Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe

Overview

General Information

Sample name:24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe
Analysis ID:1545544
MD5:6b0996924a1ff0df14223b378c8e4fb8
SHA1:c491eb345f1cc3a701e7ace9ed3e4662830afa55
SHA256:1e67c3ae6c79fb0768a19be602116008c06d396a81a5b206345edad34061882b
Infos:

Detection

Score:26
Range:0 - 100
Whitelisted:false
Confidence:0%

Signatures

Creates an undocumented autostart registry key
Initial sample is a PE file and has a suspicious name
Machine Learning detection for dropped file
Creates a process in suspended mode (likely to inject code)
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Classes Autorun Keys Modification
Sigma detected: Use Short Name Path in Command Line
Stores files to the Windows start menu directory
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe (PID: 6456 cmdline: "C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe" MD5: 6B0996924A1FF0DF14223B378C8E4FB8)
    • 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp (PID: 3172 cmdline: "C:\Users\user~1\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp" /SL5="$103E8,2740915,793600,C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe" MD5: 832E804AB463815164C8D19D9A98A79B)
      • DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe (PID: 5448 cmdline: "C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe" MD5: 9C953B8F51C128897ABCE0FB9AC21D93)
        • conhost.exe (PID: 1240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • cmd.exe (PID: 5392 cmdline: "C:\Windows\system32\cmd" /c "C:\Users\user\AppData\Local\Temp\9B10.tmp\9B11.tmp\9B12.bat "C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
          • find.exe (PID: 6976 cmdline: find /i check0.log "GetSalomonDockInfo Failed, check if Dock is connected to system" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Classes Autorun Keys Modification
Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: , EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, ProcessId: 3172, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\OpenWithProgids\DellDockFW_UPGRADE_UTILITYFile.exe
Sigma detected: Use Short Name Path in Command Line
Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp" /SL5="$103E8,2740915,793600,C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp" /SL5="$103E8,2740915,793600,C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, NewProcessName: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, OriginalFileName: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, ParentCommandLine: "C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe", ParentImage: C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe, ParentProcessId: 6456, ParentProcessName: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp" /SL5="$103E8,2740915,793600,C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe" , ProcessId: 3172, ProcessName: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Machine Learning detection for dropped file
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-90SFQ.tmpJoe Sandbox ML: detected
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-5BRVH.tmpJoe Sandbox ML: detected
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeStatic PE information: certificate valid
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: E:\MPLAN_project\RtlDirectDiagLibv2_v4.0_5_0918_0924\RtlDirectDiagLibv2\x64\Release\RtlDirectDiagLib64.pdb source: is-LES54.tmp.2.dr
Source: Binary string: devcon.pdbGCTL source: is-CJ3T3.tmp.2.dr
Source: Binary string: C:\Gerrit_Project\RTUNICPGv2_RL6832_6431\x64\Release\RTUNicPG64.pdb source: is-AJDB4.tmp.2.dr
Source: Binary string: c:\zlib-dll\Release\isunzlib.pdb source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758147792.00000000034D3000.00000002.00000001.01000000.00000007.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr
Source: Binary string: devcon.pdb source: is-CJ3T3.tmp.2.dr
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeFile opened: C:\Users\user~1\Jump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeFile opened: C:\Users\user\AppData\Local\Temp\9B10.tmp\9B11.tmp\9B12.tmpJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeFile opened: C:\Users\user~1\AppData\Local\Jump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeFile opened: C:\Users\user~1\AppData\Jump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeFile opened: C:\Users\user\AppData\Local\Temp\9B10.tmp\9B11.tmpJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeFile opened: C:\Users\user\AppData\Local\Temp\9B10.tmpJump to behavior
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeString found in binary or memory: http://aia.entrust.net/ovcs2-chain.p7c01
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeString found in binary or memory: http://aia.entrust.net/ts2-chain256.p7c01
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: is-LES54.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA.crt0
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: is-AJDB4.tmp.2.dr, is-LES54.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: is-LES54.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: is-AJDB4.tmp.2.dr, is-LES54.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drString found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeString found in binary or memory: http://crl.entrust.net/csbr1.crl0
