDCD8F2D81477E8D3E7DD3453CBC1CA663698C4C3E7723DF47E4C1EDCB7DB3D4316B001FE92B29B8C0FC8D74DE06CF89C6C5F9C0B79BF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......X..^.p|..p|..p|......p|.;....p|.."...p|....._p|......p|.;....p|..p}..p|......p|.."...p|......p|.Rich.p|.........PE..L......M.................:... ...............P....@..................................7....@.................................x........ ...-...........<..0....P..@...`R..............................P...@............P...............................text...`9.......:.................. ..`.rdata..,....P.......>..............@..@.data....:..........................@....rsrc....-... ......................@..@.reloc..0*...P...,..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Synaptic_Touchpad\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):646
                                                                                                                                    Entropy (8bit):5.30652660127898
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pbz+NLFZHM6BCaULFZHMDXseu1z+NLFZHMZFsq+pG5:+C5r85vSmN/sEM/sDykN/swFpG5
                                                                                                                                    MD5:FBCC99A6430A9C34C65900369FA1A184
                                                                                                                                    SHA1:E3AD8FC0FC81D5C0C902ACB862FD45BF8A8B58FC
                                                                                                                                    SHA-256:E2CB8D5E9A08FCF86355108FB3D4568D89213FC8AA4CD54D4E5B1A6517A889D7
                                                                                                                                    SHA-512:2BD54BB79A144744A5FFBB9330F383A96A3E3E7B457408249E69025420F411726B59B484A5C06A34969A76CC9DBF1D70D9161260CD4FE2D6A426341F64140CF8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]....Method = Reg..Data = HKEY_LOCAL_MACHINE\Software\Dell\MUP\Synaptics Inc\Synaptics Pointing Device Driver\;Version..DisplayName = HKEY_LOCAL_MACHINE\Software\Dell\MUP\Synaptics Inc\Synaptics Pointing Device Driver\;Product Name..ComponentID = 18385..PkgType = DRVR....[Version]....Method = Reg..Data = HKEY_LOCAL_MACHINE\Software\Dell\MUP\Synaptics Inc\Synaptics Pointing Device Driver\;Version....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Synaptic_Touchpad\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):660
                                                                                                                                    Entropy (8bit):5.398492560412906
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtbitwCtgpbz+NLJw0HM6BCaULJw0HMDXseu1z+NLJw0HMZFsq+pGIy:+eCNlw0sEMlw0sDykNlw0swFpGIy
                                                                                                                                    MD5:81F1611EB926EB58401D8C7834F3DFB8
                                                                                                                                    SHA1:29C7AB364B91954EEE1314ABD9BEC8AB0ABD40E7
                                                                                                                                    SHA-256:1B570BAF9D734FEFFDF984E64D06BE7323F19B41FBFA370B6D25990C26D6F3D0
                                                                                                                                    SHA-512:C0CF011381ECA05922D2E47E6A73BC2BFC257165E1B5FCD945764436C8305032C41BD4E02B5F8154F90C4A26BF0753309D94CE5F052745E3000C9F08BC614AD2
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]....Method = Reg..Data = HKEY_LOCAL_MACHINE\Software\Wow6432Node\Dell\MUP\Synaptics Inc\Synaptics Pointing Device Driver\;Version..DisplayName = HKEY_LOCAL_MACHINE\Software\Wow6432Node\Dell\MUP\Synaptics Inc\Synaptics Pointing Device Driver\;Product Name..ComponentID = 18385..PkgType = DRVR....[Version]....Method = Reg..Data = HKEY_LOCAL_MACHINE\Software\Wow6432Node\Dell\MUP\Synaptics Inc\Synaptics Pointing Device Driver\;Version....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Synaptic_Touchpad\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Synaptic_Touchpad\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Synaptics_Fingerprint_Sensor_Driver\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):185
                                                                                                                                    Entropy (8bit):5.11732116170538
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFlZO6VqRWdIhhVTJ91NgVBIdVBsSk6VqRWdIhhVTJ91a:/QZgFG6wwdYTj7rBU6wwdYTj8
                                                                                                                                    MD5:EC800FC7619E4B29EC09E8BED3A0B308
                                                                                                                                    SHA1:174627558F830D710380874CAD8D15E2EDBACE59
                                                                                                                                    SHA-256:6B4FC668B56574B4746E9A3F666E4FF414ECEC672AB8444F2F18E1F8808EA7B9
                                                                                                                                    SHA-512:DDB218C86596E57DC0DF122FB03EB7FA70A5CDB92876E1543E7881F5C46C967A6885AFDAECCA216758ADDA99D8F70ACEC2AE5E6D2FFD01CA99771ADAB20CDBEB
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106829..data = {7A481C81-76C6-4438-8F77-5125615C09D6} ..pkgtype = DRVR....[Version]..method = MSI..data = {7A481C81-76C6-4438-8F77-5125615C09D6} ....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Synaptics_Fingerprint_Sensor_Driver\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):185
                                                                                                                                    Entropy (8bit):5.11732116170538
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFlZO6VqRWdIhhVTJ91NgVBIdVBsSk6VqRWdIhhVTJ91a:/QZgFG6wwdYTj7rBU6wwdYTj8
                                                                                                                                    MD5:EC800FC7619E4B29EC09E8BED3A0B308
                                                                                                                                    SHA1:174627558F830D710380874CAD8D15E2EDBACE59
                                                                                                                                    SHA-256:6B4FC668B56574B4746E9A3F666E4FF414ECEC672AB8444F2F18E1F8808EA7B9
                                                                                                                                    SHA-512:DDB218C86596E57DC0DF122FB03EB7FA70A5CDB92876E1543E7881F5C46C967A6885AFDAECCA216758ADDA99D8F70ACEC2AE5E6D2FFD01CA99771ADAB20CDBEB
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 106829..data = {7A481C81-76C6-4438-8F77-5125615C09D6} ..pkgtype = DRVR....[Version]..method = MSI..data = {7A481C81-76C6-4438-8F77-5125615C09D6} ....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Synaptics_Fingerprint_Sensor_Driver\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\TBT_Dock_Firmware\GetDockVer32W.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):161328
                                                                                                                                    Entropy (8bit):6.909149620788685
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:OHgcbfWjjVzDJGlgBNnhqKvQY7biiiY0g:OhfkjtdGlgnnVv0g
                                                                                                                                    MD5:BC89DA920D9F9C0ACD490556C6693095
                                                                                                                                    SHA1:C4A6358E55613FB86236FABA2B8D15B295C99B02
                                                                                                                                    SHA-256:B7BA6FC8E18A481EBE83B4D81B7A473B5DC9FDE98695501CF8466E8C1687ECA9
                                                                                                                                    SHA-512:FF5C32783FA25B973EB2F34E3FED4F0A186C305B026420BAED8FE262653E70D8A56CA77D9C6B30C5668330EADB0E33B1758DB948619D3D76D7A0919DEA883D5D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V..V..V...j.V...w.V...C..V...z.V..V...V... B.V... C.V...B.V...F.V...s.V...t.V..Rich.V..................PE..L.....B].................P..........7........`....@..........................0............@.....................................x....................Z..0.......(.......................................@............`...............................text...cN.......P.................. ..`.rdata...Y...`...Z...T..............@..@.data....8..........................@....rsrc................4..............@..@.reloc........... ...:..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\TBT_Dock_Firmware\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ASMedia_USB_Controller\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):903
                                                                                                                                    Entropy (8bit):5.263173053600823
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLVTLHCLFNavzM9oQ9LHZFpG5:P5r85vTh1A+n9cOLaiT9FO5
                                                                                                                                    MD5:6717359A7965237501266911A71BBB97
                                                                                                                                    SHA1:BEB44005B5D2C49A73E0D46EA5408C381E1C095F
                                                                                                                                    SHA-256:2A3ACF04E9951BC6350B574EEE85BC3BC74AFB394D75ADF17F117B3454A991EC
                                                                                                                                    SHA-512:646B912A3A3DC7D560AEFE0B4DFA79010F7BFF995F44297A1DD0F3C1EB9D566D97159B341944F57B3EC4B9BA8FDBD8AE4A2F5B016673D1B33DC627D84C832B38
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = MSI..PkgType = DRVR..Data = {B81CB020-2AC6-4F14-9847-0480D6AD9529}..ComponentID = 108083......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = MSI..Data = {B81CB020-2AC6-4F14-9847-0480D6AD9529}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ASMedia_USB_Controller\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):903
                                                                                                                                    Entropy (8bit):5.263173053600823
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLVTLHCLFNavzM9oQ9LHZFpG5:P5r85vTh1A+n9cOLaiT9FO5
                                                                                                                                    MD5:6717359A7965237501266911A71BBB97
                                                                                                                                    SHA1:BEB44005B5D2C49A73E0D46EA5408C381E1C095F
                                                                                                                                    SHA-256:2A3ACF04E9951BC6350B574EEE85BC3BC74AFB394D75ADF17F117B3454A991EC
                                                                                                                                    SHA-512:646B912A3A3DC7D560AEFE0B4DFA79010F7BFF995F44297A1DD0F3C1EB9D566D97159B341944F57B3EC4B9BA8FDBD8AE4A2F5B016673D1B33DC627D84C832B38
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = MSI..PkgType = DRVR..Data = {B81CB020-2AC6-4F14-9847-0480D6AD9529}..ComponentID = 108083......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = MSI..Data = {B81CB020-2AC6-4F14-9847-0480D6AD9529}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ASMedia_USB_Controller\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ASMedia_USB_Controller\RegForceInventory.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF, CR line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):89836
                                                                                                                                    Entropy (8bit):3.653129458194554
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:br1DSRdToTy+/dl3P5lE3hdLBSTL+E9WbNt:tGoG+/dDGnBS/+Esv
                                                                                                                                    MD5:29F6C95243BDB81B7C183A2FDEAF0084
                                                                                                                                    SHA1:4CF5DF9645E99B3BECE8E9BD27703189E341B60C
                                                                                                                                    SHA-256:C2AF3EB954DCE059D1AAF6B3DEDBAF2AAB5899BCE681657AB5B4C6BD7CC9F050
                                                                                                                                    SHA-512:832730A3DDAFEBEA58CDE981F77A8DBC363B5ABA1E7323C663052EE8CD9110ABDC9AB480B93B773C7A83C8169DD45E849BC2583EBF8542F47E777309455AF3BF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.". .s.t.a.n.d.a.l.o.n.e.=.".n.o.".?.>.....<.F.o.r.c.e.I.n.v.e.n.t.o.r.y.>.....<.D.e.v.i.c.e. .c.o.m.p.o.n.e.n.t.I.D.=.".1.0.3.6.2.0.". .e.m.b.e.d.d.e.d.=.".0.". . .t.y.p.e.=.".D.R.V.R.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.R.e.a.l.t.e.k. .U.S.B. .A.u.d.i.o.].].>.<./.D.i.s.p.l.a.y.>.........<.S.u.p.p.o.r.t.e.d.S.y.s.t.e.m.s.>.....<.B.r.a.n.d. .k.e.y.=.".1.1.". .p.r.e.f.i.x.=.".P.R.E.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.P.r.e.c.i.s.i.o.n.].].>.<./.D.i.s.p.l.a.y.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.E.5.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.5.5.1.0.].].>.<./.D.i.s.p.l.a.y.>.....<./.M.o.d.e.l.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.D.9.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.7.5.1.0.].].>.<./.D.i.s.p.l.a.y.>.....<./.M.o.d.e.l.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.D.A.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\BIOS_Tool\G7ArTbtPower64.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):188464
                                                                                                                                    Entropy (8bit):6.678196871328479
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:JZReREEo7faLITJavtTh3tc2aJnaTBffYd0br7mIMvL1h:JZRWSaIdQtTZtMnaTBXzCIMvJh
                                                                                                                                    MD5:FA5D1FCE7115A87035BE7BB647C4F117
                                                                                                                                    SHA1:C6EA20BBA38E3C627E01B5D6C0C3F1400090B4A9
                                                                                                                                    SHA-256:F6364635020F2059E135B2A10509A54609B711B782FBF8A4F20551A161271CFF
                                                                                                                                    SHA-512:EE77D8638244FE34D362C1F90AF44E26484CED08EBB6AF9E2777CB2368C152188A091F5A41DC941BDFA68CB341F9048BB878876513F95A729408C7262D7F86EA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........=NvY\ %Y\ %Y\ %B..%y\ %B..%R\ %P$.%^\ %Y\!%;\ %B..%*\ %6*.%Z\ %6*.%p\ %B..%\\ %B..%X\ %B..%X\ %RichY\ %........PE..d...{0}W.........."............................@.....................................p....@.................................................<...P....p.......P..........0.......d....................................................................................text..."........................... ..`.rdata.............................@..@.data........0......................@....pdata.......P......................@..@.rsrc........p......................@..@.reloc..R...........................@..B................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\Executables\DRVUpdate.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):267312
                                                                                                                                    Entropy (8bit):6.393123909234834
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:g6WaV2WJ2u6PupcWluM7nCL6h5nTJwdPnjSszac2eM3FjM1/GGa4arGOZYd92Nah:gBOAtE5bTSdk5FjHGa4yZYd92/VuEhC
                                                                                                                                    MD5:281C4E15D1FBE669754B0E300B5BB6CD
                                                                                                                                    SHA1:1FE48A008A542C79BE57D113692A68016E6807AF
                                                                                                                                    SHA-256:32B75BBED593E90B11A6627459AC2B660BDC15958C4DDC1D919F1AF95DBC6EFA
                                                                                                                                    SHA-512:717DA2953202F83ABD3AB46B64C20EBAB2BB892C4547C14CD4EDB4A63233357F59A98C6803103CB0B0DC4445D7E067533D6122198F58FEF5FABDC52C07C1CBDE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Bk.....P...P...Pi|8P...Pi|.PF..Pi|.P...P.r5P...P...Po..Pi|.P...Pi|<P...Pi|;P...PRich...P........................PE..L....%.]............................ $............@..........................@......%V....@.................................\...x.......................0...............................................@............................................text............................... ..`.rdata..............................@..@.data....=..........................@....rsrc...............................@..@.reloc..D+.......,..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\Executables\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\RLtek_Ethernate\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1112
                                                                                                                                    Entropy (8bit):5.374679731609321
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLy4Nvpl7FMvpl7YO2FNavzM9oQPNvpl7lFpG5:P5r85vTh1A+n9yvplRMvplUO2aiTFvpQ
                                                                                                                                    MD5:870DF3C465096119D3D9F315B58827EB
                                                                                                                                    SHA1:F72A87116C7852DEE23816054AF12E253BF0D7F1
                                                                                                                                    SHA-256:4D8B285135F251B3A6262A1E194609DB999D3F87937CF1ED80CE5CE4CA06FC78
                                                                                                                                    SHA-512:6BFA59AF909F1012F50733E8F846527A29DBC39A98780440513AAFF8C142B89222505A63A6311F4993809E3DB39DA9D5874539C23B74791AD664EC08BDDD6A2D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..PkgType = DRVR..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\RTUNIC_DELL_INST\Version;Version..ComponentID = 103219..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\RTUNIC_DELL_INST\Version;DisplayName....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePa

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\RLtek_Ethernate\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1112
                                                                                                                                    Entropy (8bit):5.374679731609321
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLy4Nvpl7FMvpl7YO2FNavzM9oQPNvpl7lFpG5:P5r85vTh1A+n9yvplRMvplUO2aiTFvpQ
                                                                                                                                    MD5:870DF3C465096119D3D9F315B58827EB
                                                                                                                                    SHA1:F72A87116C7852DEE23816054AF12E253BF0D7F1
                                                                                                                                    SHA-256:4D8B285135F251B3A6262A1E194609DB999D3F87937CF1ED80CE5CE4CA06FC78
                                                                                                                                    SHA-512:6BFA59AF909F1012F50733E8F846527A29DBC39A98780440513AAFF8C142B89222505A63A6311F4993809E3DB39DA9D5874539C23B74791AD664EC08BDDD6A2D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..PkgType = DRVR..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\RTUNIC_DELL_INST\Version;Version..ComponentID = 103219..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\RTUNIC_DELL_INST\Version;DisplayName....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePa

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\RLtek_Ethernate\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\RLtek_Ethernate\RegForceInventory.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF, CR line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):89836
                                                                                                                                    Entropy (8bit):3.653129458194554
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:br1DSRdToTy+/dl3P5lE3hdLBSTL+E9WbNt:tGoG+/dDGnBS/+Esv
                                                                                                                                    MD5:29F6C95243BDB81B7C183A2FDEAF0084
                                                                                                                                    SHA1:4CF5DF9645E99B3BECE8E9BD27703189E341B60C
                                                                                                                                    SHA-256:C2AF3EB954DCE059D1AAF6B3DEDBAF2AAB5899BCE681657AB5B4C6BD7CC9F050
                                                                                                                                    SHA-512:832730A3DDAFEBEA58CDE981F77A8DBC363B5ABA1E7323C663052EE8CD9110ABDC9AB480B93B773C7A83C8169DD45E849BC2583EBF8542F47E777309455AF3BF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.". .s.t.a.n.d.a.l.o.n.e.=.".n.o.".?.>.....<.F.o.r.c.e.I.n.v.e.n.t.o.r.y.>.....<.D.e.v.i.c.e. .c.o.m.p.o.n.e.n.t.I.D.=.".1.0.3.6.2.0.". .e.m.b.e.d.d.e.d.=.".0.". . .t.y.p.e.=.".D.R.V.R.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.R.e.a.l.t.e.k. .U.S.B. .A.u.d.i.o.].].>.<./.D.i.s.p.l.a.y.>.........<.S.u.p.p.o.r.t.e.d.S.y.s.t.e.m.s.>.....<.B.r.a.n.d. .k.e.y.=.".1.1.". .p.r.e.f.i.x.=.".P.R.E.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.P.r.e.c.i.s.i.o.n.].].>.<./.D.i.s.p.l.a.y.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.E.5.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.5.5.1.0.].].>.<./.D.i.s.p.l.a.y.>.....<./.M.o.d.e.l.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.D.9.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.7.5.1.0.].].>.<./.D.i.s.p.l.a.y.>.....<./.M.o.d.e.l.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.D.A.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\RLtek_USB_Driver\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1210
                                                                                                                                    Entropy (8bit):5.4756088412657595
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLy4NIVidXLJ+MIVidXLO2FNavzM9oQPNIVidXLGFpG5:P5r85vTh1A+n9yIodbAMIodbO2aiTFIQ
                                                                                                                                    MD5:9512CB4A8245BEA4322F8BC680AC0DC3
                                                                                                                                    SHA1:7ED23DC741CA0328562629F782E6456372F1C04B
                                                                                                                                    SHA-256:9141964056B46365DA57F704104EEA7D222741B3438D567C7F1B7569E0C0534C
                                                                                                                                    SHA-512:AAE4D6E8C6EDB14B774E348FEC4E5FA3A3790E747C8526FC313EFE34D7C2607779FF81785ACA2640A60A7E308EC398A3035ADAC6488D66946B3E06FDAEDDBDF4
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..PkgType = DRVR..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A46A65D-89AC-464C-8026-3CD44960BD04};DisplayVersion..ComponentID = 103620..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A46A65D-89AC-464C-8026-3CD44960BD04};DisplayName....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method =

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\RLtek_USB_Driver\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1210
                                                                                                                                    Entropy (8bit):5.4756088412657595
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLy4NIVidXLJ+MIVidXLO2FNavzM9oQPNIVidXLGFpG5:P5r85vTh1A+n9yIodbAMIodbO2aiTFIQ
                                                                                                                                    MD5:9512CB4A8245BEA4322F8BC680AC0DC3
                                                                                                                                    SHA1:7ED23DC741CA0328562629F782E6456372F1C04B
                                                                                                                                    SHA-256:9141964056B46365DA57F704104EEA7D222741B3438D567C7F1B7569E0C0534C
                                                                                                                                    SHA-512:AAE4D6E8C6EDB14B774E348FEC4E5FA3A3790E747C8526FC313EFE34D7C2607779FF81785ACA2640A60A7E308EC398A3035ADAC6488D66946B3E06FDAEDDBDF4
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..PkgType = DRVR..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A46A65D-89AC-464C-8026-3CD44960BD04};DisplayVersion..ComponentID = 103620..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A46A65D-89AC-464C-8026-3CD44960BD04};DisplayName....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method =

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\RLtek_USB_Driver\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\RLtek_USB_Driver\RegForceInventory.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF, CR line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):89836
                                                                                                                                    Entropy (8bit):3.653129458194554
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:br1DSRdToTy+/dl3P5lE3hdLBSTL+E9WbNt:tGoG+/dDGnBS/+Esv
                                                                                                                                    MD5:29F6C95243BDB81B7C183A2FDEAF0084
                                                                                                                                    SHA1:4CF5DF9645E99B3BECE8E9BD27703189E341B60C
                                                                                                                                    SHA-256:C2AF3EB954DCE059D1AAF6B3DEDBAF2AAB5899BCE681657AB5B4C6BD7CC9F050
                                                                                                                                    SHA-512:832730A3DDAFEBEA58CDE981F77A8DBC363B5ABA1E7323C663052EE8CD9110ABDC9AB480B93B773C7A83C8169DD45E849BC2583EBF8542F47E777309455AF3BF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.". .s.t.a.n.d.a.l.o.n.e.=.".n.o.".?.>.....<.F.o.r.c.e.I.n.v.e.n.t.o.r.y.>.....<.D.e.v.i.c.e. .c.o.m.p.o.n.e.n.t.I.D.=.".1.0.3.6.2.0.". .e.m.b.e.d.d.e.d.=.".0.". . .t.y.p.e.=.".D.R.V.R.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.R.e.a.l.t.e.k. .U.S.B. .A.u.d.i.o.].].>.<./.D.i.s.p.l.a.y.>.........<.S.u.p.p.o.r.t.e.d.S.y.s.t.e.m.s.>.....<.B.r.a.n.d. .k.e.y.=.".1.1.". .p.r.e.f.i.x.=.".P.R.E.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.P.r.e.c.i.s.i.o.n.].].>.<./.D.i.s.p.l.a.y.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.E.5.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.5.5.1.0.].].>.<./.D.i.s.p.l.a.y.>.....<./.M.o.d.e.l.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.D.9.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.7.5.1.0.].].>.<./.D.i.s.p.l.a.y.>.....<./.M.o.d.e.l.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.D.A.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\RLtek_USB_Driver_WOW\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1210
                                                                                                                                    Entropy (8bit):5.4756088412657595
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLy4NIVidXLJ+MIVidXLO2FNavzM9oQPNIVidXLGFpG5:P5r85vTh1A+n9yIodbAMIodbO2aiTFIQ
                                                                                                                                    MD5:9512CB4A8245BEA4322F8BC680AC0DC3
                                                                                                                                    SHA1:7ED23DC741CA0328562629F782E6456372F1C04B
                                                                                                                                    SHA-256:9141964056B46365DA57F704104EEA7D222741B3438D567C7F1B7569E0C0534C
                                                                                                                                    SHA-512:AAE4D6E8C6EDB14B774E348FEC4E5FA3A3790E747C8526FC313EFE34D7C2607779FF81785ACA2640A60A7E308EC398A3035ADAC6488D66946B3E06FDAEDDBDF4
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..PkgType = DRVR..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A46A65D-89AC-464C-8026-3CD44960BD04};DisplayVersion..ComponentID = 103620..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A46A65D-89AC-464C-8026-3CD44960BD04};DisplayName....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method =

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\RLtek_USB_Driver_WOW\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1246
                                                                                                                                    Entropy (8bit):5.498035273247619
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLy4NCtVidXLJ+MCtVidXLO2FNavzM9oQPNCtVidXLGk:P5r85vTh1A+n9yEodbAMEodbO2aiTFEQ
                                                                                                                                    MD5:D315DB2DD9EB75C4A99284A20430976C
                                                                                                                                    SHA1:892D04247CEC8D6F088039F26EEF69BE2DC48FDB
                                                                                                                                    SHA-256:9ACBB45E48840454EEEF552579AE6D69DC5747172A5A6FE6E38ABA7757D479BC
                                                                                                                                    SHA-512:9820949A448884161ACBDA53F72CE78871C2BFAEBD6DD4A10C3235BC77926AC967AA55EFD5E48DD6E9FA64B1991DA64A66BC0D0B0E79D7396DAA399FF91AD199
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..PkgType = DRVR..Data = HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0A46A65D-89AC-464C-8026-3CD44960BD04};DisplayVersion..ComponentID = 103620..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0A46A65D-89AC-464C-8026-3CD44960BD04};DisplayName....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the bi

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\RLtek_USB_Driver_WOW\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\RLtek_USB_Driver_WOW\RegForceInventory.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF, CR line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):89836
                                                                                                                                    Entropy (8bit):3.653129458194554
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:br1DSRdToTy+/dl3P5lE3hdLBSTL+E9WbNt:tGoG+/dDGnBS/+Esv
                                                                                                                                    MD5:29F6C95243BDB81B7C183A2FDEAF0084
                                                                                                                                    SHA1:4CF5DF9645E99B3BECE8E9BD27703189E341B60C
                                                                                                                                    SHA-256:C2AF3EB954DCE059D1AAF6B3DEDBAF2AAB5899BCE681657AB5B4C6BD7CC9F050
                                                                                                                                    SHA-512:832730A3DDAFEBEA58CDE981F77A8DBC363B5ABA1E7323C663052EE8CD9110ABDC9AB480B93B773C7A83C8169DD45E849BC2583EBF8542F47E777309455AF3BF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.". .s.t.a.n.d.a.l.o.n.e.=.".n.o.".?.>.....<.F.o.r.c.e.I.n.v.e.n.t.o.r.y.>.....<.D.e.v.i.c.e. .c.o.m.p.o.n.e.n.t.I.D.=.".1.0.3.6.2.0.". .e.m.b.e.d.d.e.d.=.".0.". . .t.y.p.e.=.".D.R.V.R.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.R.e.a.l.t.e.k. .U.S.B. .A.u.d.i.o.].].>.<./.D.i.s.p.l.a.y.>.........<.S.u.p.p.o.r.t.e.d.S.y.s.t.e.m.s.>.....<.B.r.a.n.d. .k.e.y.=.".1.1.". .p.r.e.f.i.x.=.".P.R.E.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.P.r.e.c.i.s.i.o.n.].].>.<./.D.i.s.p.l.a.y.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.E.5.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.5.5.1.0.].].>.<./.D.i.s.p.l.a.y.>.....<./.M.o.d.e.l.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.D.9.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.7.5.1.0.].].>.<./.D.i.s.p.l.a.y.>.....<./.M.o.d.e.l.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.D.A.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\RegForceInventory.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF, CR line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):89836
                                                                                                                                    Entropy (8bit):3.653129458194554
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:br1DSRdToTy+/dl3P5lE3hdLBSTL+E9WbNt:tGoG+/dDGnBS/+Esv
                                                                                                                                    MD5:29F6C95243BDB81B7C183A2FDEAF0084
                                                                                                                                    SHA1:4CF5DF9645E99B3BECE8E9BD27703189E341B60C
                                                                                                                                    SHA-256:C2AF3EB954DCE059D1AAF6B3DEDBAF2AAB5899BCE681657AB5B4C6BD7CC9F050
                                                                                                                                    SHA-512:832730A3DDAFEBEA58CDE981F77A8DBC363B5ABA1E7323C663052EE8CD9110ABDC9AB480B93B773C7A83C8169DD45E849BC2583EBF8542F47E777309455AF3BF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.". .s.t.a.n.d.a.l.o.n.e.=.".n.o.".?.>.....<.F.o.r.c.e.I.n.v.e.n.t.o.r.y.>.....<.D.e.v.i.c.e. .c.o.m.p.o.n.e.n.t.I.D.=.".1.0.3.6.2.0.". .e.m.b.e.d.d.e.d.=.".0.". . .t.y.p.e.=.".D.R.V.R.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.R.e.a.l.t.e.k. .U.S.B. .A.u.d.i.o.].].>.<./.D.i.s.p.l.a.y.>.........<.S.u.p.p.o.r.t.e.d.S.y.s.t.e.m.s.>.....<.B.r.a.n.d. .k.e.y.=.".1.1.". .p.r.e.f.i.x.=.".P.R.E.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.P.r.e.c.i.s.i.o.n.].].>.<./.D.i.s.p.l.a.y.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.E.5.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.5.5.1.0.].].>.<./.D.i.s.p.l.a.y.>.....<./.M.o.d.e.l.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.D.9.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.7.5.1.0.].].>.<./.D.i.s.p.l.a.y.>.....<./.M.o.d.e.l.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.D.A.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\TB_Controller_new\DRVUpdate.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):267312
                                                                                                                                    Entropy (8bit):6.393123909234834
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:g6WaV2WJ2u6PupcWluM7nCL6h5nTJwdPnjSszac2eM3FjM1/GGa4arGOZYd92Nah:gBOAtE5bTSdk5FjHGa4yZYd92/VuEhC
                                                                                                                                    MD5:281C4E15D1FBE669754B0E300B5BB6CD
                                                                                                                                    SHA1:1FE48A008A542C79BE57D113692A68016E6807AF
                                                                                                                                    SHA-256:32B75BBED593E90B11A6627459AC2B660BDC15958C4DDC1D919F1AF95DBC6EFA
                                                                                                                                    SHA-512:717DA2953202F83ABD3AB46B64C20EBAB2BB892C4547C14CD4EDB4A63233357F59A98C6803103CB0B0DC4445D7E067533D6122198F58FEF5FABDC52C07C1CBDE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Bk.....P...P...Pi|8P...Pi|.PF..Pi|.P...P.r5P...P...Po..Pi|.P...Pi|<P...Pi|;P...PRich...P........................PE..L....%.]............................ $............@..........................@......%V....@.................................\...x.......................0...............................................@............................................text............................... ..`.rdata..............................@..@.data....=..........................@....rsrc...............................@..@.reloc..D+.......,..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\TB_Controller_new\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):901
                                                                                                                                    Entropy (8bit):5.274372077523482
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLVlPyFNavzM9oQj6FpG5:P5r85vTh1A+n9vaiTuO5
                                                                                                                                    MD5:542683C4A400BC430487D9F53CF01FEC
                                                                                                                                    SHA1:2A0F2785A04BEC90CC5EB00EA2BC95B00A91E5FE
                                                                                                                                    SHA-256:C1A170E925B810A8A4AE52B8245E36C8D78EDC6D8DC912A9E50E7141E5360ED5
                                                                                                                                    SHA-512:BF1A911EADE32B19BC61B94E74F0CD3989DEF7E2EE2D6973141FC940A7C1CEDA9406B4C428E6CEC844E339AF8CD45F3BD74E3F1EBB92702574EB98E9474E9568
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = MSI..PkgType = DRVR..Data = {98F4A036-8424-4944-9373-DB1ED859B6EE}..ComponentID = 103992....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = MSI..Data = {98F4A036-8424-4944-9373-DB1ED859B6EE}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\TB_Controller_new\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):903
                                                                                                                                    Entropy (8bit):5.273512583697007
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLVlPhFNavzM9oQj6FpG5:P5r85vTh1A+n9gaiTuO5
                                                                                                                                    MD5:884E28C3369C7D14872DE5E03AE05F80
                                                                                                                                    SHA1:CA3B445488A75E620F2AF7330A0FF49B9E442D5C
                                                                                                                                    SHA-256:3089D48AAA7A6F3972E640FA5B592CB19B93A1E5FB8CFA1C115A41CCB40791BC
                                                                                                                                    SHA-512:811211FFEDEAE1FFC95EE609CC092AAD3EA82F802767F087FC28CD9652A7D4C48E729E479C0EAF37412E94E9CDBA3FFB185B4C7FB9C5FD9CDB10CD3D6D3E141C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = MSI..PkgType = DRVR..Data = {98F4A036-8424-4944-9373-DB1ED859B6EE}..ComponentID = 103992......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = MSI..Data = {98F4A036-8424-4944-9373-DB1ED859B6EE}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\TB_Controller_new\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\TB_Controller_new\RegForceInventory.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF, CR line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):89836
                                                                                                                                    Entropy (8bit):3.653129458194554
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:br1DSRdToTy+/dl3P5lE3hdLBSTL+E9WbNt:tGoG+/dDGnBS/+Esv
                                                                                                                                    MD5:29F6C95243BDB81B7C183A2FDEAF0084
                                                                                                                                    SHA1:4CF5DF9645E99B3BECE8E9BD27703189E341B60C
                                                                                                                                    SHA-256:C2AF3EB954DCE059D1AAF6B3DEDBAF2AAB5899BCE681657AB5B4C6BD7CC9F050
                                                                                                                                    SHA-512:832730A3DDAFEBEA58CDE981F77A8DBC363B5ABA1E7323C663052EE8CD9110ABDC9AB480B93B773C7A83C8169DD45E849BC2583EBF8542F47E777309455AF3BF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.". .s.t.a.n.d.a.l.o.n.e.=.".n.o.".?.>.....<.F.o.r.c.e.I.n.v.e.n.t.o.r.y.>.....<.D.e.v.i.c.e. .c.o.m.p.o.n.e.n.t.I.D.=.".1.0.3.6.2.0.". .e.m.b.e.d.d.e.d.=.".0.". . .t.y.p.e.=.".D.R.V.R.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.R.e.a.l.t.e.k. .U.S.B. .A.u.d.i.o.].].>.<./.D.i.s.p.l.a.y.>.........<.S.u.p.p.o.r.t.e.d.S.y.s.t.e.m.s.>.....<.B.r.a.n.d. .k.e.y.=.".1.1.". .p.r.e.f.i.x.=.".P.R.E.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.P.r.e.c.i.s.i.o.n.].].>.<./.D.i.s.p.l.a.y.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.E.5.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.5.5.1.0.].].>.<./.D.i.s.p.l.a.y.>.....<./.M.o.d.e.l.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.D.9.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.7.5.1.0.].].>.<./.D.i.s.p.l.a.y.>.....<./.M.o.d.e.l.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.D.A.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\TB_Firmware\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):656
                                                                                                                                    Entropy (8bit):5.347563627016613
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtbitwCtgwDGBClXLTpNg4y4fLTpNg4yfhIY1mLTpNg4ypFsq+pG1:+eOKByvpPy4fvpPyfyLvpPygFpG1
                                                                                                                                    MD5:9FC63CFA80A28F27F3FF11BBD7B582DD
                                                                                                                                    SHA1:25BA54A64C77866A2F6B238244B92DB306F2CD71
                                                                                                                                    SHA-256:FEBD7E9CF8CECCA9D7B436E7D8838ADE4B2626E9EC80D546DEEF28083461894E
                                                                                                                                    SHA-512:29BBD7981CD93A1E5FF7CED746F0BA34B91D00CA755A27EBB7B87ACFF7870A197E4C2280ED5B226286DFEEBC8AC0E82FF8C8AFAA9DDD9326F022B85538CFEC6F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = Reg..PkgType = FRMW..ComponentID=103992..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Thunderbolt Controller;Display Name..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Thunderbolt Controller;Version......[Version]....; Need to extract Version from below given registry path..Method = Reg..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Thunderbolt Controller;Version..; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\TB_Firmware\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):656
                                                                                                                                    Entropy (8bit):5.347563627016613
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtbitwCtgwDGBClXLTpNg4y4fLTpNg4yfhIY1mLTpNg4ypFsq+pG1:+eOKByvpPy4fvpPyfyLvpPygFpG1
                                                                                                                                    MD5:9FC63CFA80A28F27F3FF11BBD7B582DD
                                                                                                                                    SHA1:25BA54A64C77866A2F6B238244B92DB306F2CD71
                                                                                                                                    SHA-256:FEBD7E9CF8CECCA9D7B436E7D8838ADE4B2626E9EC80D546DEEF28083461894E
                                                                                                                                    SHA-512:29BBD7981CD93A1E5FF7CED746F0BA34B91D00CA755A27EBB7B87ACFF7870A197E4C2280ED5B226286DFEEBC8AC0E82FF8C8AFAA9DDD9326F022B85538CFEC6F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = Reg..PkgType = FRMW..ComponentID=103992..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Thunderbolt Controller;Display Name..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Thunderbolt Controller;Version......[Version]....; Need to extract Version from below given registry path..Method = Reg..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Thunderbolt Controller;Version..; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\TB_Firmware\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\TB_Firmware\RegForceInventory.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF, CR line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):89836
                                                                                                                                    Entropy (8bit):3.653129458194554
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:br1DSRdToTy+/dl3P5lE3hdLBSTL+E9WbNt:tGoG+/dDGnBS/+Esv
                                                                                                                                    MD5:29F6C95243BDB81B7C183A2FDEAF0084
                                                                                                                                    SHA1:4CF5DF9645E99B3BECE8E9BD27703189E341B60C
                                                                                                                                    SHA-256:C2AF3EB954DCE059D1AAF6B3DEDBAF2AAB5899BCE681657AB5B4C6BD7CC9F050
                                                                                                                                    SHA-512:832730A3DDAFEBEA58CDE981F77A8DBC363B5ABA1E7323C663052EE8CD9110ABDC9AB480B93B773C7A83C8169DD45E849BC2583EBF8542F47E777309455AF3BF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.". .s.t.a.n.d.a.l.o.n.e.=.".n.o.".?.>.....<.F.o.r.c.e.I.n.v.e.n.t.o.r.y.>.....<.D.e.v.i.c.e. .c.o.m.p.o.n.e.n.t.I.D.=.".1.0.3.6.2.0.". .e.m.b.e.d.d.e.d.=.".0.". . .t.y.p.e.=.".D.R.V.R.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.R.e.a.l.t.e.k. .U.S.B. .A.u.d.i.o.].].>.<./.D.i.s.p.l.a.y.>.........<.S.u.p.p.o.r.t.e.d.S.y.s.t.e.m.s.>.....<.B.r.a.n.d. .k.e.y.=.".1.1.". .p.r.e.f.i.x.=.".P.R.E.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.P.r.e.c.i.s.i.o.n.].].>.<./.D.i.s.p.l.a.y.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.E.5.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.5.5.1.0.].].>.<./.D.i.s.p.l.a.y.>.....<./.M.o.d.e.l.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.D.9.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.=.".e.n.".>.<.!.[.C.D.A.T.A.[.7.5.1.0.].].>.<./.D.i.s.p.l.a.y.>.....<./.M.o.d.e.l.>.....<.M.o.d.e.l. .s.y.s.t.e.m.I.D.=.".0.6.D.A.".>.....<.D.i.s.p.l.a.y. .l.a.n.g.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltRegModule.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):558128
                                                                                                                                    Entropy (8bit):6.568664647717898
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:e6kq6VDVD7ZaDV2p8f3/KAbhg9IPzkbiphm5N2Inww:zZyVD7I3SIPYbEhm5Vww
                                                                                                                                    MD5:ADB637B1D1AEAB0202E34E55ACE2C60F
                                                                                                                                    SHA1:3FF4B6D2FD916D4D6428230C66197A3842098730
                                                                                                                                    SHA-256:2FCD99CB4B81A78A0767820612B1245AA7DB7AF1ED65900520EE101FFF2FDE5E
                                                                                                                                    SHA-512:D23FCFA349B22684E067B86727240404BE5A353D9497A55B233572FBE95959415881FD4B453E3CBC11D866534BD0682C998074C472DC05BE09120F8D7996AC7A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........B...B...B...K.o.C.....t.K...-.r.F...-.p.F...-.G.D...B...P...K...I...-.F.x...-.C.R...-.q.C...RichB...........................PE..L..."&.].....................h....................@.......................................@.........................................................h..0........^..................................8Q..@............................................text............................... ..`.rdata..b...........................@..@.data...............................@....rsrc...............................@..@.reloc..z...........................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\ThunderboltZeroInv.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):576048
                                                                                                                                    Entropy (8bit):6.5668917712014565
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:zDypJUGZoaZRv1TfoduFNMYBKAM50kdjVBm5omlo4vxr+MO4:Py8GIUgbdpBm5Tvxrw
                                                                                                                                    MD5:A7CC38F7F4FD4DCEA1C0618F249290E2
                                                                                                                                    SHA1:5344A59F96D62CD795B951155A6EF4A5EAAD12F3
                                                                                                                                    SHA-256:CFEA7351254E8346B9BA630A9309607D5A7D758E1DDDFF06D4A019B31CB4063E
                                                                                                                                    SHA-512:9934D3B1AC7114FE6C4E2315B0B6940916D272A30F9893B015A400C9DDCFB1B722250FA3EEB9147ECC1E8DC2900F1F575102AFDD8F4CC4B0AE2798B72A0D1303
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........HaW.&2W.&2W.&2^.2V.&28.2S.&2..2P.&28.2R.&28.2Q.&2W.'2F.&2^.2\.&28.2m.&28.2X.&28.2V.&2RichW.&2........PE..L...*&.].................>...l.......$.......P....@.......................................@.......................................... ..................0....0...`...T..............................p...@............P...............................text...D<.......>.................. ..`.rdata......P.......B..............@..@.data...............................@....rsrc........ ......................@..@.reloc..@....0......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Thunderbolt_Reg\zeroConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2130
                                                                                                                                    Entropy (8bit):3.617871164273225
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:yrEqpfGeGwatfSeSwa7f6MaNpfFeFwaOfWeWwarfqc0:Zqu7v6aHv
                                                                                                                                    MD5:5C28724F7B5B96DBA7A14538827363FE
                                                                                                                                    SHA1:12CD1ACEE7B0F43A52DF09B68AD0D92011F317C8
                                                                                                                                    SHA-256:B3914318FBC9A261069F6E4FC1EA177E926D29D013B22DA33510AB4B8B004C1D
                                                                                                                                    SHA-512:717F6FBD7A08961FCFF5ADC19244697C565FFD8F9FEF1F30B3FA93B8F74809B049DEAE96BE362F5D4D35D397313E2F672A26E3E2B1F73F1A667A02F8DCA9CF27
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.8.".?.>.....<.I.n.v.C.o.l.C.o.n.f.i.g.>.........<.I.n.v.C.o.m.p.o.n.e.n.t. .d.i.r.=.".T.B._.C.o.n.t.r.o.l.l.e.r._.n.e.w.". .t.y.p.e.=.".c.l.i.". .p.r.i.o.r.i.t.y.=.".5.". .l.e.v.e.l.=.".0.". .t.i.m.e.o.u.t.=.".3.0.". .o.u.t.=.".T.B.C.1._.Z.I...x.m.l.".>.T.h.u.n.d.e.r.b.o.l.t.R.e.g.M.o.d.u.l.e...e.x.e. .-.z. .-.o.=.T.B.C.1._.Z.I...x.m.l.<./.I.n.v.C.o.m.p.o.n.e.n.t.>.........<.I.n.v.C.o.m.p.o.n.e.n.t. .d.i.r.=.".T.B._.F.i.r.m.w.a.r.e.". .t.y.p.e.=.".c.l.i.". .p.r.i.o.r.i.t.y.=.".5.". .l.e.v.e.l.=.".0.". .t.i.m.e.o.u.t.=.".3.0.". .o.u.t.=.".T.B.F._.Z.I...x.m.l.".>.T.h.u.n.d.e.r.b.o.l.t.R.e.g.M.o.d.u.l.e...e.x.e. .-.z. .-.o.=.T.B.F._.Z.I...x.m.l.<./.I.n.v.C.o.m.p.o.n.e.n.t.>.........<.I.n.v.C.o.m.p.o.n.e.n.t. .d.i.r.=.".R.L.t.e.k._.U.S.B._.D.r.i.v.e.r._.W.O.W.". .t.y.p.e.=.".c.l.i.". .p.r.i.o.r.i.t.y.=.".5.". .l.e.v.e.l.=.".0.". .t.i.m.e.o.u.t.=.".3.0.". .o.u.t.=.".R.T.L._.D.R.V._.W.O.W...x.m.l.".>.T.h.u.n.d.e.r.b.o.l.t.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Tobi_Eye_Tracker\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):187
                                                                                                                                    Entropy (8bit):5.04621062049593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFsXbvmGHQUUGp1VN74S+VBIdVBsSkGHQUUGp1VN74Sa:/QZgFsaFUbZbrBUFUbZc
                                                                                                                                    MD5:D0C335EA60336F5BE5B70D9CD8A0B2CC
                                                                                                                                    SHA1:AD41A23C30E5929984AC0A458292C077984F3BAC
                                                                                                                                    SHA-256:E1DB867620C1DC340141FE4E2E045CC5B8AFE784E3F625A5160FD405ACBD0CC3
                                                                                                                                    SHA-512:A18DB6FC7C88692A90DACB0B37519569A93FB201419A056A677CAAB0442E828062BB512B3C8F074BFDCB3447A56AFF3054E2FE962ACE204C5E794DEF16FA0C02
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 105027..data = {08b52a3a-63eb-47c0-8a75-1df052a99042} ..pkgtype = DRVR....[Version]..method = MSI..data = {08b52a3a-63eb-47c0-8a75-1df052a99042} ....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Tobi_Eye_Tracker\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):187
                                                                                                                                    Entropy (8bit):5.04621062049593
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFsXbvmGHQUUGp1VN74S+VBIdVBsSkGHQUUGp1VN74Sa:/QZgFsaFUbZbrBUFUbZc
                                                                                                                                    MD5:D0C335EA60336F5BE5B70D9CD8A0B2CC
                                                                                                                                    SHA1:AD41A23C30E5929984AC0A458292C077984F3BAC
                                                                                                                                    SHA-256:E1DB867620C1DC340141FE4E2E045CC5B8AFE784E3F625A5160FD405ACBD0CC3
                                                                                                                                    SHA-512:A18DB6FC7C88692A90DACB0B37519569A93FB201419A056A677CAAB0442E828062BB512B3C8F074BFDCB3447A56AFF3054E2FE962ACE204C5E794DEF16FA0C02
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 105027..data = {08b52a3a-63eb-47c0-8a75-1df052a99042} ..pkgtype = DRVR....[Version]..method = MSI..data = {08b52a3a-63eb-47c0-8a75-1df052a99042} ....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Tobi_Eye_Tracker\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Tobiee_Eyex\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):185
                                                                                                                                    Entropy (8bit):5.147265878822993
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFy5SJmUTcW05VWhdXAEdoVBIdVBsSkUTcW05VWhdXAEdyv:/QZgFyHKW5VWLBrBUKW5VWLcv
                                                                                                                                    MD5:43080F2519984AB3D936BAC28EAA8B2E
                                                                                                                                    SHA1:F4D078D9A114B5FCD5EB59C7036F8A0766871789
                                                                                                                                    SHA-256:23D15350EC0D695FFB0ED820DD66CB96EC977D24AF9258C986F34239F47FD21E
                                                                                                                                    SHA-512:5A658B06D55517FF1F3F88B00122F807E92F26C497B04C3C5F5BC6A651CBC430F8EED35EAB46A27B17F464D6580F739D2DAE3D006720E3F73D8AE8C199E392C3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 107006..data = {1E699B8F-68BE-40FE-BD39-738F8E74C548} ..pkgtype = DRVR....[Version]..method = MSI..data = {1E699B8F-68BE-40FE-BD39-738F8E74C548} ....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Tobiee_Eyex\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):185
                                                                                                                                    Entropy (8bit):5.147265878822993
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFy5SJmUTcW05VWhdXAEdoVBIdVBsSkUTcW05VWhdXAEdyv:/QZgFyHKW5VWLBrBUKW5VWLcv
                                                                                                                                    MD5:43080F2519984AB3D936BAC28EAA8B2E
                                                                                                                                    SHA1:F4D078D9A114B5FCD5EB59C7036F8A0766871789
                                                                                                                                    SHA-256:23D15350EC0D695FFB0ED820DD66CB96EC977D24AF9258C986F34239F47FD21E
                                                                                                                                    SHA-512:5A658B06D55517FF1F3F88B00122F807E92F26C497B04C3C5F5BC6A651CBC430F8EED35EAB46A27B17F464D6580F739D2DAE3D006720E3F73D8AE8C199E392C3
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 107006..data = {1E699B8F-68BE-40FE-BD39-738F8E74C548} ..pkgtype = DRVR....[Version]..method = MSI..data = {1E699B8F-68BE-40FE-BD39-738F8E74C548} ....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Tobiee_Eyex\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\TouchPad\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1575
                                                                                                                                    Entropy (8bit):4.645428108684657
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:/9+YO9e7mHGnTp4/Q2Gq5a6FkTg9/3Q4/xGhymH8RnAXX21G1UCib/q5te/4p+/a:kYO0mHGnTp4/Q2Gq5a6FkTgx3QIxGhyg
                                                                                                                                    MD5:2CE5615C5C4A0BDDCD902F65879AB7F1
                                                                                                                                    SHA1:2C1248CFC060397032FAF9DCE01A8DCDFC402FB9
                                                                                                                                    SHA-256:14D4FD73CB7A7FFCE35E9B5D69AFCCCFDFBEC0621CC91F3EBA9301FE87BCF042
                                                                                                                                    SHA-512:1A488EA9978D391915D526C795BC4C92CA69059A37D075C745EB7EA8F8DA7946D602DCBFC66E651EAB69E6D3255D69710FB9E3FBFD6CA4ECB229120B7ECCBA6A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = ACPI..PkgType = DRVR....[Version]......Method = PCI........; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map PID of each Bluetooth to its corresponsing Device Code....[Mapping]..;Alps Touchpad..DLL040A=20801..DLL040B=20801..DLL040C=20801..DLL0428=20801..DLL0429=20801..DLL0410=20801..DLL0492=20801..DLL0493=20801..DLL0494=20801..DLL04A3=20801..DLL04A4=20801..DLL049A=20801..DLL049B=20801..DLL04A9=20801..DLL04B4=20801..DLL04EB=20801..DLL04EC=20801..DLL04E4=20801..DLL0534=20801..DLL0535=20801..DLL053C=20801..DLL053D=20801..DLL0549=20801..DLL054A=20801..DLL053E=20801..DLL053F=20801..DLL0532=20801..DLL0533=20801..DLL057D=20801..DLL0584=20801..DLL05CC=20801..DLL05CD=20801..DLL05BD=20801..DLL05BD=20801..DLL05BE=20801..DLL05CA=20801..DLL05CB=20801..DLL05DD=20801..DLL05DE=20801..DLL05E0=2