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeString found in binary or memory: http://crl.entrust.net/g2ca.crl0
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeString found in binary or memory: http://crl.entrust.net/ovcs2.crl0
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeString found in binary or memory: http://crl.entrust.net/ts2ca.crl0
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr, is-AJDB4.tmp.2.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: is-LES54.tmp.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: is-AJDB4.tmp.2.dr, is-LES54.tmp.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: is-LES54.tmp.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: is-LES54.tmp.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigning-g1.crl03
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: is-AJDB4.tmp.2.dr, is-LES54.tmp.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigning-g1.crl0K
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr, is-AJDB4.tmp.2.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drString found in binary or memory: http://cscasha2.ocsp-certum.com04
Source: is-AJDB4.tmp.2.dr, is-LES54.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0
Source: is-CJ3T3.tmp.2.dr, is-AJDB4.tmp.2.dr, is-LES54.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0A
Source: is-CJ3T3.tmp.2.dr, is-LES54.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0C
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0H
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0I
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0O
Source: is-LES54.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0X
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeString found in binary or memory: http://ocsp.entrust.net00
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeString found in binary or memory: http://ocsp.entrust.net01
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeString found in binary or memory: http://ocsp.entrust.net02
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeString found in binary or memory: http://ocsp.entrust.net03
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr, is-AJDB4.tmp.2.drString found in binary or memory: http://ocsp.sectigo.com0
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drString found in binary or memory: http://repository.certum.pl/cscasha2.cer0
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drString found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drString found in binary or memory: http://subca.ocsp-certum.com01
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drString found in binary or memory: http://www.certum.pl/CPS0
Source: is-AJDB4.tmp.2.dr, is-LES54.tmp.2.drString found in binary or memory: http://www.digicert.com/CPS0
Source: is-CJ3T3.tmp.2.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeString found in binary or memory: http://www.entrust.net/rpa0
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeString found in binary or memory: http://www.entrust.net/rpa03
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drString found in binary or memory: https://jrsoftware.org/
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drString found in binary or memory: https://jrsoftware.org0
Source: is-AJDB4.tmp.2.drString found in binary or memory: https://sectigo.com/CPS0
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drString found in binary or memory: https://sectigo.com/CPS0D
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drString found in binary or memory: https://www.certum.pl/CPS0
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe, 00000000.00000002.3754032158.00000000023BD000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3754559130.000000000256D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dell.com/support/home/en-us
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe, 00000000.00000003.1290017444.0000000002570000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dell.com/support/home/en-usNhttps://www.dell.com/support/home/en-usNhttps://www.dell.com
Source: is-CJ3T3.tmp.2.drString found in binary or memory: https://www.digicert.com/CPS0
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeString found in binary or memory: https://www.entrust.net/rpa0
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe, 00000000.00000003.1291764771.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe, 00000000.00000003.1291140467.0000000002570000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000000.1293109929.0000000000401000.00000020.00000001.01000000.00000004.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp.0.dr, is-LBEQK.tmp.2.drString found in binary or memory: https://www.innosetup.com/
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe, 00000000.00000003.1291764771.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe, 00000000.00000003.1291140467.0000000002570000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000000.1293109929.0000000000401000.00000020.00000001.01000000.00000004.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp.0.dr, is-LBEQK.tmp.2.drString found in binary or memory: https://www.remobjects.com/ps