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\TouchPad\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1575
                                                                                                                                    Entropy (8bit):4.645428108684657
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:/9+YO9e7mHGnTp4/Q2Gq5a6FkTg9/3Q4/xGhymH8RnAXX21G1UCib/q5te/4p+/a:kYO0mHGnTp4/Q2Gq5a6FkTgx3QIxGhyg
                                                                                                                                    MD5:2CE5615C5C4A0BDDCD902F65879AB7F1
                                                                                                                                    SHA1:2C1248CFC060397032FAF9DCE01A8DCDFC402FB9
                                                                                                                                    SHA-256:14D4FD73CB7A7FFCE35E9B5D69AFCCCFDFBEC0621CC91F3EBA9301FE87BCF042
                                                                                                                                    SHA-512:1A488EA9978D391915D526C795BC4C92CA69059A37D075C745EB7EA8F8DA7946D602DCBFC66E651EAB69E6D3255D69710FB9E3FBFD6CA4ECB229120B7ECCBA6A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = ACPI..PkgType = DRVR....[Version]......Method = PCI........; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map PID of each Bluetooth to its corresponsing Device Code....[Mapping]..;Alps Touchpad..DLL040A=20801..DLL040B=20801..DLL040C=20801..DLL0428=20801..DLL0429=20801..DLL0410=20801..DLL0492=20801..DLL0493=20801..DLL0494=20801..DLL04A3=20801..DLL04A4=20801..DLL049A=20801..DLL049B=20801..DLL04A9=20801..DLL04B4=20801..DLL04EB=20801..DLL04EC=20801..DLL04E4=20801..DLL0534=20801..DLL0535=20801..DLL053C=20801..DLL053D=20801..DLL0549=20801..DLL054A=20801..DLL053E=20801..DLL053F=20801..DLL0532=20801..DLL0533=20801..DLL057D=20801..DLL0584=20801..DLL05CC=20801..DLL05CD=20801..DLL05BD=20801..DLL05BD=20801..DLL05BE=20801..DLL05CA=20801..DLL05CB=20801..DLL05DD=20801..DLL05DE=20801..DLL05E0=2

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\TouchPad\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\TouchPad\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\TouchPad_X8\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):694
                                                                                                                                    Entropy (8bit):5.134486583374363
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtbitwCtgJLmdBFsq+pGipXd72y3zqopBVAGv/oZBTGIEPIB/3d/7GrMW2pGHC:+erLSYFpGipXd72oOopvAGnoZBTGIEIP
                                                                                                                                    MD5:0745BF56BCC1D506CC4BCFB6DE72595A
                                                                                                                                    SHA1:879D07B2BE6D19D01081B5E2F6641448E8DAD3B9
                                                                                                                                    SHA-256:FB0D2F8C511484D1460132DB7E377192B2F4F158C556FAA797B33DE895DE893A
                                                                                                                                    SHA-512:57BB364742652F45BC6B5B5A1BFFF19CBCC7CE1BBFAEB33BF0D774E43985186119EEC18FC7E2762BF0278F56487EB4BCFDAA9811ED47EFD89F151407972B7E63
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = HID..PkgType = DRVR....[Version]......Method = PCI........; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map PID of each Bluetooth to its corresponsing Device Code....[Mapping]..;Alps Touchpad for X8 platforms..DLL079F=20801..DLL07A0=20801..DLL07A6=20801..DLL07A7=20801..DLL07A8=20801..DLL07A9=20801..DLL07AA=20801..DLL07AB=20801..DLL07B0=20801..DLL07B1=20801..DLL07D2=20801..DLL07D1=20801..DLL07D0=20801..DLL07F3=20801..DELL07B0=20801..DELL07B1=20801..DLL07F0=20801..DLL07F1=20801..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\TouchPad_X8\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):694
                                                                                                                                    Entropy (8bit):5.134486583374363
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtbitwCtgJLmdBFsq+pGipXd72y3zqopBVAGv/oZBTGIEPIB/3d/7GrMW2pGHC:+erLSYFpGipXd72oOopvAGnoZBTGIEIP
                                                                                                                                    MD5:0745BF56BCC1D506CC4BCFB6DE72595A
                                                                                                                                    SHA1:879D07B2BE6D19D01081B5E2F6641448E8DAD3B9
                                                                                                                                    SHA-256:FB0D2F8C511484D1460132DB7E377192B2F4F158C556FAA797B33DE895DE893A
                                                                                                                                    SHA-512:57BB364742652F45BC6B5B5A1BFFF19CBCC7CE1BBFAEB33BF0D774E43985186119EEC18FC7E2762BF0278F56487EB4BCFDAA9811ED47EFD89F151407972B7E63
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = HID..PkgType = DRVR....[Version]......Method = PCI........; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map PID of each Bluetooth to its corresponsing Device Code....[Mapping]..;Alps Touchpad for X8 platforms..DLL079F=20801..DLL07A0=20801..DLL07A6=20801..DLL07A7=20801..DLL07A8=20801..DLL07A9=20801..DLL07AA=20801..DLL07AB=20801..DLL07B0=20801..DLL07B1=20801..DLL07D2=20801..DLL07D1=20801..DLL07D0=20801..DLL07F3=20801..DELL07B0=20801..DELL07B1=20801..DLL07F0=20801..DLL07F1=20801..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\TouchPad_X8\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\TouchPad_X8\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\TouchPad_reg\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1122
                                                                                                                                    Entropy (8bit):5.263843944443193
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLlNNy/3MNhFNavzM9oQPNN9FpG5:P5r85vTh1A+n9oq3MjaiTFHO5
                                                                                                                                    MD5:4F7005630D30992E4374F1721FB0DC7B
                                                                                                                                    SHA1:88503F5E2044D24D312F9D00E94D813B8A9482C5
                                                                                                                                    SHA-256:95B838D60315D8CD782CEC0B042CA48F417579AADCD945F5D0F8A99FCF9A119D
                                                                                                                                    SHA-512:630F8B82A6146E73BEBE1760927ECF69B3D9E9C1D4BC0EE02C728182F13F39D2968D6697807776EAB7066BD30857885BF8CD4BF21821BA7529DFAFD274EAABD9
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\InstalledOptions\Alps Electric\Mouse\Alps Electric\Touch Pad;CurrentVer..ComponentID = 20801..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\InstalledOptions\Alps Electric\Mouse\Alps Electric\Touch Pad;Description....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\InstalledOptions\Alps E

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\TouchPad_reg\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1122
                                                                                                                                    Entropy (8bit):5.263843944443193
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLlNNy/3MNhFNavzM9oQPNN9FpG5:P5r85vTh1A+n9oq3MjaiTFHO5
                                                                                                                                    MD5:4F7005630D30992E4374F1721FB0DC7B
                                                                                                                                    SHA1:88503F5E2044D24D312F9D00E94D813B8A9482C5
                                                                                                                                    SHA-256:95B838D60315D8CD782CEC0B042CA48F417579AADCD945F5D0F8A99FCF9A119D
                                                                                                                                    SHA-512:630F8B82A6146E73BEBE1760927ECF69B3D9E9C1D4BC0EE02C728182F13F39D2968D6697807776EAB7066BD30857885BF8CD4BF21821BA7529DFAFD274EAABD9
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\InstalledOptions\Alps Electric\Mouse\Alps Electric\Touch Pad;CurrentVer..ComponentID = 20801..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\InstalledOptions\Alps Electric\Mouse\Alps Electric\Touch Pad;Description....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\InstalledOptions\Alps E

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\TouchPad_reg\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\TouchPad_reg\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Touchpad_reg1\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1206
                                                                                                                                    Entropy (8bit):5.281150693401044
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLlNvpK05vMMvpK05MFNavzM9oQPNvpK05GFpG5:P5r85vTh1A+n9ovp7vMMvp7MaiTFvp7B
                                                                                                                                    MD5:ED3A449D08698F20516C9D0C28CA10D1
                                                                                                                                    SHA1:1FD173AB9A71E9AD23C236A9481F73AB8113862C
                                                                                                                                    SHA-256:D8ED9866B87AA611625B83336ADB6D94D46C403D7D2D992620C954068DD85D2F
                                                                                                                                    SHA-512:EF5417549C06E67CB4CDCCB0F25BC81B918D7E08C17692F3C319DCC6D6AE0C5421882B75D39F1A17F743F94C247EB16EE964A45D84ACD03237FF42E2285EEC1E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Synaptics\Mouse\Synaptics\Synaptics Pointing Device Driver;Version....ComponentID = 103838..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Synaptics\Mouse\Synaptics\Synaptics Pointing Device Driver;DriverDescription....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Touchpad_reg1\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1206
                                                                                                                                    Entropy (8bit):5.281150693401044
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLlNvpK05vMMvpK05MFNavzM9oQPNvpK05GFpG5:P5r85vTh1A+n9ovp7vMMvp7MaiTFvp7B
                                                                                                                                    MD5:ED3A449D08698F20516C9D0C28CA10D1
                                                                                                                                    SHA1:1FD173AB9A71E9AD23C236A9481F73AB8113862C
                                                                                                                                    SHA-256:D8ED9866B87AA611625B83336ADB6D94D46C403D7D2D992620C954068DD85D2F
                                                                                                                                    SHA-512:EF5417549C06E67CB4CDCCB0F25BC81B918D7E08C17692F3C319DCC6D6AE0C5421882B75D39F1A17F743F94C247EB16EE964A45D84ACD03237FF42E2285EEC1E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Synaptics\Mouse\Synaptics\Synaptics Pointing Device Driver;Version....ComponentID = 103838..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Synaptics\Mouse\Synaptics\Synaptics Pointing Device Driver;DriverDescription....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Touchpad_reg1\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Touchpad_reg1\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\UTIL_INTEL_WIDI6_E7\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.182775146502544
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFOFS4Em5dcWmI4TIRhRgIjVSRVF9cVckhFdVBsSk5dcWmI4TIRhRgIjP:/QZgFOwk5dchIeZIjozbkhFrBU5dchIT
                                                                                                                                    MD5:4ADDB082F8F99E674420950646FBBFAB
                                                                                                                                    SHA1:B3606598B2F1152DB494F530FCF7BBFE4D14A9C5
                                                                                                                                    SHA-256:C2E46834060F7F8ADBBEB963F18ABBD77CBC668091D098F35AE3563F83760822
                                                                                                                                    SHA-512:560C9AA91F083CDF9742762C31896A5C1FBDD20BAF533AFC8BBBB69DE9F2ADCA31CE4C29F4E42B8E743E42175CD35331E2E5546D72DF05C6DECB66B78662EBE6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103855..data = {438937D0-2F16-4D4E-B3A0-5A0E6B5046F0}..pkgtype = APAC....[Version]..method = MSI..data = {438937D0-2F16-4D4E-B3A0-5A0E6B5046F0}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\UTIL_INTEL_WIDI6_E7\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):183
                                                                                                                                    Entropy (8bit):5.182775146502544
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFOFS4Em5dcWmI4TIRhRgIjVSRVF9cVckhFdVBsSk5dcWmI4TIRhRgIjP:/QZgFOwk5dchIeZIjozbkhFrBU5dchIT
                                                                                                                                    MD5:4ADDB082F8F99E674420950646FBBFAB
                                                                                                                                    SHA1:B3606598B2F1152DB494F530FCF7BBFE4D14A9C5
                                                                                                                                    SHA-256:C2E46834060F7F8ADBBEB963F18ABBD77CBC668091D098F35AE3563F83760822
                                                                                                                                    SHA-512:560C9AA91F083CDF9742762C31896A5C1FBDD20BAF533AFC8BBBB69DE9F2ADCA31CE4C29F4E42B8E743E42175CD35331E2E5546D72DF05C6DECB66B78662EBE6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103855..data = {438937D0-2F16-4D4E-B3A0-5A0E6B5046F0}..pkgtype = APAC....[Version]..method = MSI..data = {438937D0-2F16-4D4E-B3A0-5A0E6B5046F0}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\UTIL_INTEL_WIDI6_E7\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2076
                                                                                                                                    Entropy (8bit):4.798485328856543
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCf3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8IhhiKLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:653C27298CB050249ABCE44F33A36479
                                                                                                                                    SHA1:A9112088C02A5E6C3B652D0ADF876BF8D6259571
                                                                                                                                    SHA-256:E14473C8FB694BC6377EED1116C98BD33A7ECA936E3691D12FE2D04661DA1186
                                                                                                                                    SHA-512:83434AF09F4484C9462978058FD5DFE65E713D95FBB582DBCB2160995084663C5B3FE3870A2D25C7A747F707269BDD7950674FF7D986F064562524B2E8D011CF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600" >... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\UTIL_INTEL_WIDI_NEW\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):179
                                                                                                                                    Entropy (8bit):5.0087681579082455
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFOFS4EmsD+TWFIcVU7QH2wQlHFcCRcVBIdVBsSksD+TWFIcVU7QH2wQa:/QZgFOwksD+QIc+79wQl1JrBUsD+QIct
                                                                                                                                    MD5:C8BEA4177813BD3D81D0E1B167FEC9AD
                                                                                                                                    SHA1:A8327CC34FED26B2A85E54B455D81C346DAD93D3
                                                                                                                                    SHA-256:176E82D7423A7294199E4D4538F1D706539D22EEDB1F9682BFA3DFC6C65AB511
                                                                                                                                    SHA-512:7D515D72CE450B288F6692D1D573BA5416D61F8CC1C60162422EEFF3A0FEBD97FC2012B60C8194B2EA5475C63C4E05F2783CC33C319F5C26C840CF07302EAA63
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103855..data = {5368d82d-caa5-48cc-9017-5baaab87591b}..pkgtype = DRVR....[Version]..method = MSI..data = {5368d82d-caa5-48cc-9017-5baaab87591b}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\UTIL_INTEL_WIDI_NEW\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):179
                                                                                                                                    Entropy (8bit):5.0087681579082455
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:VNsVZK0GFOFS4EmsD+TWFIcVU7QH2wQlHFcCRcVBIdVBsSksD+TWFIcVU7QH2wQa:/QZgFOwksD+QIc+79wQl1JrBUsD+QIct
                                                                                                                                    MD5:C8BEA4177813BD3D81D0E1B167FEC9AD
                                                                                                                                    SHA1:A8327CC34FED26B2A85E54B455D81C346DAD93D3
                                                                                                                                    SHA-256:176E82D7423A7294199E4D4538F1D706539D22EEDB1F9682BFA3DFC6C65AB511
                                                                                                                                    SHA-512:7D515D72CE450B288F6692D1D573BA5416D61F8CC1C60162422EEFF3A0FEBD97FC2012B60C8194B2EA5475C63C4E05F2783CC33C319F5C26C840CF07302EAA63
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = MSI..componentid = 103855..data = {5368d82d-caa5-48cc-9017-5baaab87591b}..pkgtype = DRVR....[Version]..method = MSI..data = {5368d82d-caa5-48cc-9017-5baaab87591b}

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\UTIL_INTEL_WIDI_NEW\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2076
                                                                                                                                    Entropy (8bit):4.798485328856543
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCf3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8IhhiKLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:653C27298CB050249ABCE44F33A36479
                                                                                                                                    SHA1:A9112088C02A5E6C3B652D0ADF876BF8D6259571
                                                                                                                                    SHA-256:E14473C8FB694BC6377EED1116C98BD33A7ECA936E3691D12FE2D04661DA1186
                                                                                                                                    SHA-512:83434AF09F4484C9462978058FD5DFE65E713D95FBB582DBCB2160995084663C5B3FE3870A2D25C7A747F707269BDD7950674FF7D986F064562524B2E8D011CF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600" >... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\UTL_CORVUS\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):382
                                                                                                                                    Entropy (8bit):5.602932021604318
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:8HFN6dc5XLxb8gX6ZkWkaWjbAmtkXLxiH1jEBREmS1dvArMFrqOc5XLxb8gX6ZkB:oOcNLigX6+WGjkmtULMVjpdYrWcNLigJ
                                                                                                                                    MD5:B38538D61B9DD302CC4B31483054E42E
                                                                                                                                    SHA1:0D3CAFB6116EB9CF4749D6DFC69E5C8CFED13E68
                                                                                                                                    SHA-256:EE38DC71C90F33CF6DD94A1F111796BA750389A0E931BF9E98B45C50AD40FA97
                                                                                                                                    SHA-512:0F3B5BDAF15EB551A6A2C20099479AF249FBE5ACC4243A310E0DCBB2EBC24748B50277C1AC2397E096B7E09B19D8D07A739EDEF848FA2AAB053276174E0F37A1
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 104177..data = HKEY_LOCAL_MACHINE\SOFTWARE\ManageableUpdatePackage\Dell7010QST;default..pkgtype = APAC..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4AA0AC30-C36E-40C4-9B8F-418FDEC75406};displayname....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\ManageableUpdatePackage\Dell7010QST;default

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\UTL_CORVUS\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):396
                                                                                                                                    Entropy (8bit):5.624715559903712
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:oOcNLigX6+WGjkmtULetVjpdYrWcNLigX6+w:otNP6fYmCtV1dsVNP6Z
                                                                                                                                    MD5:22D6547006B4F187F77546F86A45DB18
                                                                                                                                    SHA1:9208FB071CAD85448E2F9DB87634A8F69BDFA123
                                                                                                                                    SHA-256:F0E57D18A38C72B84FCE03E92F10E98BF69E2CF380184878E0845D66393E784D
                                                                                                                                    SHA-512:1A6F659787E4B02FF46826191F14C04F42FB43B6E8923A6CD22AB757153546F91928ACA821D40F34911AE15C68FD5A325E34156431A49F517C8C9DCA9576C3C6
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]..method = Reg..componentid = 104177..data = HKEY_LOCAL_MACHINE\SOFTWARE\ManageableUpdatePackage\Dell7010QST;default..pkgtype = APAC..displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4AA0AC30-C36E-40C4-9B8F-418FDEC75406};displayname....[Version]..method = Reg..data = HKEY_LOCAL_MACHINE\SOFTWARE\ManageableUpdatePackage\Dell7010QST;default..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\UTL_CORVUS\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\VMWare\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2064
                                                                                                                                    Entropy (8bit):5.395652887880868
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrDDaiTB/X2+hIqU8HIhuoBAO5:hGvThi+nAEBL7uhuoZRTB/2PBLhuoSO5
                                                                                                                                    MD5:36957391E022DE5AC69F7DF44B24B484
                                                                                                                                    SHA1:2AFF96D2C115EACC02B5AB86A53AEB42992F21E5
                                                                                                                                    SHA-256:A1DD8FAE60CB9F7648E0675629E8444C6D7B3FB15AF1CDFEF81609B42AC0FB3F
                                                                                                                                    SHA-512:87E57D7A4D0123C248EF92D518861CF2DE63642CB320FA68E5938010DF21C7C8D84628FC1A331EC01A9418DB9F82BDADC6D77AE49C450AD0CFFE4A37FF442607
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\VMWare\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2064
                                                                                                                                    Entropy (8bit):5.395652887880868
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrDDaiTB/X2+hIqU8HIhuoBAO5:hGvThi+nAEBL7uhuoZRTB/2PBLhuoSO5
                                                                                                                                    MD5:36957391E022DE5AC69F7DF44B24B484
                                                                                                                                    SHA1:2AFF96D2C115EACC02B5AB86A53AEB42992F21E5
                                                                                                                                    SHA-256:A1DD8FAE60CB9F7648E0675629E8444C6D7B3FB15AF1CDFEF81609B42AC0FB3F
                                                                                                                                    SHA-512:87E57D7A4D0123C248EF92D518861CF2DE63642CB320FA68E5938010DF21C7C8D84628FC1A331EC01A9418DB9F82BDADC6D77AE49C450AD0CFFE4A37FF442607
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\VMWare\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\VMWare\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WDA_App\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):433
                                                                                                                                    Entropy (8bit):5.410019209666992
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pf0L648mQL6kFsq+pG5:+C5r85vSe8mZFpG5
                                                                                                                                    MD5:A962305EC89798E1AC1CB54FFA350DF6
                                                                                                                                    SHA1:2D88DE3287F0FB518717A4F10D5EFB94E67503B8
                                                                                                                                    SHA-256:C61FBD0E2ABB9E8895BCBC271BA188B98E0B9A3EC2BAE116CF12109824644FE1
                                                                                                                                    SHA-512:77E2FB2AB43D298D9B7982F843C498F6D98392F4D12B09B7BF825B5231E3AD01645852BD559F4E7D8B514C04B1D476614D1600567558710A2A07109AF55941C1
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {0622BBF5-3E88-450F-89E5-487C2B3DED52}..PkgType = APAC..ComponentID=107680......[Version]....;..Method = MSI..Data = {0622BBF5-3E88-450F-89E5-487C2B3DED52}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WDA_App\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):433
                                                                                                                                    Entropy (8bit):5.410019209666992
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtBV5ritBV5gCt7Sy+pf0L648mQL6kFsq+pG5:+C5r85vSe8mZFpG5
                                                                                                                                    MD5:A962305EC89798E1AC1CB54FFA350DF6
                                                                                                                                    SHA1:2D88DE3287F0FB518717A4F10D5EFB94E67503B8
                                                                                                                                    SHA-256:C61FBD0E2ABB9E8895BCBC271BA188B98E0B9A3EC2BAE116CF12109824644FE1
                                                                                                                                    SHA-512:77E2FB2AB43D298D9B7982F843C498F6D98392F4D12B09B7BF825B5231E3AD01645852BD559F4E7D8B514C04B1D476614D1600567558710A2A07109AF55941C1
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {0622BBF5-3E88-450F-89E5-487C2B3DED52}..PkgType = APAC..ComponentID=107680......[Version]....;..Method = MSI..Data = {0622BBF5-3E88-450F-89E5-487C2B3DED52}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WDA_App\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WDA_App\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WDT\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2253
                                                                                                                                    Entropy (8bit):5.455484519090613
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrD63zMItAqO2aiTB/X2+hIqU8HIR:hGvThi+nAEBL7uhuosGiRTB/2PBLhuoZ
                                                                                                                                    MD5:48E2D75282AE9EA3152FCD05931A9887
                                                                                                                                    SHA1:F7AF10273FD4223CB675F6B52C840E28DFC6E536
                                                                                                                                    SHA-256:F5F30AC49E6F25C9427A83BC72851191B9E3A87907140A2D80B8690943B547BC
                                                                                                                                    SHA-512:57854B9F15F6C08C5D6B3582A5455B5A3A18DCEAF535921D1EAD670E7C15825C2ACE73D6A5935753EF6A5EB91D6C67D5FF1A5359464D2A54E6604E1652E553E4
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WDT\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2277
                                                                                                                                    Entropy (8bit):5.464103649842419
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:P5r85vTh1A+n9GBEQD9yfJaktNIUK0HIhuoBrD63XMEtAqO2aiTB/X2+hIqU8HIR:hGvThi+nAEBL7uhuosGiRTB/2PBLhuoZ
                                                                                                                                    MD5:33A3B68ED7E3F47B84884ED3B9587ABF
                                                                                                                                    SHA1:072E9DB6C127EB5DB217C1B1559DC86893EC1B96
                                                                                                                                    SHA-256:756E06CEB5512984D76F0A83286D0F915D1F3AE4DE0493F51A5EA25245279BBD
                                                                                                                                    SHA-512:8863FA744FD6405FE500CB191F3A0C7D4137E86DAEE8AC9C9E4D11B25ADD6D2DC2C0C8A76C0E323945A8911882E3B4FDB24B4269A7D5E223A13B706BBE5E02C2
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml..;..;eg..;Method = MSI..;Data = {6F5A494F-20FC-4201-8E87-A78585F63F2E};{7F5A494F-20FC-4201-8E87-A78585F63F2E}..;ComponentID = 15971..;DisplayName = Dell Control Point System Manager..;..;..; If Scan method is Reg. Then there is no way to get Application Name programatically. Hence DisplayName needs to provided. To dump in inventory xml..; if Method is Reg, Data should hold complete Registry path followed by semicolan and data name....;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microso

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WDT\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WDT\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WLAN_Drvr\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):519
                                                                                                                                    Entropy (8bit):5.2390581968618894
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtZittYCtglDdMPkGaAoaFFsq+pGipXd721ThzqoDm:+6Agok7PFpGipXd721ThOo6
                                                                                                                                    MD5:54FF8A5EF594B91E5E463F0EC3E10AC7
                                                                                                                                    SHA1:634762CE843F5FBEA2330B2D1C15949DB7994235
                                                                                                                                    SHA-256:D42E785E0A434DBF228785D23E7D1E8BE6D17CB3EFE67A738F3708AA132DD23A
                                                                                                                                    SHA-512:6F5234684A0BC8FAF449E063430C91A5B78BCBD9180AAB0E1CEF8A8DEDC5E7836154DF279ED6314A1EF121002B01C001BFF1C7623A67F78A10252AB91FDC0B27
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\setup.exe /q..[Regular]..1= Payload\setup.exe /q..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = MobileBroadband..PkgType = DRVR....[Version]....; Need to extract Version from MSI Product Code..Method = MSI..Data={C2CF74A5-DA9B-4168-9E3E-D16FB68EAAA1}......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map PID of each Mobile Broadband device to its corresponsing Device Code....[Mapping]..8171=18316..8172=18316..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WLAN_Drvr\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):519
                                                                                                                                    Entropy (8bit):5.2390581968618894
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtZittYCtglDdMPkGaAoaFFsq+pGipXd721ThzqoDm:+6Agok7PFpGipXd721ThOo6
                                                                                                                                    MD5:54FF8A5EF594B91E5E463F0EC3E10AC7
                                                                                                                                    SHA1:634762CE843F5FBEA2330B2D1C15949DB7994235
                                                                                                                                    SHA-256:D42E785E0A434DBF228785D23E7D1E8BE6D17CB3EFE67A738F3708AA132DD23A
                                                                                                                                    SHA-512:6F5234684A0BC8FAF449E063430C91A5B78BCBD9180AAB0E1CEF8A8DEDC5E7836154DF279ED6314A1EF121002B01C001BFF1C7623A67F78A10252AB91FDC0B27
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\setup.exe /q..[Regular]..1= Payload\setup.exe /q..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = MobileBroadband..PkgType = DRVR....[Version]....; Need to extract Version from MSI Product Code..Method = MSI..Data={C2CF74A5-DA9B-4168-9E3E-D16FB68EAAA1}......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0......; This enty is use to Map PID of each Mobile Broadband device to its corresponsing Device Code....[Mapping]..8171=18316..8172=18316..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WLAN_Drvr\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1529
                                                                                                                                    Entropy (8bit):4.804933436158719
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZReg5MM7reCotKeAKLtr3M/aI3xzP:IQ8DTjNgLtzM/aI3R
                                                                                                                                    MD5:1077742084224593994E35656596C94D
                                                                                                                                    SHA1:B7D7B46140ECDCEE688D9859738DFF82AFB3593D
                                                                                                                                    SHA-256:1744F8B8F5301A9F0232A4ABAA9B19553D31E2E741B9C60898E6538EC557A01A
                                                                                                                                    SHA-512:26EB66E55B0D0FB714220BC50D594660641089098DBB611403FC441518D90CC8263ED046AA64329DAF90F02AAC83A8D3798B722E219946C3D07DC93C99753DCD
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>USBUpdate.exe</Startfile>.. <CliToStdout>.. <Command>USBUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>USBUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>USBUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="300">... <CopyRequired>0</CopyRequired>.. <Startfile>USBUpdate.exe</Startfile>.. <CliToStdout>.. <Command>USBUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WLAN_Drvr\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WLAN_Frmw\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):434
                                                                                                                                    Entropy (8bit):5.364698671648612
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtZittYCtgmXTQLDn9dMP/XTQ+FFsq+pG1:+6AdXTA+/XTmFpG1
                                                                                                                                    MD5:CCFCD25ED2AE33EA1778A4B110382D81
                                                                                                                                    SHA1:F024F6196B1AE57AF850A4FEF0568865DBE67784
                                                                                                                                    SHA-256:83E42F46B03ED73DC5F0EE8FF7190CF77F0B201B0310C257F172F1ADEF8FDF1F
                                                                                                                                    SHA-512:CF6A6F772287D919A0EBF0462CFE5BFB232A18C9265DC8D507B3ABCE3325147A8172848559A71E72F0D7EBC00F3889BED9E365684E09C5D21CBA66E7E0B6067D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\setup.exe /q..[Regular]..1= Payload\setup.exe /q..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = MSI..Data={67B4DC5A-2A19-4273-AFA5-AAC5936AFD45}..PkgType = FRMW..ComponentID = 18316..[Version]....; Need to extract Version from MSI Product Code..Method = MSI..Data={67B4DC5A-2A19-4273-AFA5-AAC5936AFD45}......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WLAN_Frmw\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):434
                                                                                                                                    Entropy (8bit):5.364698671648612
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtZittYCtgmXTQLDn9dMP/XTQ+FFsq+pG1:+6AdXTA+/XTmFpG1
                                                                                                                                    MD5:CCFCD25ED2AE33EA1778A4B110382D81
                                                                                                                                    SHA1:F024F6196B1AE57AF850A4FEF0568865DBE67784
                                                                                                                                    SHA-256:83E42F46B03ED73DC5F0EE8FF7190CF77F0B201B0310C257F172F1ADEF8FDF1F
                                                                                                                                    SHA-512:CF6A6F772287D919A0EBF0462CFE5BFB232A18C9265DC8D507B3ABCE3325147A8172848559A71E72F0D7EBC00F3889BED9E365684E09C5D21CBA66E7E0B6067D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\setup.exe /q..[Regular]..1= Payload\setup.exe /q..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = MSI..Data={67B4DC5A-2A19-4273-AFA5-AAC5936AFD45}..PkgType = FRMW..ComponentID = 18316..[Version]....; Need to extract Version from MSI Product Code..Method = MSI..Data={67B4DC5A-2A19-4273-AFA5-AAC5936AFD45}......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WLAN_Frmw\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2083
                                                                                                                                    Entropy (8bit):4.78634580168061
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegHSMprgCy3Ke+KLtr3M/aI3vKPKLDCqEK21EKLDCX2zP:IQ8DhhtKLtzM/aI3ySLDCUqLDC0
                                                                                                                                    MD5:745F8D204831AAD88449E9B8550D5D6C
                                                                                                                                    SHA1:81ADC6CAE8B6726E19E211998446823177AAA7F6
                                                                                                                                    SHA-256:9D2234CA62442744A8420661928B850C3C3C0A39763D8B43E040CE4F769FC4FC
                                                                                                                                    SHA-512:B8BBF35D8A9D09AFDFDE45F149DEC559377DC49FEFC0FDEDE6FFBDF4DC08098489BE4F2172D34F05830EAA548B1ED65E7B1FAC6AB051C541CD7FCD4047C34201
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DrvUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DrvUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DrvUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DrvUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="300">... <CopyRequired>0</CopyRequired>.. <Startfile>DrvUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DrvUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WLAN_Frmw\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5419_Drvr\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1063
                                                                                                                                    Entropy (8bit):5.297493919003971
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLlNvpadOMvpadTO2FNavzM9oQPNvpadiFpG5:P5r85vTh1A+n9ovpadOMvpadTO2aiTF+
                                                                                                                                    MD5:269DCB3D4C116E08C17A8B82D19D16D0
                                                                                                                                    SHA1:1485FD4CFB6BC5659294D5EAD71F3CA597F5440E
                                                                                                                                    SHA-256:25E73C99E5358FDE2B32A05CD7C09D8DD2F0E5B26D7F94724D96F9DB5E08A6E2
                                                                                                                                    SHA-512:D9CCB968CBB74DEDDB2B35791121BCFBE199BDD3A9CFBA0D860DC2020084BC31A56CE787FB2984986885E7BA4DB5ECF744E056AFA3B15C2A43395A1DABB0AFD7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Telit\Version;Version..ComponentID = 105202..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Telit\Version;DisplayName....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Telit\Version;Version....; Reboo

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5419_Drvr\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1063
                                                                                                                                    Entropy (8bit):5.297493919003971
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+C5r85vSeFmjc1zs+nQCQLlNvpadOMvpadTO2FNavzM9oQPNvpadiFpG5:P5r85vTh1A+n9ovpadOMvpadTO2aiTF+
                                                                                                                                    MD5:269DCB3D4C116E08C17A8B82D19D16D0
                                                                                                                                    SHA1:1485FD4CFB6BC5659294D5EAD71F3CA597F5440E
                                                                                                                                    SHA-256:25E73C99E5358FDE2B32A05CD7C09D8DD2F0E5B26D7F94724D96F9DB5E08A6E2
                                                                                                                                    SHA-512:D9CCB968CBB74DEDDB2B35791121BCFBE199BDD3A9CFBA0D860DC2020084BC31A56CE787FB2984986885E7BA4DB5ECF744E056AFA3B15C2A43395A1DABB0AFD7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}. Also multiple upgrade code can be provided using semicolan as seprator..; if Component ID needs to be provided for to output the value in xml......Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Telit\Version;Version..ComponentID = 105202..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Telit\Version;DisplayName....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\ManageableUpdatePackage\Telit\Version;Version....; Reboo

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5419_Drvr\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5419_Drvr\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5500_APP\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1223
                                                                                                                                    Entropy (8bit):5.510429742416184
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+2SFmjc1zs+TLtCNIVyi8A87yIVyiONFNavzM9oQBGAXlo+VNIVyi2cFpGiv:rSh1A+FQIrKyIrONaiTB/X2+XIrvOM
                                                                                                                                    MD5:E623B90072054200F7CCBB2A783F885B
                                                                                                                                    SHA1:296396D7259926BA19CC2B08E23FD45FB5657182
                                                                                                                                    SHA-256:20103EEE534B7C3C9F72A3B999D26DAC74A304059F59130B1CF0C4B00797E552
                                                                                                                                    SHA-512:69632BEAE8F8BC4DF5AA6E656758DBA6E34AE262A10B62DB3B3AC6A9C14C1ACE43BEC21E9E5BF70661801B8065586E4E72AD90A89848B28814BB9AFB01A5D725
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn..[Regular]..1= Payload\Setup.exe /qn..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{23EEC842-57ED-4055-A056-9D4185DFB1AA};DisplayVersion..PkgType = APAC..componentID=25633..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{23EEC842-57ED-4055-A056-9D4185DFB1AA};DisplayName......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method =

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5500_APP\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1259
                                                                                                                                    Entropy (8bit):5.528575361812764
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+2SFmjc1zs+TLtCNCtVyi8A87yCtVyiONFNavzM9oQBGAXlo+VNCtVyi2cFpGiv:rSh1A+FQErKyErONaiTB/X2+XErvOM
                                                                                                                                    MD5:30655677BAF33CD8BEFC123162BD5270
                                                                                                                                    SHA1:51F4B6B7EBD558E69BCF745450709D11A9AC3CE8
                                                                                                                                    SHA-256:1FBE9DBD67B8603A9019A0A7C950FDFD2B3FDA28234433D5C2E3E786FACFBD47
                                                                                                                                    SHA-512:A4D8D990C4C949EAAC6C1708F835B741604F8A92A2B16DFC17F13CA771BC8507A917CA218CD0B7900DB88C703CA72677C6FB64F434A2ADAEC3BEBA16097B2959
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn..[Regular]..1= Payload\Setup.exe /qn..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{23EEC842-57ED-4055-A056-9D4185DFB1AA};DisplayVersion..PkgType = APAC..componentID=25633..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{23EEC842-57ED-4055-A056-9D4185DFB1AA};DisplayName......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromenta

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5500_APP\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5500_APP\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5500_DRVR\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1210
                                                                                                                                    Entropy (8bit):5.5326310258298435
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt7sNIV+R8AmyIV+RONFNavzM9oQBGAXlo+sNIV+RGFpGiv:XUh1A+FiIQREyIQRONaiTB/X2+2IQRGx
                                                                                                                                    MD5:34A02995A6ABE792EE1A87033E092892
                                                                                                                                    SHA1:DD42F5FB6CCC89972899D0C303CAFBFE63E4B91E
                                                                                                                                    SHA-256:B21A48706B002345463BB254AE4AC14FBD080CD245E3DE76E2BC182E87A95BF8
                                                                                                                                    SHA-512:B3BF263F9492286D9E728B947D94766BB372DF8D0DCF283CC11313DB9C86A7F4CDF4F5A5652F106BFDCEFABBB38DDAB1EE4FC90DE944BEC861730D2C0F790784
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = REG..componentID=25633..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D583F01-A973-4B04-90BD-FB7886779090};DisplayVersion..PkgType = DRVR..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9D583F01-A973-4B04-90BD-FB7886779090};DisplayName......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = REG.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5500_DRVR\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1250
                                                                                                                                    Entropy (8bit):5.550163178789344
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt7sNCtV+R8AmyCtV+RONFNavzM9oQBGAXlo+sNCtV+RGFpGiT:XUh1A+FiEQREyEQRONaiTB/X2+2EQRGd
                                                                                                                                    MD5:B37947A740C8518813517F6C065E3BEE
                                                                                                                                    SHA1:A009E55FECA1C8675A5837ED452D6A66E838F645
                                                                                                                                    SHA-256:3DFB182724CF681B0C146E2F31C7AAEC4F8445C703B67C43ED0F8D9965C5D862
                                                                                                                                    SHA-512:89C907419BDAD3BC47F4DDCF2E7D0739AEB137E736605CDD3BE5516406CB32046C38C2154CCFE94ADDC91EAF729AB5CF5D013C58B125D8F807465B85DE1E82F1
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = REG..componentID=25633..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D583F01-A973-4B04-90BD-FB7886779090};DisplayVersion..PkgType = DRVR..DisplayName=HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D583F01-A973-4B04-90BD-FB7886779090};DisplayName......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental va

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5500_DRVR\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5500_DRVR\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5565_Drvr\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5565_Drvr\WWAN_5565.cmd

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):244
                                                                                                                                    Entropy (8bit):5.147067020042331
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:hmR77SDCI9FzmxKaONyrKM2qNmKGKa5IrHFzmxMXNyrKM2qW:w17SDNmxKnNyeBukKvdmxQNyeBn
                                                                                                                                    MD5:F4AFF500E388CD94F8C6109AEB77B6A6
                                                                                                                                    SHA1:9103B8EEEBCE4A4543FC7C6B1C3CE41FAEAE4323
                                                                                                                                    SHA-256:5C4B3EC6152EEBFEF54435678FDE4F69005E85EAB67953C67DBF79726C2366F7
                                                                                                                                    SHA-512:DCB3A5B3754A77DF3F414C68DBD7176BD0D357DB132F81567318D9C12623B8ED0AC50A7E5ABBA1260C39EE25DFCE43BF8C6C93ED8B92423899C3BF640DEBDE57
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:@echo off..setlocal....if "%PROCESSOR_ARCHITEW6432%"=="" goto thirtytwo.. call %systemroot%\Sysnative\cscript /nologo WWAN_5565.vbs %1.. endlocal..Exit....:thirtytwo.. call %systemroot%\system32\cscript /nologo WWAN_5565.vbs %1....endlocal

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5565_Drvr\WWAN_5565.vbs

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with very long lines (355), with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):14280
                                                                                                                                    Entropy (8bit):5.931297866667647
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:ujCvaBq9qCT7x5crvdLQQXEnSOUqNJs4US+oH:paBS7xyDJQQUHUqzVj
                                                                                                                                    MD5:6E60DB0ECBA59708022E3DD77A2496C6
                                                                                                                                    SHA1:F4FE1D96F5F4ADB878F31E8CE398BF07ADA44D0A
                                                                                                                                    SHA-256:A42E95932311F533639F983516B8A431CB4DF85800B4898AA45F25D9A116D995
                                                                                                                                    SHA-512:E55042EB3064CEC0FDADDFF2FAF8E734DED741AC98B18367F2187181C63482401812362C93A380B3AE1A40B1FB26813038A383FCDFEF17E058A653341526B35B
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:' Global Declarations..Option Explicit..On Error Resume Next....Dim strDisplayName, strVersion, strComponentID..Dim status, LogName....Dim WshShell, theArgs..Set WshShell = WScript.CreateObject("WScript.Shell")....set theArgs = Wscript.Arguments..LogName = theArgs.Item(0)..' Check if installation is present..call findInstallation()..strComponentID = "29740"....If Not (strVersion <> "") Then...status = "error"..End If....' Print Output XML..call WriteXML(status)....set WshShell = Nothing....Function findInstallation()...strDisplayName = "Dell Wireless 5565 HSPA WWAN"...strVersion = WshShell.RegRead("HKLM\SOFTWARE\Dell\ManageableUpdatePackage\{68D0E8C7-E4F8-424E-A6D6-97A06A323FFE}\Drivers\Version\")...if Not ( strVersion <> "") then....strVersion = WshShell.RegRead("HKLM\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\{68D0E8C7-E4F8-424E-A6D6-97A06A323FFE}\Drivers\Version\")....strDisplayName = WshShell.RegRead("HKLM\SOFTWARE\Wow6432Node\Dell\ManageableUpdatePackage\{68D0E8C7-E4F8-42