System Summary

barindex
Initial sample is a PE file and has a suspicious name
Source: initial sampleStatic PE information: Filename: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-LBEQK.tmp.2.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe, 00000000.00000003.1291140467.000000000265A000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe, 00000000.00000000.1289649691.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe, 00000000.00000003.1291764771.000000007FE36000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe, 00000000.00000002.3754032158.0000000002398000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeBinary or memory string: OriginalFileName vs 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engineClassification label: sus26.winEXE@12/34@0/0
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile created: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITYJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1240:120:WilError_03
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\SalomonFwUpdaterI2C64W.exeMutant created: \Sessions\1\BaseNamedObjects\Global\SALOMON_DOCK_MUL_INSTANCE_MUTEX
Source: C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeFile created: C:\Users\user~1\AppData\Local\Temp\is-11DL1.tmpJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd" /c "C:\Users\user\AppData\Local\Temp\9B10.tmp\9B11.tmp\9B12.bat "C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe""
Source: C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile read: C:\Program Files (x86)\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeString found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeFile read: C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe "C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe"
Source: C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeProcess created: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp "C:\Users\user~1\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp" /SL5="$103E8,2740915,793600,C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe"
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpProcess created: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe "C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe"
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd" /c "C:\Users\user\AppData\Local\Temp\9B10.tmp\9B11.tmp\9B12.bat "C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe""
Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\SalomonFwUpdaterI2C64W.exe SalomonFwUpdaterI2C64W.exe /dockinfo
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i check0.log "GetSalomonDockInfo Failed, check if Dock is connected to system"
Source: C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeProcess created: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp "C:\Users\user~1\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp" /SL5="$103E8,2740915,793600,C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpProcess created: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe "C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe"Jump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd" /c "C:\Users\user\AppData\Local\Temp\9B10.tmp\9B11.tmp\9B12.bat "C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe""Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\SalomonFwUpdaterI2C64W.exe SalomonFwUpdaterI2C64W.exe /dockinfoJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i check0.log "GetSalomonDockInfo Failed, check if Dock is connected to system" Jump to behavior
Source: C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\SalomonFwUpdaterI2C64W.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\SalomonFwUpdaterI2C64W.exeSection loaded: hid.dllJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\SalomonFwUpdaterI2C64W.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\SalomonFwUpdaterI2C64W.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\SalomonFwUpdaterI2C64W.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\SalomonFwUpdaterI2C64W.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\SalomonFwUpdaterI2C64W.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\SalomonFwUpdaterI2C64W.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\SalomonFwUpdaterI2C64W.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\find.exeSection loaded: ulib.dllJump to behavior
Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: DellDockFW_UPGRADE_UTILITY.lnk.2.drLNK file: ..\..\..\..\..\..\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpWindow found: window name: TMainFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpAutomated click: Next
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeStatic PE information: certificate valid
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeStatic file information: File size 3597832 > 1048576
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: E:\MPLAN_project\RtlDirectDiagLibv2_v4.0_5_0918_0924\RtlDirectDiagLibv2\x64\Release\RtlDirectDiagLib64.pdb source: is-LES54.tmp.2.dr
Source: Binary string: devcon.pdbGCTL source: is-CJ3T3.tmp.2.dr
Source: Binary string: C:\Gerrit_Project\RTUNICPGv2_RL6832_6431\x64\Release\RTUNicPG64.pdb source: is-AJDB4.tmp.2.dr
Source: Binary string: c:\zlib-dll\Release\isunzlib.pdb source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758147792.00000000034D3000.00000002.00000001.01000000.00000007.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr
Source: Binary string: devcon.pdb source: is-CJ3T3.tmp.2.dr
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeStatic PE information: section name: .didata
Source: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp.0.drStatic PE information: section name: .didata
Source: is-AJDB4.tmp.2.drStatic PE information: section name: _RDATA
Source: is-LES54.tmp.2.drStatic PE information: section name: _RDATA
Source: is-LES54.tmp.2.drStatic PE information: section name: .msvcjmc
Source: is-DD05B.tmp.2.drStatic PE information: section name: .gxfg
Source: is-DD05B.tmp.2.drStatic PE information: section name: .gehcont
Source: is-LBEQK.tmp.2.drStatic PE information: section name: .didata
Source: is-90SFQ.tmp.2.drStatic PE information: section name: .code
Source: is-5BRVH.tmp.2.drStatic PE information: section name: .code
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile created: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-LES54.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile created: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\RtlDirectDiagLib64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile created: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-LBEQK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile created: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-CJ3T3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile created: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-5BRVH.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile created: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\Patch64.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-T91OE.tmp\_isetup\_isdecmp.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile created: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile created: C:\Users\user\AppData\Local\Temp\is-T91OE.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeFile created: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile created: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-DD05B.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile created: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\SalomonFwUpdaterI2C64W.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile created: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile created: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\devcon64.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile created: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-AJDB4.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile created: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-90SFQ.tmpJump to dropped file