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5570_App\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):655
                                                                                                                                    Entropy (8bit):5.3540110552449764
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtbitwCtgg+NLMVj6AQ4nVHkCaULMVj6AQ4nVHCrygmLMVj6AQ4nVH2NFsq+p5:+exNIVtVVHkMIVtVVHO8IVtVVH2cFpGM
                                                                                                                                    MD5:510F98E72E6E50BA3DCD10416EBC8A84
                                                                                                                                    SHA1:F87D0B9D330EF7242B814443CB9D68E0EB2B3A4A
                                                                                                                                    SHA-256:DB4271C9A7A514634EEE709B71FF06CC40A3D28CF886CA3C562845EA3DF735F7
                                                                                                                                    SHA-512:815E545D27F9B5FCC58784137194B3F1409D31BBFA3D3A338B46AE0F81527D5B30D23E9B3A95E7C450F6CFF2366E4B53A4D2DBDE46E93EF08FC5931CCFB1AA2D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sierra Wireless Skylight;DisplayVersion..ComponentID=102944..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sierra Wireless Skylight;DisplayName......[Version]......Method = REG..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sierra Wireless Skylight;DisplayVersion......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5570_App\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):655
                                                                                                                                    Entropy (8bit):5.3540110552449764
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtbitwCtgg+NLMVj6AQ4nVHkCaULMVj6AQ4nVHCrygmLMVj6AQ4nVH2NFsq+p5:+exNIVtVVHkMIVtVVHO8IVtVVH2cFpGM
                                                                                                                                    MD5:510F98E72E6E50BA3DCD10416EBC8A84
                                                                                                                                    SHA1:F87D0B9D330EF7242B814443CB9D68E0EB2B3A4A
                                                                                                                                    SHA-256:DB4271C9A7A514634EEE709B71FF06CC40A3D28CF886CA3C562845EA3DF735F7
                                                                                                                                    SHA-512:815E545D27F9B5FCC58784137194B3F1409D31BBFA3D3A338B46AE0F81527D5B30D23E9B3A95E7C450F6CFF2366E4B53A4D2DBDE46E93EF08FC5931CCFB1AA2D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /qn /ri..[Regular]..1= Payload\Setup.exe /qn /ri..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sierra Wireless Skylight;DisplayVersion..ComponentID=102944..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sierra Wireless Skylight;DisplayName......[Version]......Method = REG..Data=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sierra Wireless Skylight;DisplayVersion......; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5570_App\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5630_APP\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):905
                                                                                                                                    Entropy (8bit):5.2746924278238
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLtQ28K2FNavzM9oQBGAXlo+KdFpGiv:XUh1A+F12aiTB/X2+wOM
                                                                                                                                    MD5:50508BBD16019C6257AC49048C5FB459
                                                                                                                                    SHA1:D3D553AE848160FAE81897B9B7015823E92D3341
                                                                                                                                    SHA-256:59F1BE4A5E5D94DB6621E83214893CD28D05D0377A60E79B07AF446ADCC6B7A2
                                                                                                                                    SHA-512:FF0EAD4A28D1A1427103C59B1A6313153E691FAB7BA83B570C03798959FE1B08A4292BF9B95E5CCA3A2A4B97D3B1D6FC4D071E060DCE95C1B0AB6CFBCF4086C5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {BB2CB23C-C2B3-48F7-B098-4CD899A6F3FC}..PkgType = APAC..ComponentID=25647......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {BB2CB23C-C2B3-48F7-B098-4CD899A6F3FC}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5630_APP\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):907
                                                                                                                                    Entropy (8bit):5.273192755448041
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLtQ28KNFNavzM9oQBGAXlo+KdFpGiv:XUh1A+F1NaiTB/X2+wOM
                                                                                                                                    MD5:4D03A3F6F098A93C486553688A7B3A80
                                                                                                                                    SHA1:4F70463734E4D488BC88491D53DD6026FD1167ED
                                                                                                                                    SHA-256:D2232A172026E4207346AFD86C478EC56E18D9E49D8362EE54D1C5BA619795CC
                                                                                                                                    SHA-512:43FBB827C9BAF010548BAE7C1DAA9A20A609E1D1D4BEC3CE89A85EC2CC1CCE4C455B03C16848E69C5DFB8AE73F94534FB367E4FC6ADF44750C792A06E1460582
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {BB2CB23C-C2B3-48F7-B098-4CD899A6F3FC}..PkgType = APAC..ComponentID=25647........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {BB2CB23C-C2B3-48F7-B098-4CD899A6F3FC}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5630_APP\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5630_APP\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5630_APP_X4\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):905
                                                                                                                                    Entropy (8bit):5.280220303977346
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLtEI8K2FNavzM9oQBGAXlo+aTFpGiv:XUh1A+FL2aiTB/X2+2OM
                                                                                                                                    MD5:46221B59534EA6108AC44409A333DA4F
                                                                                                                                    SHA1:A5FBAEC4EEF770C539E98151050F02AFBC055E25
                                                                                                                                    SHA-256:0A81C6B9351F250D725D0F60CCD68F9B90CC4028347E43156FFE0F54C78F6250
                                                                                                                                    SHA-512:8878D5A3DC32559C57FD8500A4A19AC9F12E9564D7987DC90EE7E269F759039FEA3C4E7002DAC156788EDA7FD730FE8D5E0A0027407FDAD8E794FF3274BFB70F
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {450B8724-DDEE-4FEE-8701-3A6560D4DC74}..PkgType = APAC..ComponentID=25647......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {450B8724-DDEE-4FEE-8701-3A6560D4DC74}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5630_APP_X4\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):907
                                                                                                                                    Entropy (8bit):5.278708442238514
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLtEI8KNFNavzM9oQBGAXlo+aTFpGiv:XUh1A+FLNaiTB/X2+2OM
                                                                                                                                    MD5:1493607C159EB0EB39F94DFD8BFC2DC7
                                                                                                                                    SHA1:60DDFAA9DA7DEDC4471793D2E015FD68597DBAAB
                                                                                                                                    SHA-256:E1C7E0F9923906E278FE75637AA73286875DA9DD801C397456F75558395BDFAC
                                                                                                                                    SHA-512:0ED68492F4AC2D8CDBB4D5BF5517394D45642FF82B119EE196950E2FA97CD36E9A110E42EBCC4CBA353E296FE50A4317D4581811C6A3CF20C24D3B774276D2D1
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {450B8724-DDEE-4FEE-8701-3A6560D4DC74}..PkgType = APAC..ComponentID=25647........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {450B8724-DDEE-4FEE-8701-3A6560D4DC74}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5630_APP_X4\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5630_APP_X4\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5630_DRVR\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):907
                                                                                                                                    Entropy (8bit):5.288794989666164
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt7SHNFNavzM9oQBGAXlo+SFpGiv:XUh1A+FINaiTB/X2+SOM
                                                                                                                                    MD5:4E880BAF82ADD048C6A244F611BD73F8
                                                                                                                                    SHA1:EF90A325E5A97CE761C469D2EC5334FCC7F329EB
                                                                                                                                    SHA-256:23E12A982947A8AB20A4AF5A5B17BE8276D5D370AA6E7FAF5787A9561E32B2EC
                                                                                                                                    SHA-512:B7C49EEF4AE4E0281B5F51E2E5D12DE61052DF69BF20A12761679A0701F6704443399F02A98E404F5B25FE7D8AA5B540B405FF55A78980CCE19B14C9C3F02CB8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {E18801FD-556D-4B9C-A72A-8E63BD07FAF7}..PkgType = DRVR..ComponentID=25647........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {E18801FD-556D-4B9C-A72A-8E63BD07FAF7}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5630_DRVR\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):907
                                                                                                                                    Entropy (8bit):5.288794989666164
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt7SHNFNavzM9oQBGAXlo+SFpGiv:XUh1A+FINaiTB/X2+SOM
                                                                                                                                    MD5:4E880BAF82ADD048C6A244F611BD73F8
                                                                                                                                    SHA1:EF90A325E5A97CE761C469D2EC5334FCC7F329EB
                                                                                                                                    SHA-256:23E12A982947A8AB20A4AF5A5B17BE8276D5D370AA6E7FAF5787A9561E32B2EC
                                                                                                                                    SHA-512:B7C49EEF4AE4E0281B5F51E2E5D12DE61052DF69BF20A12761679A0701F6704443399F02A98E404F5B25FE7D8AA5B540B405FF55A78980CCE19B14C9C3F02CB8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {E18801FD-556D-4B9C-A72A-8E63BD07FAF7}..PkgType = DRVR..ComponentID=25647........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {E18801FD-556D-4B9C-A72A-8E63BD07FAF7}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5630_DRVR\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5630_DRVR\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5630_Drvr_X4\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1219
                                                                                                                                    Entropy (8bit):5.499425306921314
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLtCNIViQLmMIViQLGSHNFNavzM9oQBGAXlo+sNIViQLGFpGiv:XUh1A+FQIEwmMIEwTNaiTB/X2+2IEwGx
                                                                                                                                    MD5:303C5B2EDD072AFC8AD049A9924D0F6C
                                                                                                                                    SHA1:9A22DF3C3D2DA0C9DFCCA70B0FA7FD98C76F83CA
                                                                                                                                    SHA-256:1E8F6D9FF805F34AA47711D1EF5DBE1A72AD674975809E453768236D3EE51B46
                                                                                                                                    SHA-512:F54E4FFBA9D9AC80533CAC42F31CE216B1BC2A29E7614BE31981AECD28CBCD930BFE115C19823A8E24FA3494FC064FF9A0807BAF03A97241E7032F465CEF65AD
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0056E0F7-D2A2-4EAB-A7FA-AFB53C4FD875}\;DisplayVersion..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0056E0F7-D2A2-4EAB-A7FA-AFB53C4FD875}\;DisplayName..PkgType = DRVR..ComponentID=25647........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Metho

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5630_Drvr_X4\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1219
                                                                                                                                    Entropy (8bit):5.499425306921314
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLtCNIViQLmMIViQLGSHNFNavzM9oQBGAXlo+sNIViQLGFpGiv:XUh1A+FQIEwmMIEwTNaiTB/X2+2IEwGx
                                                                                                                                    MD5:303C5B2EDD072AFC8AD049A9924D0F6C
                                                                                                                                    SHA1:9A22DF3C3D2DA0C9DFCCA70B0FA7FD98C76F83CA
                                                                                                                                    SHA-256:1E8F6D9FF805F34AA47711D1EF5DBE1A72AD674975809E453768236D3EE51B46
                                                                                                                                    SHA-512:F54E4FFBA9D9AC80533CAC42F31CE216B1BC2A29E7614BE31981AECD28CBCD930BFE115C19823A8E24FA3494FC064FF9A0807BAF03A97241E7032F465CEF65AD
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = REG..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0056E0F7-D2A2-4EAB-A7FA-AFB53C4FD875}\;DisplayVersion..DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0056E0F7-D2A2-4EAB-A7FA-AFB53C4FD875}\;DisplayName..PkgType = DRVR..ComponentID=25647........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Metho

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5630_Drvr_X4\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5802_Drvr\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):903
                                                                                                                                    Entropy (8bit):5.282271804266129
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt7PIv+lLFNavzM9oQBGAXlo+2v+50FpGiv:XUh1A+F7I0aiTB/X2+2pOM
                                                                                                                                    MD5:D49AA1ACAEFB1F036E08F4B6B2096A71
                                                                                                                                    SHA1:3DDCADFBF653B1006959032C895DF48C61E8256D
                                                                                                                                    SHA-256:4D4198E07168ECAC744BF64A8F208F017C40E8A80BD0BFA3A93827C872153367
                                                                                                                                    SHA-512:BB571D506A925707321D78776274AC07F3D99AD94FB1B3BA780540AF4BEBA8B7C3792AAA91DCE30CF82C25B3DAF8976DD22E3B8F2D0CD447AEA3F5B7B7B2A37D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = MSI..componentID=29750..Data = {A028C8D0-416A-4257-911A-65447A673143}..PkgType = DRVR......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {A028C8D0-416A-4257-911A-65447A673143}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5802_Drvr\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):903
                                                                                                                                    Entropy (8bit):5.282271804266129
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt7PIv+lLFNavzM9oQBGAXlo+2v+50FpGiv:XUh1A+F7I0aiTB/X2+2pOM
                                                                                                                                    MD5:D49AA1ACAEFB1F036E08F4B6B2096A71
                                                                                                                                    SHA1:3DDCADFBF653B1006959032C895DF48C61E8256D
                                                                                                                                    SHA-256:4D4198E07168ECAC744BF64A8F208F017C40E8A80BD0BFA3A93827C872153367
                                                                                                                                    SHA-512:BB571D506A925707321D78776274AC07F3D99AD94FB1B3BA780540AF4BEBA8B7C3792AAA91DCE30CF82C25B3DAF8976DD22E3B8F2D0CD447AEA3F5B7B7B2A37D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = MSI..componentID=29750..Data = {A028C8D0-416A-4257-911A-65447A673143}..PkgType = DRVR......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {A028C8D0-416A-4257-911A-65447A673143}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5802_Drvr\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5802_Drvr\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5804_Drvr\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):903
                                                                                                                                    Entropy (8bit):5.282271804266129
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt7PIv+lLFNavzM9oQBGAXlo+2v+50FpGiv:XUh1A+F7I0aiTB/X2+2pOM
                                                                                                                                    MD5:D49AA1ACAEFB1F036E08F4B6B2096A71
                                                                                                                                    SHA1:3DDCADFBF653B1006959032C895DF48C61E8256D
                                                                                                                                    SHA-256:4D4198E07168ECAC744BF64A8F208F017C40E8A80BD0BFA3A93827C872153367
                                                                                                                                    SHA-512:BB571D506A925707321D78776274AC07F3D99AD94FB1B3BA780540AF4BEBA8B7C3792AAA91DCE30CF82C25B3DAF8976DD22E3B8F2D0CD447AEA3F5B7B7B2A37D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = MSI..componentID=29750..Data = {A028C8D0-416A-4257-911A-65447A673143}..PkgType = DRVR......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {A028C8D0-416A-4257-911A-65447A673143}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5804_Drvr\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):903
                                                                                                                                    Entropy (8bit):5.282271804266129
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLt7PIv+lLFNavzM9oQBGAXlo+2v+50FpGiv:XUh1A+F7I0aiTB/X2+2pOM
                                                                                                                                    MD5:D49AA1ACAEFB1F036E08F4B6B2096A71
                                                                                                                                    SHA1:3DDCADFBF653B1006959032C895DF48C61E8256D
                                                                                                                                    SHA-256:4D4198E07168ECAC744BF64A8F208F017C40E8A80BD0BFA3A93827C872153367
                                                                                                                                    SHA-512:BB571D506A925707321D78776274AC07F3D99AD94FB1B3BA780540AF4BEBA8B7C3792AAA91DCE30CF82C25B3DAF8976DD22E3B8F2D0CD447AEA3F5B7B7B2A37D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;..Method = MSI..componentID=29750..Data = {A028C8D0-416A-4257-911A-65447A673143}..PkgType = DRVR......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {A028C8D0-416A-4257-911A-65447A673143}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5804_Drvr\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5804_Drvr\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5810e_Drvr\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):908
                                                                                                                                    Entropy (8bit):5.28689332863539
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLtXwSeFNavzM9oQBGAXlo+1rFpGiv:XUh1A+FXEaiTB/X2+1rOM
                                                                                                                                    MD5:2445706FEF44657CC93BC779182C85D0
                                                                                                                                    SHA1:F226DBEFBF8B018FEF0F9E8376A07A9DA1819ADE
                                                                                                                                    SHA-256:41D38306A9B9CD1608033A527B6CDF4F8A5DAEDEE4B13026BC89D4CEFC466B8E
                                                                                                                                    SHA-512:0B2176CBB6B0507FE57F80FD44623D9A55E4E544F30EC0D6C24A0BF17402340AEDEC44D2F375B25360B6F6F57421B5268FE8BE74F14811748A38C9AF343379B0
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {A362899C-3D9E-4766-A0FC-30EE2F769FD8}..PkgType = DRVR..ComponentID=101896........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {A362899C-3D9E-4766-A0FC-30EE2F769FD8}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5810e_Drvr\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):908
                                                                                                                                    Entropy (8bit):5.28689332863539
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLtXwSeFNavzM9oQBGAXlo+1rFpGiv:XUh1A+FXEaiTB/X2+1rOM
                                                                                                                                    MD5:2445706FEF44657CC93BC779182C85D0
                                                                                                                                    SHA1:F226DBEFBF8B018FEF0F9E8376A07A9DA1819ADE
                                                                                                                                    SHA-256:41D38306A9B9CD1608033A527B6CDF4F8A5DAEDEE4B13026BC89D4CEFC466B8E
                                                                                                                                    SHA-512:0B2176CBB6B0507FE57F80FD44623D9A55E4E544F30EC0D6C24A0BF17402340AEDEC44D2F375B25360B6F6F57421B5268FE8BE74F14811748A38C9AF343379B0
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {A362899C-3D9E-4766-A0FC-30EE2F769FD8}..PkgType = DRVR..ComponentID=101896........[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {A362899C-3D9E-4766-A0FC-30EE2F769FD8}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5810e_Drvr\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WWAN_5810e_Drvr\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WebCamCentral\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):449
                                                                                                                                    Entropy (8bit):5.276172067705314
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:cQ4F7c5XLxiH1jEBREX/5kSkybAmtkXLxiH1jEBREX/C7vMFl1c5XLxiH1jEBREh:cNcNLMVjX6StkmtULMVjXCrycNLMVjX5
                                                                                                                                    MD5:3F333BB05D98E8A4E222A8C1983A7F40
                                                                                                                                    SHA1:FBE5801BDDC0B60821B70D83CF4F0D56D445408A
                                                                                                                                    SHA-256:DFC312DF2241CDF10B90B4EC4AC069DCC9B1DA43727640B1C8D5B849F65CC231
                                                                                                                                    SHA-512:34CC410BC78FD5C7C7AD6386C6866E06E60B356B6E477D47A4D6AFCF86ABA3816FE139AB7CEDDF8AF6A1CC4508C7CCB3E9C2551B7EAD3367D7ECC272B4B798F9
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]....method = Reg....componentid = 102247....data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell Webcam Central;DisplayVersion....pkgtype = APAC....displayname = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell Webcam Central;DisplayName....[Version]....method = Reg....data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dell Webcam Central;DisplayVersion....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WebCamCentral\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Windows setup INFormation
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):489
                                                                                                                                    Entropy (8bit):5.354291924363123
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:cbGa+NLetVjXat8bCaULetVjXCryqa+NLetVjX5:tNCtVj88bMCtVjOVNCtVj5
                                                                                                                                    MD5:843BFB7D5D315793AD35C2DC5AA2A265
                                                                                                                                    SHA1:A1C6FA42D218BDB9515F8A66C3F87AA0160EBFAC
                                                                                                                                    SHA-256:C8123E5ADD91A9E268E01D0B19A042A6BB0827FFE47D664CBF55FE51A4F31E55
                                                                                                                                    SHA-512:71E8FD5BF54A2520E0DD0A11EC28CB3415FB547C27D13EC5EB71E2154095F1CCD12A4EA7A0F9BA6DB7ECD0C42B6921D10BABC59ADBA4AD8FA593E5B11C3B49F5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[Scan]....Method = Reg....ComponentID = 102247....Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Dell Webcam Central;DisplayVersion....PkgType = APAC....DisplayName = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Dell Webcam Central;DisplayName........[Version]....Method = Reg....Data = HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Dell Webcam Central;DisplayVersion....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WebCamCentral\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2078
                                                                                                                                    Entropy (8bit):4.779826223306742
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRegZSEmMt6raSCSSELKetLKLtr3M/aI3cLKuLKLt7oEK4hoEKLtkrSzP:IQ8DW6NRLtzM/aI35HLt27Lt5
                                                                                                                                    MD5:54BFE695F971A7FEA12F6C03FCC252A8
                                                                                                                                    SHA1:F833610B2B4D71AF25284DCD1F5D6656D18F2732
                                                                                                                                    SHA-256:F5E71F263F0CFFE305FA085FA27030ED4E652E8A363E8BEAF04673A6D19A3215
                                                                                                                                    SHA-512:5F0132086647CD317A0130EE6DAC12AFE975AD00BD6EEED7E7F216215667815DC1A9487BED23A848D6853498E74731112175270C49EA9690251F949BB5A42015
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>0</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>AppUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>AppUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="1200">... <CopyRequired>0</CopyRequired>.. <Startfile>AppUpdate.exe</Startfile>.. <CliToStdout>.. <Command>AppUpdate.exe -u -p package.xml</Command>.. </CliToStdout

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WiMax\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):907
                                                                                                                                    Entropy (8bit):5.269517549365948
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLtq5g+SpFNavzM9oQBGAXlo+w5g1FpGiv:XUh1A+Fq5g1aiTB/X2+w5g1OM
                                                                                                                                    MD5:AE4506753422294D534EB163AFB8315E
                                                                                                                                    SHA1:311E4638422AB78F98201D45FF55053D0625758F
                                                                                                                                    SHA-256:D28C4942F16FBE0C39BF9C5AD6DF75DF50C7C14AF16C2EA4548A4E7FF1881025
                                                                                                                                    SHA-512:390DBE44EB95CB3F41854D23ED2C54F6BC6495847111A4B18E7FCC978F64797CB64F8E012DA5FDA5CAB22A999BCF452DB088653AE7C469E11F43A56A9EA978A7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {3F0FC462-CDC1-4CD9-8E84-84D89B914EAA}..PkgType = DRVR..ComponentID = 22160......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {3F0FC462-CDC1-4CD9-8E84-84D89B914EAA}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WiMax\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):907
                                                                                                                                    Entropy (8bit):5.269517549365948
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+oUFmjc1zs+TLtq5g+SpFNavzM9oQBGAXlo+w5g1FpGiv:XUh1A+Fq5g1aiTB/X2+w5g1OM
                                                                                                                                    MD5:AE4506753422294D534EB163AFB8315E
                                                                                                                                    SHA1:311E4638422AB78F98201D45FF55053D0625758F
                                                                                                                                    SHA-256:D28C4942F16FBE0C39BF9C5AD6DF75DF50C7C14AF16C2EA4548A4E7FF1881025
                                                                                                                                    SHA-512:390DBE44EB95CB3F41854D23ED2C54F6BC6495847111A4B18E7FCC978F64797CB64F8E012DA5FDA5CAB22A999BCF452DB088653AE7C469E11F43A56A9EA978A7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s..[Regular]..1= Payload\Setup.exe /s..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..; Methods to Scan Driver or Application..; Allowed values for Method PCI, REG or MSI..; if Method is MSI Data should hold Upgrade Code like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}...; if Component ID needs to be provided for to output the value in xml..;....Method = MSI..Data = {3F0FC462-CDC1-4CD9-8E84-84D89B914EAA}..PkgType = DRVR..ComponentID = 22160......[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables....Method = MSI..Data = {3F0FC462-CDC1-4CD9-8E84-84D89B914EAA}....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=0....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WiMax\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\WiMax\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Wifi_Broadcom\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1017
                                                                                                                                    Entropy (8bit):5.394209810690178
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:+KP9cgPm2FNavzM9oQBGAXlo+hzEqzMl52FNIVLuoBhNvKFpG5:Qp2aiTB/X2+hIqU8HIhuoBrvKO5
                                                                                                                                    MD5:30440896B1AD231CBC4BDEE7BC47E944
                                                                                                                                    SHA1:40AEF7FF26F1C6D2977CA7CB54626F6387ADABF4
                                                                                                                                    SHA-256:C462F5172B474FB27DF4891B3B65D46D7BDD2E3E3543338FEF14073B9225821D
                                                                                                                                    SHA-512:BF9D99962E44E98973092D8B51EC00D5819B1DF773B738CC698BB5E03926F3DB5AE622AA2BFA956DDEBE6066F19B0B0F2782CF41411CA1E2BC6269069FBA2D10
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -f2".\drvupdatesetup.log"..[Regular]..1= Payload\Setup.exe -s -f2".\drvupdatesetup.log"..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = PCI....[Version]..; Methods to find version..; Allowed values for Method File, RegPath or MSI..; if Method is File Data should hold complete path of the binary file. ..;eg ..;Method = File..;Data = C:\winnt\system32\dcomcnfg.exe..;The path can hold enviromental variables..;eg ..;Data = %windir%\system32\dcomcnfg.exe..;if Method is MSI the Data should hold product ID like {A0F925BF-5C55-44C2-A4E7-5A4C59791C29}..;..;If Method is Reg Data should hold complete Registry path followed by semicolan and data name..;eg..;Method = Reg..;Data = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0F925BF-5C55-44C2-A4E7-5A4C59791C29};DisplayVersion..;..Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP;BroadcomWLAN....; Reboot = 0 - Reboot not required or 1 - required..[

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Wifi_Broadcom\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):462
                                                                                                                                    Entropy (8bit):5.4359258558616155
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:CxAtZP9citZPpPCtg62FQz+NLTlLe07Fsq+pG5:+KP9cgPm2FJNvlC06FpG5
                                                                                                                                    MD5:3483524A7696B8F997AB3E3E44183B4B
                                                                                                                                    SHA1:C6E1786E35C0FA415D8501C60E80F69D307C51E9
                                                                                                                                    SHA-256:15F5A19A7EC5582E8F90DF920D1EFFB28532771898CE5BB68AE552032213EE68
                                                                                                                                    SHA-512:71D9D435F83BA210BF65A0D36EFAB2275D1C28FD76A495ECBA431A97364C6F7207B065D852720B73C959A52CCA8423B9A5C45DA17D1D8B292AF31A8A06B2D4D8
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe -s -f2".\drvupdatesetup.log"..[Regular]..1= Payload\Setup.exe -s -f2".\drvupdatesetup.log"..[FreshInstall]..1= Payload\Setup.exe..; ..[Scan]..Method = PCI....[Version]..; Methods to find version..;....Method = Reg..Data = HKEY_LOCAL_MACHINE\SOFTWARE\Dell\MUP;BroadcomWLAN....;HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Dell\MUP;BroadcomWLAN....; Reboot = 0 - Reboot not required or 1 - required..[Config]..Reboot=1

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Wifi_Broadcom\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1529
                                                                                                                                    Entropy (8bit):4.800150719774998
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3/zP:IQ8Ihhz+KLtzM/aI3b
                                                                                                                                    MD5:6771358103F2D46EE0F4A25BE6F1A223
                                                                                                                                    SHA1:7D900D89D36792891EA4C75B40FC04C715BC6E8D
                                                                                                                                    SHA-256:21B800A536F16BC0659D448B4A7D37D46118D4189F2254E21FE6605A7FB0EB63
                                                                                                                                    SHA-512:C1DEE1E7920BD182773355897193D34AD1107351105F6BC91BB6F4A7C5B8C7466182DF764BFF85CB5F6663C7A203B0BAF07A7B1C6E23E76159B02F75CEC2A47C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Wifi_Broadcom\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\Wifi_Broadcom\supportdev.cfg

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):726
                                                                                                                                    Entropy (8bit):4.931016163034066
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:DRVKOmR0VhQIyJzczZAk2vH41HhiEHh+uo+lHGFHfdM99MHQVM2ycM4h:FV9mcdyFeakAu1dGFHfdQ6M
                                                                                                                                    MD5:0FF760586F33C11AACA5EFC384A3C60C
                                                                                                                                    SHA1:B27CA96D72AE658F791391799C10891177A5FB0B
                                                                                                                                    SHA-256:4E1D312BEBE5E77C1F8C6BB337B47BFA55314638C288295C1E92B8AF6300E54A
                                                                                                                                    SHA-512:F4BF2DECAC1D9838BF3DEB43A23D79084DED7BC56C1BA676A701B7DA15F2CC89BBA28F8B4553ACB1008777372326C600C237F48054BF7E93CC6622303F018A5E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:; Semicolan is considered as comment...; So in a line if semicolan is present the whole line is considered comment..; The below entry Mode specified whether device in list needs to be included or excluded..; for exclude specify [Mode] = Exclude..; for Include specify [Mode] = Include..[AppConfig]..[Mode] = Include..; The values below provided are in Hexa decimal..[Device]..VendorID = 14E4..SubSystemVendorID = 1028..DeviceID = 432B..SubSystemID = 000D..[Device]..VendorID = 14E4..SubSystemVendorID = 1028..DeviceID = 4315..SubSystemID = 000C..[Device]..VendorID = 14E4..SubSystemVendorID = 1028..DeviceID = 4328..SubSystemID = 000A..[Device]..VendorID = 14E4..SubSystemVendorID = 1028..DeviceID = 4353..SubSystemID = 000E..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\XPSOSD\DrvCfg32.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):362
                                                                                                                                    Entropy (8bit):5.397182366818098
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9at3KKV5lFit3KKV5gCt3LSy+pfvcY5zFF6mrqF8kOWVbovARvcY5zFF6my:CxAtBV5ritBV5gCt7Sy+pf0YVFFBy8zv
                                                                                                                                    MD5:E11DC8BC51F8675B3F41B2A090FBC6EB
                                                                                                                                    SHA1:8CB86A35A4991E3E5FF29F0C32882F639F029A84
                                                                                                                                    SHA-256:83371371A98FE0BC4FE1AFB646B946EF3FA64E4854D7CF3E53FE23334241D689
                                                                                                                                    SHA-512:155892710D45DA4FF7CA9A1E5620D5A76F9263294BDD88C520D47FD61F677270B8D0D5D0FDD369ED3E7D47FF7879B6DE5F0E1088542D4379AF1E97888466E294
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {B7436F32-53E3-4720-AD5E-E66EAC48F2A6}..PkgType = APAC..ComponentID=106136......[Version]......Method = MSI..Data = {B7436F32-53E3-4720-AD5E-E66EAC48F2A6}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\XPSOSD\DrvCfg64.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:Generic INItialization configuration [Regular]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):362
                                                                                                                                    Entropy (8bit):5.397182366818098
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:wNx9at3KKV5lFit3KKV5gCt3LSy+pfvcY5zFF6mrqF8kOWVbovARvcY5zFF6my:CxAtBV5ritBV5gCt7Sy+pf0YVFFBy8zv
                                                                                                                                    MD5:E11DC8BC51F8675B3F41B2A090FBC6EB
                                                                                                                                    SHA1:8CB86A35A4991E3E5FF29F0C32882F639F029A84
                                                                                                                                    SHA-256:83371371A98FE0BC4FE1AFB646B946EF3FA64E4854D7CF3E53FE23334241D689
                                                                                                                                    SHA-512:155892710D45DA4FF7CA9A1E5620D5A76F9263294BDD88C520D47FD61F677270B8D0D5D0FDD369ED3E7D47FF7879B6DE5F0E1088542D4379AF1E97888466E294
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:;Configuration File..[Force]..1= Payload\Setup.exe /s /clone_wait..[Regular]..1= Payload\Setup.exe /s /clone_wait..[FreshInstall]..1= Payload\Setup.exe /clone_wait..; ..[Scan]........Method = MSI..Data = {B7436F32-53E3-4720-AD5E-E66EAC48F2A6}..PkgType = APAC..ComponentID=106136......[Version]......Method = MSI..Data = {B7436F32-53E3-4720-AD5E-E66EAC48F2A6}....

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\XPSOSD\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2075
                                                                                                                                    Entropy (8bit):4.799646976470784
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24:I2g88ZRyWgHSMprgCzj3Ke+KLtr3M/aI3vKlKLtbEK41EKLtk9zP:IQ8Ihhz+KLtzM/aI3yoLtFQLtU
                                                                                                                                    MD5:99F748C247B79478F7652133EBB12CB2
                                                                                                                                    SHA1:3324F5DF4EDD293BEB03490196B26A0F36674944
                                                                                                                                    SHA-256:A1E59EB0CDA090FAF87B83DA67AFA11E44B2AB6F81C815FC5286C93397F9BA04
                                                                                                                                    SHA-512:EDE81EF11FFCD6404300BBA3F05AC97D6C6DED6F71065576EC916DB0ABAE8DBFD74E914C9F03779FDC835C1FEE359CE13BDFE00FBC2AF182B88052569D150E06
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<PIEConfig>.. <SchemaVersion>1.1</SchemaVersion>.. <IVersion>1.0</IVersion>.. <EVersion>1.0</EVersion>.. <ComponentTypes>.. <ComponentType>DRVR</ComponentType>.. </ComponentTypes>.. <Runtime>.. <OperatingSystem>win</OperatingSystem>.. </Runtime>.. <RebootRequired>1</RebootRequired>.. <Plugins>.. <Plugin type="0" description="Inventory" timeout="60">.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -i</Command>.. </CliToStdout>.. <CliToFile>.. <Command>DRVUpdate.exe -i -o inv.xml</Command>.. <Output>inv.xml</Output>.. </CliToFile>.. <Modules>.. <Module>DRVUpdate.exe</Module>.. <Module>DrvCfg.ini</Module>.. </Modules>.. </Plugin>.. <Plugin type="1" description="Execution" timeout="600">... <CopyRequired>0</CopyRequired>.. <Startfile>DRVUpdate.exe</Startfile>.. <CliToStdout>.. <Command>DRVUpdate.exe -u -p package.xml</Command>.. </CliToStdout>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\XPSOSD\PIEInfo.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):69
                                                                                                                                    Entropy (8bit):4.230266176249511
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:WTMdVJMdMQWoH2oFWuyRQKL:WT0VJMww2YWFQQ
                                                                                                                                    MD5:309382D03A5668B46A6A99EF235C8380
                                                                                                                                    SHA1:9C74FBFB082A2E8E9FD663E2523B26B6B73FE529
                                                                                                                                    SHA-256:0FB9216ED2D3331177A4353F45A553B27B590EA86F16AFFDE510B4D9955F0CA9
                                                                                                                                    SHA-512:06C631748216EEC90F87A1BC3878C3097F4CF0384EF7C6B34C970B3C22C7050905E22FA2A03C0426EDEFEFFCA7110BC9A4101D0360F134AB2DDF9F5D60D3C52E
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:* Do not run other applications while executing Dell Update Packages.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\dsupt32.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):589312
                                                                                                                                    Entropy (8bit):6.649133684763434
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:x4Ku9O6zk9WPDfdjQWG+5rp8Y41I9RTMRbf29wxQ8ueSE:a4EFrGbI9RTM8CxQ8ue
                                                                                                                                    MD5:E841C75FF49BB898424F250DC8F17569
                                                                                                                                    SHA1:C5D0CC06098C58064DDC190A8D00082CFA80C41E
                                                                                                                                    SHA-256:359143CD9BFB8EC2FA9426E64C0A3890E95D1E96F6C85270680A7669D8A3662F
                                                                                                                                    SHA-512:0602C25FF59982E645F7FF7B79748542FCFE2F9030E456A96DA4E1D6E00A0E4877EB04CBB1E7F29C28C2A2E3B8D23A4BC889F43324049E8937E17E39539030D9
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U................y.....~.......~.K......r............~.J.}...~.z.....~.{.....~.|.....Rich............PE..L...V&.]...........!.....z..........Q........................................P..................................................d.......0.......................\N......................................@...............0............................text....y.......z.................. ..`.rdata...............~..............@..@.data...$X...p...4...Z..............@....rsrc...0...........................@..@.reloc..Zi.......j..................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\icconfig_sys.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):77
                                                                                                                                    Entropy (8bit):4.734900216302676
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:vFWWMNHU8LdgCfiUNRqT9o5v:TMVBd/nNG9S
                                                                                                                                    MD5:60F028C572078AFB0DA0BAC79FF76297
                                                                                                                                    SHA1:A53A41CA9F12BB10D1F9243FC3F1129686851252
                                                                                                                                    SHA-256:F7A20244A43F0529F2D5BA1B85E4E6CCA5D8AF806E68E15BFFCE3003BFB677E8
                                                                                                                                    SHA-512:3C940EF58AD6D87A99423B7B78573E1764D37FBE807139092DCE646C1BE3789A9BD3A0161F6F381F3109CCDF6FF589BBE59D0869C72AAA0636B88FAFE8645034
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8"?>..<InvColConfig> ..</InvColConfig>..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\icconfig_user.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (345), with CRLF, LF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):42414
                                                                                                                                    Entropy (8bit):5.344220964718387
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:AesqtWoHV5QxXT8VTYsFoqqyE5cl4uOZs+MFOQx9WOst3d3cndYV3Ro:A526IVTYsFoqqyE5cEs+MFsMgi
                                                                                                                                    MD5:23419DD9806E83B89E027D4BC3C263A8
                                                                                                                                    SHA1:7B1767DC02799390532FD174F3030868E1C30492
                                                                                                                                    SHA-256:464BF6C913F8AE37DAC5DB4DCAA3DA2B9E199F0F4D9F5877E798D98C79E9B5DC
                                                                                                                                    SHA-512:FB6AFF3D9AF27603D8EB5EF3E839C109009F82088B1A9DC923534608C4F81A23F9EE00351A8281F578B11D9C77A587C719174A3F0C40FE54B8E62BB622C20690
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:.<?xml version="1.0" encoding="UTF-8"?>..<InvColConfig>.. .<InvComponent dir="ICINIT" type="cli" priority="6" level="0" timeout="30">init.bat</InvComponent>.. .<InvComponent dir="libsmbios" type="cli" priority="5" level="0" timeout="30">smbiosinfo -xml</InvComponent>.. .<InvComponent dir="DrvAppIE_PCI" type="cli" priority="5" level="0" timeout="30" out="pci.xml">..\Executables\DRVUpdate.exe -i -cDir DrvAppIE_PCI -o ..\pci.xml</InvComponent>.. .<InvComponent dir="DrvAppIE_MSI" type="cli" priority="5" level="0" timeout="30" out="msi.xml">..\Executables\DRVUpdate.exe -i -cDir DrvAppIE_MSI -o ..\msi.xml</InvComponent> ... InvComponent dir="NIC_Broadcom" type="cli" priority="5" level="0" timeout="30">BcomIE.cmd i print</InvComponent-->...<InvComponent dir="NIC_Broadcom_reg" type="cli" priority="5" level="0" timeout="30" out="NIC_Broadcom_reg.xml">..\Executables\DRVUpdate.exe -i -cDir NIC_Broadcom_reg -o ..\NIC_Broadcom_reg.xml</InvComponent>.. .<InvComponent dir="DC

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\icpolicy.xsl

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CR line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):3815
                                                                                                                                    Entropy (8bit):5.057339007998835
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:cYAKQhAkUuWVI/EfgadQ8yTuoITecjEZxVAt/WIaKNeuf1KmELxVAt/WIaKNeNrq:5tY/EfTQ8yTuTecjEtC+Il9EzC+I5D
                                                                                                                                    MD5:E780F23B8AC8DE2672F40029A3841F59
                                                                                                                                    SHA1:25B607BFF16DF2C11F5922930F092C4CE28CA0CB
                                                                                                                                    SHA-256:1BD87F5F1489DFF3A5CEB4EC6554A7FBBC9F73D78004985FDD511F08F6E087FD
                                                                                                                                    SHA-512:8A85F678422FE2A2633BB0DD95BADF7A9A936F4BC1C1B8AF9FF5179C8BAA35783AB4F3F09FB5CD61FAB0E12FCB997378ACF0FD236B3831553B8E9745669A2B4D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8"?>.<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">.<xsl:output method="xml" version="1.0" indent="yes"/>..<xsl:template match="/" >..<xsl:call-template name="NewLine"/>...<xsl:call-template name="ApplyInventory" />....<xsl:call-template name="NewLine"/>....</xsl:template>..<xsl:template name="ApplyInventory" >...<xsl:element name="SVMInventory" >....<xsl:attribute name="lang" >.....<xsl:value-of select="SVMInventory/@lang" />....</xsl:attribute>....<xsl:attribute name="schemaVersion" >.....<xsl:value-of select="SVMInventory/@schemaVersion" />....</xsl:attribute>....<xsl:attribute name="timeStamp" >.....<xsl:value-of select="SVMInventory/@timeStamp" />....</xsl:attribute>. <xsl:attribute name="invcolVersion" >. <xsl:value-of select="SVMInventory/@invcolVersion" />. </xsl:attribute>....<xsl:apply-templates select="//SVMInventory/OperatingSystem" />....<xsl:apply-templates select="//SVMInventory/System" /

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\icstderrlog.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\Temp\inv5098_tmp_1\invcol.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):149
                                                                                                                                    Entropy (8bit):4.870499921983731
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:vFWWMNHU8LdgCfIqVJijibIUwHaclMdoAW5WWU9K212RBdIqLvn:TMVBd/IkJo4FwTMqA6B2t6vn
                                                                                                                                    MD5:F2C17D7099D6A4C38DBDC0B2E93D2D4E
                                                                                                                                    SHA1:A12E4776B699066EF67A6ECBF84DEDC241564536
                                                                                                                                    SHA-256:E6ECCDFD805731A3E1AB6D65A6BAA1A52F7251722F82298B7F0500CEC1899DCE
                                                                                                                                    SHA-512:A721A129E0AA461C1C30F45A28EA3F63D3B74AD7545D8ABA35384A40240F15E77CE93F8AEE07F5E12D881AEB30D9D6C6E3EC3F8427ED057BEB8A15936E23B8B2
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8"?>.<InventoryError lang="e"><SPStatus result="false" module="i"><Message>I</Message></SPStatus></InventoryError>.

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\icsvc32.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):830008
                                                                                                                                    Entropy (8bit):6.717184590562203
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:IZcQq26d7uJ7jhQRdVjqort13fYJLvV6+r3gm59RqmZWlQJjn/LDH4Swx:Iqga7uJJ0PYVA+7gm55ZhhfH6
                                                                                                                                    MD5:BDDF93921AECCF64AA46B3ABD0C2CD29
                                                                                                                                    SHA1:E2C7CE52755C35B6437A8866F72B74A1E3427051
                                                                                                                                    SHA-256:2D4F921D9E4CB2A0C0E01B132FBE5045E9FF0975944B22B4D0BAE544B909B2EA
                                                                                                                                    SHA-512:E042AFC84DAD48642184A23E98B59D6311FD9FF0343B6158F478A738677A5AE5F7EA265BA82DF75B77C4B3644F6C3CEB3C4EBE7224535CE2661418B21929ADA7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N......P...P...P...P...P...P...Pe..P...P...P...Pe.;P...P-Y.P...Pe.>P8..Pe..P...P...P...Pe.?P...Pe..P...Pe..P...Pe..P...PRich...P........PE..L...b&.]...........!.....*...`...............@......................................]0.......................................`..........................8.......`................................... ...@............@...............................text....).......*.................. ..`.rdata...]...@...^..................@..@.data...03......."..................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\icsvc32.dll.intermediate.manifest

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):616
                                                                                                                                    Entropy (8bit):5.068947090669408
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:TM3iSnRuV1aMN2U5Nci62xA5NXvNxW5601pSuhVgId6Ngk+G:qPnRuV4MPgicifzhVgIdITl
                                                                                                                                    MD5:8729F8C4ABBBFFD748F9C224994B9DD8
                                                                                                                                    SHA1:147DBAA1701BD7444F6D9BDBD2F2C0C31EC5530B
                                                                                                                                    SHA-256:44B6C2EC0E2B484F6E7ECD4EA157BDA1A7C17B12DCE0BC8D7BC1973B6A847875
                                                                                                                                    SHA-512:ED50A7431491887E67E13CD0EC875F452BCF6FB4CE6F30A9D48D409D211358332015BF0CF5588102F3F984F288D15329FCA11AF9D3FF8C48C7669A4E4C452D4A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<?xml version='1.0' encoding='UTF-8' standalone='yes'?>..<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level='asInvoker' uiAccess='false' />.. </requestedPrivileges>.. </security>.. </trustInfo>.. <dependency>.. <dependentAssembly>.. <assemblyIdentity type='win32' name='Microsoft.VC80.CRT' version='8.0.50608.0' processorArchitecture='x86' publicKeyToken='1fc8b3b9a1e18e3b' />.. </dependentAssembly>.. </dependency>..</assembly>..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\invcol.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):21040
                                                                                                                                    Entropy (8bit):6.586699823216155
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:cKbhbGhQENUnQHJFRi9QMvWgMzSHCG6WCxHW6jWr8JN77hhEz:t1SQnnQHPRkviSr6PBjD3hS
                                                                                                                                    MD5:506B775742D085B7921B84E0FFEB63C1
                                                                                                                                    SHA1:D10668B90E8A5CB0355B3C87FD365181686C9F0B
                                                                                                                                    SHA-256:14DAFBA5822E4CF9CA49CCF012F481D3022345B2C58DBCA61ED17DB0DFD39D5A
                                                                                                                                    SHA-512:CFB303F0007262850C5B2C53B542382937742CB2A9AC2A1B49165248CAF286CD934331A0BA574BE572AB86DAFF7E861B2797618B48B81DAA52955C423A362B96
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........=..n..n..nG..n..n...n..n..;n..n..n..n...n..n..n..n..:n..n...n..nRich..n................PE..L...e&.]............................:$.......0....@..........................p.......{......................................t<..P....`...............6..0............................................;..@............0...............................text............................... ..`.rdata..v....0......................@..@.data........P.......2..............@....rsrc........`.......4..............@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\libsmbios\PIEConfig.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):130
                                                                                                                                    Entropy (8bit):4.536164830644544
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:vuFFLMKEJcAFKbFWJ9LDbGARZNFBeKj/QAm/GAOn:vuF5MfUhWJ9S8z7HjIXuR
                                                                                                                                    MD5:DD9F9C913DC476D6A64449E4842DE944
                                                                                                                                    SHA1:42FFF2606077CEE64232101DF710A653D2357F4C
                                                                                                                                    SHA-256:93D3534EDE6A89DA26A22CCA4856C007C7804F0F90337970FE7A2E9E9F3C0C8D
                                                                                                                                    SHA-512:63971868F96D350D8988E25CEB656769BDDCDBEB586AA0ED7A3571C4C84EDCEE70753CC98FBA469B76C891B2A20A7B9A68D5B7C4E8261EDF25DB704112446FBE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<dummy>.. This is a dummy file to subsitute for PIEConfig.xml for devices which do not have.. a supported systems list..</dummy>

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\libsmbios\smbiosHelp.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):382
                                                                                                                                    Entropy (8bit):4.4813055918421965
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:gsNqIMRceDXXlsg6fzTqssxqp7bNv9RGUhiWFz39RRhs2C2gZv4IOy/KbF52cmUy:gsDQXjeOktv9Dou39Pg2fIDcIp
                                                                                                                                    MD5:C62D1009D441822D359DAC273B851A92
                                                                                                                                    SHA1:C8EF6837C3D2A6752648A33F45A4E2D6FACDA6DA
                                                                                                                                    SHA-256:461FA4C62DD9FFEEAAD6E6A5F6348B36C129B9CBE4BFBE29A7D289159B71DA43
                                                                                                                                    SHA-512:987E3E3CDC6E61FB42BF5528C453708F7651CCB98CB701D02E322C2A1E9B3E5B328721A82C3C017A3F157BE213906AE60AC6F7B2E2A5BBC6CF9CFABF03980BFC
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:Libsmbios utility to get info from SMBIOS table..Usage: %s [-i|-xml|-h| [filename]..Options:('-' may be substituted for '/').... -i Display the system Model, system ID and BIOS version... -xml Display the system ID and BIOS version in XML format... -h Show this help message... filename Specifies the full path to the file to write to...

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\libsmbios\smbiosinfo.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):292400
                                                                                                                                    Entropy (8bit):6.25665506065187
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:qwbZBY1NPVaQHgbWA4GkwiirJgEis17PtIeR97gv7QTi4hjquWuGMLvbNO68oWML:jBq7g+EiUR97M7Q9OUUaEKvBzOQDN
                                                                                                                                    MD5:38E81E515D5561C26DDE46E2E8E0293C
                                                                                                                                    SHA1:9F96F71F12D145F0233252CF81A49525BD98A9FF
                                                                                                                                    SHA-256:CD0DA11B99302E113272ADA42AD2BFB00BA3DBABC5BF0664F3D2ABC12D90B9EC
                                                                                                                                    SHA-512:3E1698ED170538C5E3EBEF6AC66AC37D0CF44764C95F5F4D9B4F51426477C3A753A1CEBA0C10E97505E4483F7E19A698EC5A8597C039DF16276FE737A76A3719
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W...6...6...6...N...6..Vx..6...@..6...@..6...@..6...N..6...6~.g6...@..6...@..6...@..6...6..6...@..6..Rich.6..................PE..L....&.].................T...................p....@..........................................................................9..........H............Z..0............r..................................@............p......\8..@....................text...*S.......T.................. ..`.rdata..d....p.......X..............@..@.data...(....`.......:..............@....rsrc...H............T..............@..@........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\libsmbios\smbiosinfo.exe.intermediate.manifest

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):381
                                                                                                                                    Entropy (8bit):4.9116145157351045
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:TM3iSnjUglRu9TbX+A1WBRu9TNNSTfUTdNciW7N2x8RTdN9TIHG:TM3iSnRuV1aMN2U5Nci62xA5NEG
                                                                                                                                    MD5:1E4A89B11EAE0FCF8BB5FDD5EC3B6F61
                                                                                                                                    SHA1:4260284CE14278C397AAF6F389C1609B0AB0CE51
                                                                                                                                    SHA-256:4BB79DCEA0A901F7D9EAC5AA05728AE92ACB42E0CB22E5DD14134F4421A3D8DF
                                                                                                                                    SHA-512:8C290919E456A80D87DD6D243E4713945432B9A2BC158BFA5B81AE9FED1A8DD693DA51914FA4014C5B8596E36186A9C891741C3B9011958C7AC240B7D818F815
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<?xml version='1.0' encoding='UTF-8' standalone='yes'?>..<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">.. <security>.. <requestedPrivileges>.. <requestedExecutionLevel level='asInvoker' uiAccess='false' />.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>..