Boot Survival

barindex
Creates an undocumented autostart registry key
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\OpenWithProgids DellDockFW_UPGRADE_UTILITYFile.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\OpenWithProgids DellDockFW_UPGRADE_UTILITYFile.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DellDockFW_UPGRADE_UTILITYJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DellDockFW_UPGRADE_UTILITY\DellDockFW_UPGRADE_UTILITY.lnkJump to behavior
Source: C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeWindow / User API: threadDelayed 9999Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpDropped PE file which has not been started: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-LES54.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpDropped PE file which has not been started: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\RtlDirectDiagLib64.dll (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpDropped PE file which has not been started: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-LBEQK.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpDropped PE file which has not been started: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-CJ3T3.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpDropped PE file which has not been started: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\Patch64.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-T91OE.tmp\_isetup\_isdecmp.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpDropped PE file which has not been started: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-T91OE.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpDropped PE file which has not been started: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\devcon64.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpDropped PE file which has not been started: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-AJDB4.tmpJump to dropped file
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe TID: 5604Thread sleep time: -99990s >= -30000sJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeFile opened: C:\Users\user~1\Jump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeFile opened: C:\Users\user\AppData\Local\Temp\9B10.tmp\9B11.tmp\9B12.tmpJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeFile opened: C:\Users\user~1\AppData\Local\Jump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeFile opened: C:\Users\user~1\AppData\Jump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeFile opened: C:\Users\user\AppData\Local\Temp\9B10.tmp\9B11.tmpJump to behavior
Source: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exeFile opened: C:\Users\user\AppData\Local\Temp\9B10.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\SalomonFwUpdaterI2C64W.exe SalomonFwUpdaterI2C64W.exe /dockinfoJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /i check0.log "GetSalomonDockInfo Failed, check if Dock is connected to system" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		Valid Accounts2
Command and Scripting Interpreter		1
Scripting		11
Process Injection		2
Masquerading		OS Credential Dumping1
Virtualization/Sandbox Evasion		Remote ServicesData from Local SystemData ObfuscationExfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		1
Virtualization/Sandbox Evasion		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt11
Registry Run Keys / Startup Folder		11
Registry Run Keys / Startup Folder		11
Process Injection		Security Account Manager1
Application Window Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS2
System Owner/User Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets2
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials11
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1545544 Sample: 24314_DellFW_UPGRADE_DOCK_U... Startdate: 30/10/2024 Architecture: WINDOWS Score: 26 36 Machine Learning detection for dropped file 2->36 38 Initial sample is a PE file and has a suspicious name 2->38 9 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe 2 2->9         started        process3 file4 26 24314_DellFW_UPGRA...CK_UTILITY_v1.2.tmp, PE32 9->26 dropped 12 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp 33 32 9->12         started        process5 file6 28 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 12->28 dropped 30 C:\...\unins000.exe (copy), PE32 12->30 dropped 32 C:\Program Files (x86)\...\is-LES54.tmp, PE32+ 12->32 dropped 34 12 other files (11 malicious) 12->34 dropped 40 Creates an undocumented autostart registry key 12->40 16 DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe 8 12->16         started        signatures7 process8 process9 18 cmd.exe 2 16->18         started        20 conhost.exe 16->20         started        process10 22 SalomonFwUpdaterI2C64W.exe 1 18->22         started        24 find.exe 1 18->24         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-90SFQ.tmp100%Joe Sandbox ML
C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-5BRVH.tmp100%Joe Sandbox ML
C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe (copy)9%ReversingLabs
C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\Patch64.exe (copy)0%ReversingLabs
C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\RtlDirectDiagLib64.dll (copy)0%ReversingLabs
C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\SalomonFwUpdaterI2C64W.exe (copy)0%ReversingLabs
C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\devcon64.exe (copy)0%ReversingLabs
C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-5BRVH.tmp9%ReversingLabs
C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-90SFQ.tmp9%ReversingLabs
C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-AJDB4.tmp0%ReversingLabs
C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-CJ3T3.tmp0%ReversingLabs
C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-DD05B.tmp0%ReversingLabs
C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-LBEQK.tmp0%ReversingLabs
C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-LES54.tmp0%ReversingLabs
C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\unins000.exe (copy)0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-T91OE.tmp\_isetup\_isdecmp.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-T91OE.tmp\_isetup\_setup64.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://sectigo.com/CPS00%URL Reputationsafe
http://repository.certum.pl/ctnca.cer090%URL Reputationsafe
http://ocsp.sectigo.com00%URL Reputationsafe