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\msvcp100.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):421200
                                                                                                                                    Entropy (8bit):6.59808962341698
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
                                                                                                                                    MD5:03E9314004F504A14A61C3D364B62F66
                                                                                                                                    SHA1:0AA3CAAC24FDF9D9D4C618E2BBF0A063036CD55D
                                                                                                                                    SHA-256:A3BA6421991241BEA9C8334B62C3088F8F131AB906C3CC52113945D05016A35F
                                                                                                                                    SHA-512:2FCFF4439D2759D93C57D49B24F28AE89B7698E284E76AC65FE2B50BDEFC23A8CC3C83891D671DE4E4C0F036CEF810856DE79AC2B028AA89A895BF35ABFF8C8D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._d..17..17..17...7..17..7..17..07 .17(..7..17..7..17..7..17..7..17..7..17..7..17..7..17..7..17Rich..17........................PE..L.....K.........."!.................<.............x......................................@.................................`...<.... ...............V..P....0..H;..p................................/..@...............p............................text............................... ..`.data...$:.......,..................@....rsrc........ ......................@..@.reloc...S...0...T..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\msvcp140.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):633152
                                                                                                                                    Entropy (8bit):6.344861237666909
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:eNQSZJrC30ovvjPo9E/YZt4QEKZm+jWodEEV2qwcg5MpccRwLM:0Z2jPo96QEKZm+jWodEEYqwcg5Mpck9
                                                                                                                                    MD5:9FF712C25312821B8AEC84C4F8782A34
                                                                                                                                    SHA1:1A7A250D92A59C3AF72A9573CFFEC2FCFA525F33
                                                                                                                                    SHA-256:517CD3AAC2177A357CCA6032F07AD7360EE8CA212A02DD6E1301BF6CFADE2094
                                                                                                                                    SHA-512:5A65DA337E64EA42BCC461B411AE622CE4DEC1036638B1E5DE4757B366875D7F13C1290F2EE345F358994F648C5941DB35AA5D2313F547605508FD2BCC047E33
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`....}...}...}.......}..y...}.._|...}...|...}.._~...}.._y...}.._x...}.._u...}.._}...}.._....}.._....}.Rich..}.........................PE..d....LZW.........." ................@.....................................................`A............................................h...h...,............P...B...j..@?..............8...........................` ......................,...@....................text............................... ..`.rdata..............................@..@.data...L9..........................@....pdata...B...P...D..................@..@.didat..h............X..............@....rsrc................Z..............@..@.reloc...............^..............@..B................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\msvcr100.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):770384
                                                                                                                                    Entropy (8bit):6.908020029901359
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
                                                                                                                                    MD5:67EC459E42D3081DD8FD34356F7CAFC1
                                                                                                                                    SHA1:1738050616169D5B17B5ADAC3FF0370B8C642734
                                                                                                                                    SHA-256:1221A09484964A6F38AF5E34EE292B9AFEFCCB3DC6E55435FD3AAF7C235D9067
                                                                                                                                    SHA-512:9ED1C106DF217E0B4E4FBD1F4275486CEBA1D8A225D6C7E47B854B0B5E6158135B81BE926F51DB0AD5C624F9BD1D09282332CF064680DC9F7D287073B9686D33
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ R.HA<.HA<.HA<.A9..KA<.HA=..A<.'7..@<.'7...A<.'7..|A<.'7...A<.'7..IA<.'7..IA<.'7..IA<.RichHA<.........PE..L.....K.........."!................. ....... .....x.................................S....@..........................I......D...(.......................P....... L..h...8...........................pE..@............................................text............................... ..`.data...|Z... ...N..................@....rsrc................X..............@..@.reloc.. L.......N...\..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv5098_tmp_1\vcruntime140.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):87888
                                                                                                                                    Entropy (8bit):6.509817790363228
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:6iOTTyN9d/mqN5fomseOpLZ5UP4nlf9ecbtGgcvg9EBIN:6DIVzgx5UAecbt4g9EuN
                                                                                                                                    MD5:EDF9D5C18111D82CF10EC99F6AFA6B47
                                                                                                                                    SHA1:D247F5B9D4D3061E3D421E0E623595AA40D9493C
                                                                                                                                    SHA-256:D89C7B863FC1AC3A179D45D5FE1B9FD35FB6FBD45171CA68D0D68AB1C1AD04FB
                                                                                                                                    SHA-512:BF017AA8275C5B6D064984A606C5D40852AA70047759468395FE520F7F68B5452BEFC3145EFAA7C51F8EC3BF71D9E32DBD5633637F040D58FF9A4B6953BF1CBF
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......).uym~.*m~.*m~.*...*o~.*d..*f~.*m~.*F~.*V .+n~.*V .+g~.*V .+f~.*V .+s~.*V .+l~.*V .*l~.*V .+l~.*Richm~.*........PE..d....LZW.........." .........T......@........................................p......-.....`A........................................0...4...d........P.......0..........P?...`..p...p...8............................................................................text...'........................... ..`.rdata..f5.......6..................@..@.data........ ......................@....pdata.......0......................@..@_RDATA.......@......................@..@.rsrc........P......................@..@.reloc..p....`......................@..B........................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv65D5_tmp\dsupt32.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):589312
                                                                                                                                    Entropy (8bit):6.649133684763434
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:x4Ku9O6zk9WPDfdjQWG+5rp8Y41I9RTMRbf29wxQ8ueSE:a4EFrGbI9RTM8CxQ8ue
                                                                                                                                    MD5:E841C75FF49BB898424F250DC8F17569
                                                                                                                                    SHA1:C5D0CC06098C58064DDC190A8D00082CFA80C41E
                                                                                                                                    SHA-256:359143CD9BFB8EC2FA9426E64C0A3890E95D1E96F6C85270680A7669D8A3662F
                                                                                                                                    SHA-512:0602C25FF59982E645F7FF7B79748542FCFE2F9030E456A96DA4E1D6E00A0E4877EB04CBB1E7F29C28C2A2E3B8D23A4BC889F43324049E8937E17E39539030D9
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U................y.....~.......~.K......r............~.J.}...~.z.....~.{.....~.|.....Rich............PE..L...V&.]...........!.....z..........Q........................................P..................................................d.......0.......................\N......................................@...............0............................text....y.......z.................. ..`.rdata...............~..............@..@.data...$X...p...4...Z..............@....rsrc...0...........................@..@.reloc..Zi.......j..................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv65D5_tmp\icconfig_sys.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):77
                                                                                                                                    Entropy (8bit):4.734900216302676
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:vFWWMNHU8LdgCfiUNRqT9o5v:TMVBd/nNG9S
                                                                                                                                    MD5:60F028C572078AFB0DA0BAC79FF76297
                                                                                                                                    SHA1:A53A41CA9F12BB10D1F9243FC3F1129686851252
                                                                                                                                    SHA-256:F7A20244A43F0529F2D5BA1B85E4E6CCA5D8AF806E68E15BFFCE3003BFB677E8
                                                                                                                                    SHA-512:3C940EF58AD6D87A99423B7B78573E1764D37FBE807139092DCE646C1BE3789A9BD3A0161F6F381F3109CCDF6FF589BBE59D0869C72AAA0636B88FAFE8645034
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8"?>..<InvColConfig> ..</InvColConfig>..

                                                                                                                                    C:\Windows\Temp\inv65D5_tmp\icconfig_user.xml

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (345), with CRLF, LF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):42414
                                                                                                                                    Entropy (8bit):5.344220964718387
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:AesqtWoHV5QxXT8VTYsFoqqyE5cl4uOZs+MFOQx9WOst3d3cndYV3Ro:A526IVTYsFoqqyE5cEs+MFsMgi
                                                                                                                                    MD5:23419DD9806E83B89E027D4BC3C263A8
                                                                                                                                    SHA1:7B1767DC02799390532FD174F3030868E1C30492
                                                                                                                                    SHA-256:464BF6C913F8AE37DAC5DB4DCAA3DA2B9E199F0F4D9F5877E798D98C79E9B5DC
                                                                                                                                    SHA-512:FB6AFF3D9AF27603D8EB5EF3E839C109009F82088B1A9DC923534608C4F81A23F9EE00351A8281F578B11D9C77A587C719174A3F0C40FE54B8E62BB622C20690
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:.<?xml version="1.0" encoding="UTF-8"?>..<InvColConfig>.. .<InvComponent dir="ICINIT" type="cli" priority="6" level="0" timeout="30">init.bat</InvComponent>.. .<InvComponent dir="libsmbios" type="cli" priority="5" level="0" timeout="30">smbiosinfo -xml</InvComponent>.. .<InvComponent dir="DrvAppIE_PCI" type="cli" priority="5" level="0" timeout="30" out="pci.xml">..\Executables\DRVUpdate.exe -i -cDir DrvAppIE_PCI -o ..\pci.xml</InvComponent>.. .<InvComponent dir="DrvAppIE_MSI" type="cli" priority="5" level="0" timeout="30" out="msi.xml">..\Executables\DRVUpdate.exe -i -cDir DrvAppIE_MSI -o ..\msi.xml</InvComponent> ... InvComponent dir="NIC_Broadcom" type="cli" priority="5" level="0" timeout="30">BcomIE.cmd i print</InvComponent-->...<InvComponent dir="NIC_Broadcom_reg" type="cli" priority="5" level="0" timeout="30" out="NIC_Broadcom_reg.xml">..\Executables\DRVUpdate.exe -i -cDir NIC_Broadcom_reg -o ..\NIC_Broadcom_reg.xml</InvComponent>.. .<InvComponent dir="DC

                                                                                                                                    C:\Windows\Temp\inv65D5_tmp\icpolicy.xsl

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CR line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):3815
                                                                                                                                    Entropy (8bit):5.057339007998835
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:cYAKQhAkUuWVI/EfgadQ8yTuoITecjEZxVAt/WIaKNeuf1KmELxVAt/WIaKNeNrq:5tY/EfTQ8yTuTecjEtC+Il9EzC+I5D
                                                                                                                                    MD5:E780F23B8AC8DE2672F40029A3841F59
                                                                                                                                    SHA1:25B607BFF16DF2C11F5922930F092C4CE28CA0CB
                                                                                                                                    SHA-256:1BD87F5F1489DFF3A5CEB4EC6554A7FBBC9F73D78004985FDD511F08F6E087FD
                                                                                                                                    SHA-512:8A85F678422FE2A2633BB0DD95BADF7A9A936F4BC1C1B8AF9FF5179C8BAA35783AB4F3F09FB5CD61FAB0E12FCB997378ACF0FD236B3831553B8E9745669A2B4D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8"?>.<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">.<xsl:output method="xml" version="1.0" indent="yes"/>..<xsl:template match="/" >..<xsl:call-template name="NewLine"/>...<xsl:call-template name="ApplyInventory" />....<xsl:call-template name="NewLine"/>....</xsl:template>..<xsl:template name="ApplyInventory" >...<xsl:element name="SVMInventory" >....<xsl:attribute name="lang" >.....<xsl:value-of select="SVMInventory/@lang" />....</xsl:attribute>....<xsl:attribute name="schemaVersion" >.....<xsl:value-of select="SVMInventory/@schemaVersion" />....</xsl:attribute>....<xsl:attribute name="timeStamp" >.....<xsl:value-of select="SVMInventory/@timeStamp" />....</xsl:attribute>. <xsl:attribute name="invcolVersion" >. <xsl:value-of select="SVMInventory/@invcolVersion" />. </xsl:attribute>....<xsl:apply-templates select="//SVMInventory/OperatingSystem" />....<xsl:apply-templates select="//SVMInventory/System" /

                                                                                                                                    C:\Windows\Temp\inv65D5_tmp\icprogredir.txt

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\Temp\inv65D5_tmp\invcol.exe
                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                    Category:modified
                                                                                                                                    Size (bytes):6840
                                                                                                                                    Entropy (8bit):4.701403334088193
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:lppppppppppppppppppppppppppppppppppppppppppppppppppppppppL:x
                                                                                                                                    MD5:6AAF3EFCFFAD205787BA55A24B7A3A88
                                                                                                                                    SHA1:58638DD135A44A0DFC124F5C2309C74BBF507867
                                                                                                                                    SHA-256:4E6C412858D082D715757CAFE9DC886404B448FDE9ADEA234048D42DE0CEE818
                                                                                                                                    SHA-512:A237B573EFC10228D646E3B5878AA002AB6565A02B50F7FB5CAD73C4B20BA3A1492CF7F8F20C9184006D283A3EC9463AA3B7F5E8EBE2DAD01DB11D316A2F9F8A
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:I/O warning : failed to load external entity "file:///C:/Windows/TEMP/ICProgress/Dell_InventoryCollector_Progress.xml"..I/O warning : failed to load external entity "file:///C:/Windows/TEMP/ICProgress/Dell_InventoryCollector_Progress.xml"..I/O warning : failed to load external entity "file:///C:/Windows/TEMP/ICProgress/Dell_InventoryCollector_Progress.xml"..I/O warning : failed to load external entity "file:///C:/Windows/TEMP/ICProgress/Dell_InventoryCollector_Progress.xml"..I/O warning : failed to load external entity "file:///C:/Windows/TEMP/ICProgress/Dell_InventoryCollector_Progress.xml"..I/O warning : failed to load external entity "file:///C:/Windows/TEMP/ICProgress/Dell_InventoryCollector_Progress.xml"..I/O warning : failed to load external entity "file:///C:/Windows/TEMP/ICProgress/Dell_InventoryCollector_Progress.xml"..I/O warning : failed to load external entity "file:///C:/Windows/TEMP/ICProgress/Dell_InventoryCollector_Progress.xml"..I/O warning : failed to load external en

                                                                                                                                    C:\Windows\Temp\inv65D5_tmp\icsvc32.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):830008
                                                                                                                                    Entropy (8bit):6.717184590562203
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:IZcQq26d7uJ7jhQRdVjqort13fYJLvV6+r3gm59RqmZWlQJjn/LDH4Swx:Iqga7uJJ0PYVA+7gm55ZhhfH6
                                                                                                                                    MD5:BDDF93921AECCF64AA46B3ABD0C2CD29
                                                                                                                                    SHA1:E2C7CE52755C35B6437A8866F72B74A1E3427051
                                                                                                                                    SHA-256:2D4F921D9E4CB2A0C0E01B132FBE5045E9FF0975944B22B4D0BAE544B909B2EA
                                                                                                                                    SHA-512:E042AFC84DAD48642184A23E98B59D6311FD9FF0343B6158F478A738677A5AE5F7EA265BA82DF75B77C4B3644F6C3CEB3C4EBE7224535CE2661418B21929ADA7
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N......P...P...P...P...P...P...Pe..P...P...P...Pe.;P...P-Y.P...Pe.>P8..Pe..P...P...P...Pe.?P...Pe..P...Pe..P...Pe..P...PRich...P........PE..L...b&.]...........!.....*...`...............@......................................]0.......................................`..........................8.......`................................... ...@............@...............................text....).......*.................. ..`.rdata...]...@...^..................@..@.data...03......."..................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv65D5_tmp\invcol.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):21040
                                                                                                                                    Entropy (8bit):6.586699823216155
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:384:cKbhbGhQENUnQHJFRi9QMvWgMzSHCG6WCxHW6jWr8JN77hhEz:t1SQnnQHPRkviSr6PBjD3hS
                                                                                                                                    MD5:506B775742D085B7921B84E0FFEB63C1
                                                                                                                                    SHA1:D10668B90E8A5CB0355B3C87FD365181686C9F0B
                                                                                                                                    SHA-256:14DAFBA5822E4CF9CA49CCF012F481D3022345B2C58DBCA61ED17DB0DFD39D5A
                                                                                                                                    SHA-512:CFB303F0007262850C5B2C53B542382937742CB2A9AC2A1B49165248CAF286CD934331A0BA574BE572AB86DAFF7E861B2797618B48B81DAA52955C423A362B96
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........=..n..n..nG..n..n...n..n..;n..n..n..n...n..n..n..n..:n..n...n..nRich..n................PE..L...e&.]............................:$.......0....@..........................p.......{......................................t<..P....`...............6..0............................................;..@............0...............................text............................... ..`.rdata..v....0......................@..@.data........P.......2..............@....rsrc........`.......4..............@..@........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv65D5_tmp\msvcp100.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):421200
                                                                                                                                    Entropy (8bit):6.59808962341698
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
                                                                                                                                    MD5:03E9314004F504A14A61C3D364B62F66
                                                                                                                                    SHA1:0AA3CAAC24FDF9D9D4C618E2BBF0A063036CD55D
                                                                                                                                    SHA-256:A3BA6421991241BEA9C8334B62C3088F8F131AB906C3CC52113945D05016A35F
                                                                                                                                    SHA-512:2FCFF4439D2759D93C57D49B24F28AE89B7698E284E76AC65FE2B50BDEFC23A8CC3C83891D671DE4E4C0F036CEF810856DE79AC2B028AA89A895BF35ABFF8C8D
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........._d..17..17..17...7..17..7..17..07 .17(..7..17..7..17..7..17..7..17..7..17..7..17..7..17..7..17Rich..17........................PE..L.....K.........."!.................<.............x......................................@.................................`...<.... ...............V..P....0..H;..p................................/..@...............p............................text............................... ..`.data...$:.......,..................@....rsrc........ ......................@..@.reloc...S...0...T..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\inv65D5_tmp\msvcr100.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):770384
                                                                                                                                    Entropy (8bit):6.908020029901359
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:fQmCy3NeRjkpQmj3oaMtQqjoygfXq3kon9IlbgaOxQdVJJ6j5EBKX8hR5:ImCy3VQs9MtLjTgfa3kon9FaOdEz5
                                                                                                                                    MD5:67EC459E42D3081DD8FD34356F7CAFC1
                                                                                                                                    SHA1:1738050616169D5B17B5ADAC3FF0370B8C642734
                                                                                                                                    SHA-256:1221A09484964A6F38AF5E34EE292B9AFEFCCB3DC6E55435FD3AAF7C235D9067
                                                                                                                                    SHA-512:9ED1C106DF217E0B4E4FBD1F4275486CEBA1D8A225D6C7E47B854B0B5E6158135B81BE926F51DB0AD5C624F9BD1D09282332CF064680DC9F7D287073B9686D33
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ R.HA<.HA<.HA<.A9..KA<.HA=..A<.'7..@<.'7...A<.'7..|A<.'7...A<.'7..IA<.'7..IA<.'7..IA<.RichHA<.........PE..L.....K.........."!................. ....... .....x.................................S....@..........................I......D...(.......................P....... L..h...8...........................pE..@............................................text............................... ..`.data...|Z... ...N..................@....rsrc................X..............@..@.reloc.. L.......N...\..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\~DF1C4FA8E7648226DD.TMP

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):32768
                                                                                                                                    Entropy (8bit):0.08396341416896398
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOumymRxuJXuOvyuIX4Vky6lwt/:2F0i8n0itFzDHFumueGyuCw1
                                                                                                                                    MD5:6EE330C1B3A566E67B2C4E248CF9A7A7
                                                                                                                                    SHA1:1417BCA391BFB978537AA3D73E9AC84B784C625F
                                                                                                                                    SHA-256:79CE96E76A20ED6196653F196BA3BF29155006082B1731526B0D5991D3A14005
                                                                                                                                    SHA-512:52E854EC342C3C4581545E8C99ECDAF8D3CE9D8B9536C4BC9665DE035D4B2E5C436DAEDECA99079E954FFC4B18F5C77A093A32A23D754CFE482FC8BB4D5CCC60
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\~DF489099101C15BDA5.TMP

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):512
                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3::
                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\~DF526D8A41D8DABAF5.TMP

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):73728
                                                                                                                                    Entropy (8bit):0.36669550499389353
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:SVqDpip2pAvp5pe/pip2pAvp5pAqRtBADZ:SVqD8YMnc/8YMnxRtBC
                                                                                                                                    MD5:E22C227291848E0ECCD1F0B15EEF3B27
                                                                                                                                    SHA1:F570FD582B70DDE978DF6CDFFBECCBBF179BE49C
                                                                                                                                    SHA-256:25DB08ED1B67CBDC4618B2584EF3AD9D2D092BBE4E346A93B14D093BB89EC7C3
                                                                                                                                    SHA-512:256B63797E7FA94A206241520FF30A53B844CADD16502E8D71CEB5247FF299C074E792AD9DCBCCCF4EC916A05DE284B920F37CEAFCB4D28F8C3C136FD90C7D7C
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\~DF5B858D7FB1AFCFB7.TMP

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):49152
                                                                                                                                    Entropy (8bit):1.2885986534621554
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:PWFI8T58NGg/pip2pAvp5pAqRtBAAqDpip2pAvp5pl:eFI89O7/8YMnxRtBFqD8YMnr
                                                                                                                                    MD5:E3A75D5D66CE74AA5A7F5E91D3CB4BD7
                                                                                                                                    SHA1:7536AA7398F67C55CF32C00A6CB74D24D33B659C
                                                                                                                                    SHA-256:C97704E660C6ECDE6B3721699D1B732C181B741CF8C3971CAFB07E555B2E1770
                                                                                                                                    SHA-512:7F82A0FB0BBBC7F2D4F3AA269664021580275E5A2438365D7B89A40C1966EEFF0A24D0D2E363F69B7EC688D23844A40473958BCAD3C07B9DA660798904EC5400
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\~DF5C036DA607E72E5E.TMP

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):512
                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3::
                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\~DF635F4678B45AEFCB.TMP

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):24576
                                                                                                                                    Entropy (8bit):1.9797411205577222
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:9h+1uFTmGg/pip2pAvp5pAqRtBAAqDpip2pAvp5pl:O1cy7/8YMnxRtBFqD8YMnr
                                                                                                                                    MD5:1A7C2A93B29822DA0BF6971CA6B260CE
                                                                                                                                    SHA1:17D511C4AC676247FA7B7D7D1691516593973422
                                                                                                                                    SHA-256:8F3A5507858458B21854EE4196499831D15F6370410D004D7ECD4F0517CF968C
                                                                                                                                    SHA-512:B4CB740DD2488AA431D11CE41F81EF70C05884752B92127A3D551C2F2FD3633FF01EC366870B65F3638C48A32D6A7D1CAF575A485AF30545F0CC25FFB8EF6CDC
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\~DFABA8FBD401824BDB.TMP

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):49152
                                                                                                                                    Entropy (8bit):1.2885986534621554
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:PWFI8T58NGg/pip2pAvp5pAqRtBAAqDpip2pAvp5pl:eFI89O7/8YMnxRtBFqD8YMnr
                                                                                                                                    MD5:E3A75D5D66CE74AA5A7F5E91D3CB4BD7
                                                                                                                                    SHA1:7536AA7398F67C55CF32C00A6CB74D24D33B659C
                                                                                                                                    SHA-256:C97704E660C6ECDE6B3721699D1B732C181B741CF8C3971CAFB07E555B2E1770
                                                                                                                                    SHA-512:7F82A0FB0BBBC7F2D4F3AA269664021580275E5A2438365D7B89A40C1966EEFF0A24D0D2E363F69B7EC688D23844A40473958BCAD3C07B9DA660798904EC5400
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\~DFC52430845855F67F.TMP

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):512
                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3::
                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\~DFD646EF3E138C0ED4.TMP

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):49152
                                                                                                                                    Entropy (8bit):1.2885986534621554
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:PWFI8T58NGg/pip2pAvp5pAqRtBAAqDpip2pAvp5pl:eFI89O7/8YMnxRtBFqD8YMnr
                                                                                                                                    MD5:E3A75D5D66CE74AA5A7F5E91D3CB4BD7
                                                                                                                                    SHA1:7536AA7398F67C55CF32C00A6CB74D24D33B659C
                                                                                                                                    SHA-256:C97704E660C6ECDE6B3721699D1B732C181B741CF8C3971CAFB07E555B2E1770
                                                                                                                                    SHA-512:7F82A0FB0BBBC7F2D4F3AA269664021580275E5A2438365D7B89A40C1966EEFF0A24D0D2E363F69B7EC688D23844A40473958BCAD3C07B9DA660798904EC5400
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\~DFE3F70735A49CDCF3.TMP

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):512
                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3::
                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\~DFED077D5C34C4D61A.TMP

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):512
                                                                                                                                    Entropy (8bit):0.0
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3::
                                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Windows\Temp\~DFF1737B33627BA910.TMP

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\msiexec.exe
                                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):24576
                                                                                                                                    Entropy (8bit):1.9797411205577222
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:96:9h+1uFTmGg/pip2pAvp5pAqRtBAAqDpip2pAvp5pl:O1cy7/8YMnxRtBFqD8YMnr
                                                                                                                                    MD5:1A7C2A93B29822DA0BF6971CA6B260CE
                                                                                                                                    SHA1:17D511C4AC676247FA7B7D7D1691516593973422
                                                                                                                                    SHA-256:8F3A5507858458B21854EE4196499831D15F6370410D004D7ECD4F0517CF968C
                                                                                                                                    SHA-512:B4CB740DD2488AA431D11CE41F81EF70C05884752B92127A3D551C2F2FD3633FF01EC366870B65F3638C48A32D6A7D1CAF575A485AF30545F0CC25FFB8EF6CDC
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    \Device\ConDrv

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\Temp\inv5098_tmp_1\invcol.exe
                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):302
                                                                                                                                    Entropy (8bit):4.9075993010913965
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6:TMVBd/PkJo4FwTMqA6B2t6OMVBd/PkJo4FwTMqA6B2t6y:TMHd3kJw6/MHd3kJw6z
                                                                                                                                    MD5:605165C31CC683B2A530C46759BB18B1
                                                                                                                                    SHA1:4EDFED01CB17141723F57B35A6C0B450BFFEDAE1
                                                                                                                                    SHA-256:66FBC5AB1D546CE1BD6D3D4FFAD3F8E4F7174921BE7538CA0148EE2C9BB771D5
                                                                                                                                    SHA-512:C086356FE2AE79D83CF7A090EA7ED408A01A0F1CBAE5960785D85CF94EF504815912848A2F3C4ED05A46D096E454E15F1C0F731D351DF3719AC850CA5233F516
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:<?xml version="1.0" encoding="UTF-8"?>..<InventoryError lang="e"><SPStatus result="false" module="i"><Message>I</Message></SPStatus></InventoryError>..<?xml version="1.0" encoding="UTF-8"?>..<InventoryError lang="e"><SPStatus result="false" module="i"><Message>I</Message></SPStatus></InventoryError>..

                                                                                                                                    Static File Info

                                                                                                                                    General

                                                                                                                                    File type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                    Entropy (8bit):7.99998848934909
                                                                                                                                    TrID:
                                                                                                                                    • ZIP compressed archive (8000/1) 100.00%
                                                                                                                                    File name:at.zip
                                                                                                                                    File size:14'491'122 bytes
                                                                                                                                    MD5:6dd87a1d9baaf21fa3442e6680e0e447
                                                                                                                                    SHA1:52bde540e5ae24f09118318242fcc0c3f2ef51e5
                                                                                                                                    SHA256:54cc640764057626ed48c0c5a6067325c65a8793b50f2e8ec55b2343d7ba5c45
                                                                                                                                    SHA512:0302b12a4194fec5802a068c6de531084915ae9a05570848ee1a8c67531043b784a99c677abe8ec2fc28ff5e00eda2c67429a0623faa602ef205a0e144859b25
                                                                                                                                    SSDEEP:393216:aK/x2A921F+ZzPdImfZNRWf/h5McaGahuk:ayn921FUzPdXfZN+ZJyuk
                                                                                                                                    TLSH:CAE63336DC6DD42CDB3B829E4953428E60AADDE70BD5033DB24BEF12652785ED874E02
                                                                                                                                    File Content Preview:PK.........@UYa........&..,.$.E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi.. .........>}.G.#..=}.G.#..;}.G.#....D...p..-...}..:..c/\......r..p=..H..c^p%..R.....;...3..p.[...].?...........^...a[l.......j.)...KK.....l.'..3.C..........L.S...B,.N..!+.P..~..t.

                                                                                                                                    File Icon

                                                                                                                                    Icon Hash:1c1c1e4e4ececedc

                                                                                                                                    Network Behavior

                                                                                                                                    Network Port Distribution

                                                                                                                                    UDP Packets

                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                    Oct 21, 2024 11:59:49.833831072 CEST6051753192.168.2.161.1.1.1
                                                                                                                                    Oct 21, 2024 11:59:57.022695065 CEST6548453192.168.2.161.1.1.1
                                                                                                                                    Oct 21, 2024 12:00:13.929491997 CEST5851153192.168.2.161.1.1.1
                                                                                                                                    Oct 21, 2024 12:00:23.056601048 CEST5393853192.168.2.161.1.1.1

                                                                                                                                    DNS Queries

                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                    Oct 21, 2024 11:59:49.833831072 CEST192.168.2.161.1.1.10x84fStandard query (0)dellupdater.dell.comA (IP address)IN (0x0001)false
                                                                                                                                    Oct 21, 2024 11:59:57.022695065 CEST192.168.2.161.1.1.10x2b29Standard query (0)downloads.dell.comA (IP address)IN (0x0001)false
                                                                                                                                    Oct 21, 2024 12:00:13.929491997 CEST192.168.2.161.1.1.10x76d8Standard query (0)dellupdater.dell.comA (IP address)IN (0x0001)false
                                                                                                                                    Oct 21, 2024 12:00:23.056601048 CEST192.168.2.161.1.1.10x143bStandard query (0)downloads.dell.comA (IP address)IN (0x0001)false

                                                                                                                                    DNS Answers

                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                    Oct 21, 2024 11:59:49.841794014 CEST1.1.1.1192.168.2.160x84fNo error (0)dellupdater.dell.comdellupdater.dell.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Oct 21, 2024 11:59:57.029849052 CEST1.1.1.1192.168.2.160x2b29No error (0)downloads.dell.comdownloads.dell-cidr.akadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Oct 21, 2024 12:00:13.937928915 CEST1.1.1.1192.168.2.160x76d8No error (0)dellupdater.dell.comdellupdater.dell.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Oct 21, 2024 12:00:23.064580917 CEST1.1.1.1192.168.2.160x143bNo error (0)downloads.dell.comdownloads.dell-cidr.akadns.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                    Statistics

                                                                                                                                    CPU Usage

                                                                                                                                    Click to jump to process

                                                                                                                                    Memory Usage

                                                                                                                                    Click to jump to process

                                                                                                                                    Behavior

                                                                                                                                    Click to jump to process

                                                                                                                                    System Behavior

                                                                                                                                    General

                                                                                                                                    Target ID:0
                                                                                                                                    Start time:05:58:17
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\rundll32.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                    Imagebase:0x7ff690140000
                                                                                                                                    File size:71'680 bytes
                                                                                                                                    MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:2
                                                                                                                                    Start time:05:58:18
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                    Imagebase:0x7ff62c440000
                                                                                                                                    File size:55'320 bytes
                                                                                                                                    MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:4
                                                                                                                                    Start time:05:58:24
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p
                                                                                                                                    Imagebase:0x7ff62c440000
                                                                                                                                    File size:55'320 bytes
                                                                                                                                    MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:5
                                                                                                                                    Start time:05:58:24
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\SgrmBroker.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\SgrmBroker.exe
                                                                                                                                    Imagebase:0x7ff7648e0000
                                                                                                                                    File size:329'504 bytes
                                                                                                                                    MD5 hash:3BA1A18A0DC30A0545E7765CB97D8E63
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:6
                                                                                                                                    Start time:05:58:25
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                                                                                                    Imagebase:0x7ff62c440000
                                                                                                                                    File size:55'320 bytes
                                                                                                                                    MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:7
                                                                                                                                    Start time:05:58:25
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
                                                                                                                                    Imagebase:0x7ff62c440000
                                                                                                                                    File size:55'320 bytes
                                                                                                                                    MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:8
                                                                                                                                    Start time:05:58:25
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\svchost.exe -k UnistackSvcGroup
                                                                                                                                    Imagebase:0x7ff62c440000
                                                                                                                                    File size:55'320 bytes
                                                                                                                                    MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:11
                                                                                                                                    Start time:05:58:34
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\msiexec.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\E0CF309ACFAF60FE32F23CEFAF7C1A32DEA1B9F9.msi"
                                                                                                                                    Imagebase:0x7ff703de0000
                                                                                                                                    File size:69'632 bytes
                                                                                                                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:12
                                                                                                                                    Start time:05:58:34
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\msiexec.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                    Imagebase:0x7ff703de0000
                                                                                                                                    File size:69'632 bytes
                                                                                                                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:13
                                                                                                                                    Start time:05:58:34
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding F73FC5BE388AC90391F7C233BAB74653 C
                                                                                                                                    Imagebase:0x3e0000
                                                                                                                                    File size:59'904 bytes
                                                                                                                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:14
                                                                                                                                    Start time:05:58:35
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{607A0846-7FAA-484B-BAE7-495122EFB1D7}
                                                                                                                                    Imagebase:0x7ff61edb0000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:moderate
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:15
                                                                                                                                    Start time:05:58:35
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BD98A506-F1A0-4A2A-94F9-1230E3DC00D0}
                                                                                                                                    Imagebase:0x7ff61edb0000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:moderate
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:16
                                                                                                                                    Start time:05:58:35
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CA5762C4-33FC-4D8D-9D4F-E8335D2893E9}
                                                                                                                                    Imagebase:0x7ff61edb0000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:17
                                                                                                                                    Start time:05:58:35
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{69BB69E2-CA60-448A-B3E2-C8DB9863E765}
                                                                                                                                    Imagebase:0x7ff61edb0000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:18
                                                                                                                                    Start time:05:58:35
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F036FD47-334C-47B8-A3E5-01A14999B665}
                                                                                                                                    Imagebase:0x7ff61edb0000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:19
                                                                                                                                    Start time:05:58:35
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{B0CAD4F4-7A0D-4ED7-B980-E015B12ECC39}
                                                                                                                                    Imagebase:0x7ff61edb0000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:20
                                                                                                                                    Start time:05:58:35
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{6D39ED87-D5E3-4531-AD77-9BBEDC82DCAB}
                                                                                                                                    Imagebase:0x7ff61edb0000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:21
                                                                                                                                    Start time:05:58:36
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CD0E6580-BEFA-4156-A6B9-224AE1C144D4}
                                                                                                                                    Imagebase:0x7ff6e9610000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:22
                                                                                                                                    Start time:05:58:36
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76D3BE47-3108-4355-987E-96FD21AAE7DE}
                                                                                                                                    Imagebase:0x7ff61edb0000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:23
                                                                                                                                    Start time:05:58:36
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{93DCC339-D737-4287-9496-9EB73D0176C2}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{21D9055D-1632-4E84-9D59-F0731B49FF8E}
                                                                                                                                    Imagebase:0x7ff61edb0000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:24
                                                                                                                                    Start time:05:58:36
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{76179EBE-6058-4117-967C-80856ABD982F}
                                                                                                                                    Imagebase:0x7ff629940000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:25
                                                                                                                                    Start time:05:58:36
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B07184C-5113-4F64-92ED-9A263AB05DA7}
                                                                                                                                    Imagebase:0x7ff62c440000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:26
                                                                                                                                    Start time:05:58:36
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{10209B81-218A-4EF3-8AF1-19A29A5986F9}
                                                                                                                                    Imagebase:0x7ff629940000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:27
                                                                                                                                    Start time:05:58:36
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{996A2DD5-2A2C-48CE-AC11-9EA456FDC2E7}
                                                                                                                                    Imagebase:0x7ff629940000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:28
                                                                                                                                    Start time:05:58:36
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{EFD1604A-6248-4498-ADCE-3361829C7E1D}
                                                                                                                                    Imagebase:0x7ff629940000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:29
                                                                                                                                    Start time:05:58:36
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{CE560784-D3BB-44F4-9907-C10B218DCC17}
                                                                                                                                    Imagebase:0x7ff629940000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:30
                                                                                                                                    Start time:05:58:37
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1B60702B-AD7B-47CC-B27B-DE367CA1D354}
                                                                                                                                    Imagebase:0x7ff629940000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:31
                                                                                                                                    Start time:05:58:37
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{37BB446B-F9AF-4014-A93F-55A3E319780F}
                                                                                                                                    Imagebase:0x7ff629940000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:32
                                                                                                                                    Start time:05:58:37
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2CF4727D-7605-4A5F-8B09-A18BFB920E8A}
                                                                                                                                    Imagebase:0x7ff629940000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:33
                                                                                                                                    Start time:05:58:37
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{A04B0DAC-0591-4B8C-BCD7-195AE9B7AD78}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{3C13FFD2-7102-4879-9759-81B32AE3765D}
                                                                                                                                    Imagebase:0x7ff629940000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:36
                                                                                                                                    Start time:05:58:47
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding E2F957FEC349BF7B483546BFBAD7298A
                                                                                                                                    Imagebase:0x3e0000
                                                                                                                                    File size:59'904 bytes
                                                                                                                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:37
                                                                                                                                    Start time:05:58:48
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{650B6CF9-4E93-4302-87AA-17533D8B885D}
                                                                                                                                    Imagebase:0x7ff7c0060000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:38
                                                                                                                                    Start time:05:58:48
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C3CDC299-282E-4460-8D30-E1232142E995}
                                                                                                                                    Imagebase:0x7ff7c0060000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:39
                                                                                                                                    Start time:05:58:48
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5B66BE4B-B0C3-4DC1-97B8-6F778BA1D76E}
                                                                                                                                    Imagebase:0x7ff7c0060000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:40
                                                                                                                                    Start time:05:58:48
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{D661ED2D-688E-41CC-9DEC-612D0C81BA5D}
                                                                                                                                    Imagebase:0x7ff7c0060000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:41
                                                                                                                                    Start time:05:58:48
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{5820DB16-9391-42AA-BF17-584A7B99DCB5}
                                                                                                                                    Imagebase:0x7ff7c0060000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:42
                                                                                                                                    Start time:05:58:48
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{313BCC91-5505-4E94-AED8-911B55BF87B7}
                                                                                                                                    Imagebase:0x7ff7c0060000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:43
                                                                                                                                    Start time:05:58:48
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{55B683E6-2048-47C3-97F1-301495CEBE86}
                                                                                                                                    Imagebase:0x7ff7c0060000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:44
                                                                                                                                    Start time:05:58:48
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{49C79C11-F027-44D7-A2B9-2E9D8A93B766}
                                                                                                                                    Imagebase:0x7ff7c0060000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:45
                                                                                                                                    Start time:05:58:48
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{A5B49D98-6548-4070-BA57-D5A2DDA91B2E}
                                                                                                                                    Imagebase:0x7ff7c0060000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:46
                                                                                                                                    Start time:05:58:48
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\{6526D998-314D-4EBF-9570-83D043C29027}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{01428B13-0DF2-4580-86F4-CAC7053EC6FA}
                                                                                                                                    Imagebase:0x7ff7c0060000
                                                                                                                                    File size:182'008 bytes
                                                                                                                                    MD5 hash:7EB57876FF781F17ADCE41FFC70D1F31
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:47
                                                                                                                                    Start time:05:58:50
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 978A58EFDA084F66A555F22C9485C2C4 E Global\MSI0000
                                                                                                                                    Imagebase:0x3e0000
                                                                                                                                    File size:59'904 bytes
                                                                                                                                    MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:48
                                                                                                                                    Start time:05:58:50
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\SysWOW64\sc.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:"C:\Windows\System32\sc.exe" config DellClientManagementService start= delayed-auto
                                                                                                                                    Imagebase:0xe40000
                                                                                                                                    File size:61'440 bytes
                                                                                                                                    MD5 hash:D9D7684B8431A0D10D0E76FE9F5FFEC8
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:49
                                                                                                                                    Start time:05:58:50
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                    Imagebase:0x7ff6684c0000
                                                                                                                                    File size:862'208 bytes
                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:50
                                                                                                                                    Start time:05:58:51
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe"
                                                                                                                                    Imagebase:0x28eb6e90000
                                                                                                                                    File size:36'032 bytes
                                                                                                                                    MD5 hash:2A955535DD9B5629EE10275B84252252
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Antivirus matches:
                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:51
                                                                                                                                    Start time:05:58:57
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\dllhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
                                                                                                                                    Imagebase:0x7ff6e9610000
                                                                                                                                    File size:21'312 bytes
                                                                                                                                    MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:52
                                                                                                                                    Start time:05:58:57
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\msdtc.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\System32\msdtc.exe
                                                                                                                                    Imagebase:0x7ff7b79a0000
                                                                                                                                    File size:148'480 bytes
                                                                                                                                    MD5 hash:2EF846AC66E181BE820B513DBC15B5D2
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:53
                                                                                                                                    Start time:05:58:58
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\msiexec.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\System32\MsiExec.exe -Embedding 3D34A1BCEFEFC55E701097BF7FDC5FA7 E Global\MSI0000
                                                                                                                                    Imagebase:0x7ff703de0000
                                                                                                                                    File size:69'632 bytes
                                                                                                                                    MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:54
                                                                                                                                    Start time:05:59:03
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\DismHost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Users\user\AppData\Local\Temp\9F0C1B54-5F0B-402A-BC6E-6BE4F3D097DD\dismhost.exe {FEA8E85D-CA55-4941-A607-6EF73554AE62}
                                                                                                                                    Imagebase:0x7ff7e8830000
                                                                                                                                    File size:146'256 bytes
                                                                                                                                    MD5 hash:E5D5E9C1F65B8EC7AA5B7F1B1ACDD731
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Antivirus matches:
                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:55
                                                                                                                                    Start time:05:59:05
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness
                                                                                                                                    Imagebase:0x7ff62c440000
                                                                                                                                    File size:55'320 bytes
                                                                                                                                    MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:56
                                                                                                                                    Start time:05:59:07
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\rundll32.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:rundll32.exe AppXDeploymentExtensions.OneCore.dll,ShellRefresh
                                                                                                                                    Imagebase:0x7ff690140000
                                                                                                                                    File size:71'680 bytes
                                                                                                                                    MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:57
                                                                                                                                    Start time:05:59:18
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe"
                                                                                                                                    Imagebase:0x2af52810000
                                                                                                                                    File size:36'032 bytes
                                                                                                                                    MD5 hash:2A955535DD9B5629EE10275B84252252
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:58
                                                                                                                                    Start time:05:59:25
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                                                                                                                                    Imagebase:0x7ff7b2610000
                                                                                                                                    File size:468'120 bytes
                                                                                                                                    MD5 hash:B3676839B2EE96983F9ED735CD044159
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:59
                                                                                                                                    Start time:05:59:25
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                    Imagebase:0x7ff6684c0000
                                                                                                                                    File size:862'208 bytes
                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:60
                                                                                                                                    Start time:05:59:33
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\dllhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                                                                                    Imagebase:0x7ff6e9610000
                                                                                                                                    File size:21'312 bytes
                                                                                                                                    MD5 hash:08EB78E5BE019DF044C26B14703BD1FA
                                                                                                                                    Has elevated privileges:false
                                                                                                                                    Has administrator privileges:false
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:61
                                                                                                                                    Start time:06:00:01
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:"C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    File size:4'945'976 bytes
                                                                                                                                    MD5 hash:4BD8BEF0043F64D5CBF6D0DEF23B3665
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Antivirus matches:
                                                                                                                                    • Detection: 2%, ReversingLabs
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:62
                                                                                                                                    Start time:06:00:01
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:"C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -outc=C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    File size:4'945'976 bytes
                                                                                                                                    MD5 hash:4BD8BEF0043F64D5CBF6D0DEF23B3665
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:63
                                                                                                                                    Start time:06:00:01
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                    Imagebase:0x7ff6684c0000
                                                                                                                                    File size:862'208 bytes
                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:64
                                                                                                                                    Start time:06:00:01
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                    Imagebase:0x7ff6684c0000
                                                                                                                                    File size:862'208 bytes
                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:65
                                                                                                                                    Start time:06:00:02
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\Temp\inv5098_tmp\invcol.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:C:\Windows\TEMP\inv5098_tmp\.\invcol.exe -bdir="C:\Windows\system32" "-progress"
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    File size:21'040 bytes
                                                                                                                                    MD5 hash:506B775742D085B7921B84E0FFEB63C1
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:66
                                                                                                                                    Start time:06:00:07
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:"C:\Program Files (x86)\Dell\UpdateService\Service\InvColPC.exe" -progress
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    File size:4'945'976 bytes
                                                                                                                                    MD5 hash:4BD8BEF0043F64D5CBF6D0DEF23B3665
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:67
                                                                                                                                    Start time:06:00:07
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                    Imagebase:0x7ff6684c0000
                                                                                                                                    File size:862'208 bytes
                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:68
                                                                                                                                    Start time:06:00:07
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\Temp\inv65D5_tmp\invcol.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:C:\Windows\TEMP\inv65D5_tmp\.\invcol.exe -bdir="C:\Windows\system32" "-progress"
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    File size:21'040 bytes
                                                                                                                                    MD5 hash:506B775742D085B7921B84E0FFEB63C1
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:69
                                                                                                                                    Start time:06:00:08
                                                                                                                                    Start date:21/10/2024
                                                                                                                                    Path:C:\Windows\Temp\inv5098_tmp_1\invcol.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:C:\Windows\TEMP\inv5098_tmp_1\.\invcol.exe -bdir="C:\Windows\system32" "-outc=C:\ProgramData\Dell\UpdateService\Temp\Inventory.xml"
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    File size:21'040 bytes
                                                                                                                                    MD5 hash:506B775742D085B7921B84E0FFEB63C1
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Has exited:true

                                                                                                                                    Disassembly

                                                                                                                                    No disassembly