http://crl.certum.pl/ctnca.crl0k0%URL Reputationsafe
http://ocsp.entrust.net030%URL Reputationsafe
http://ocsp.entrust.net020%URL Reputationsafe
http://www.entrust.net/rpa030%URL Reputationsafe
https://www.certum.pl/CPS00%URL Reputationsafe
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
https://www.remobjects.com/ps0%URL Reputationsafe
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
http://subca.ocsp-certum.com010%URL Reputationsafe
https://www.innosetup.com/0%URL Reputationsafe
http://www.certum.pl/CPS00%URL Reputationsafe
https://www.entrust.net/rpa00%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://crl.entrust.net/g2ca.crl024314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exefalse
    		unknown
    https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exefalse
      		unknown
      https://sectigo.com/CPS0is-AJDB4.tmp.2.drfalse
      • URL Reputation: safe
      		unknown
      http://repository.certum.pl/ctnca.cer0924314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drfalse
      • URL Reputation: safe
      		unknown
      http://repository.certum.pl/cscasha2.cer024314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drfalse
        		unknown
        http://ocsp.sectigo.com024314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr, is-AJDB4.tmp.2.drfalse
        • URL Reputation: safe
        		unknown
        http://crl.certum.pl/ctnca.crl0k24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drfalse
        • URL Reputation: safe
        		unknown
        http://ocsp.entrust.net0324314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exefalse
        • URL Reputation: safe
        		unknown
        http://ocsp.entrust.net0224314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exefalse
        • URL Reputation: safe
        		unknown
        http://ocsp.entrust.net0124314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exefalse
          		unknown
          http://www.entrust.net/rpa0324314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exefalse
          • URL Reputation: safe
          		unknown
          http://ocsp.entrust.net0024314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exefalse
            		unknown
            https://www.dell.com/support/home/en-us24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe, 00000000.00000002.3754032158.00000000023BD000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3754559130.000000000256D000.00000004.00001000.00020000.00000000.sdmpfalse
              		unknown
              https://www.certum.pl/CPS024314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drfalse
              • URL Reputation: safe
              		unknown
              http://crl.certum.pl/cscasha2.crl0q24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drfalse
                		unknown
                http://aia.entrust.net/ts2-chain256.p7c0124314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exefalse
                  		unknown
                  http://cscasha2.ocsp-certum.com0424314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drfalse
                    		unknown
                    http://crl.entrust.net/ovcs2.crl024314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exefalse
                      		unknown
                      http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr, is-AJDB4.tmp.2.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://crl.entrust.net/csbr1.crl024314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exefalse
                        		unknown
                        https://www.remobjects.com/ps24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe, 00000000.00000003.1291764771.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe, 00000000.00000003.1291140467.0000000002570000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000000.1293109929.0000000000401000.00000020.00000001.01000000.00000004.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp.0.dr, is-LBEQK.tmp.2.drfalse
                        • URL Reputation: safe
                        		unknown
                        http://aia.entrust.net/ovcs2-chain.p7c0124314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exefalse
                          		unknown
                          http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.dr, is-AJDB4.tmp.2.drfalse
                          • URL Reputation: safe
                          		unknown
                          http://subca.ocsp-certum.com0124314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://www.innosetup.com/24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe, 00000000.00000003.1291764771.000000007FB50000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe, 00000000.00000003.1291140467.0000000002570000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000000.1293109929.0000000000401000.00000020.00000001.01000000.00000004.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp.0.dr, is-LBEQK.tmp.2.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://sectigo.com/CPS0D24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drfalse
                            		unknown
                            https://www.dell.com/support/home/en-usNhttps://www.dell.com/support/home/en-usNhttps://www.dell.com24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe, 00000000.00000003.1290017444.0000000002570000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034B0000.00000004.00001000.00020000.00000000.sdmpfalse
                              		unknown
                              https://jrsoftware.org024314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drfalse
                                		unknown
                                https://jrsoftware.org/24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drfalse
                                  		unknown
                                  http://crl.entrust.net/ts2ca.crl024314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exefalse
                                    		unknown
                                    http://www.entrust.net/rpa024314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exefalse
                                      		unknown
                                      http://www.certum.pl/CPS024314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000003.1294783523.00000000034E0000.00000004.00001000.00020000.00000000.sdmp, 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp, 00000002.00000002.3758278029.00000000037B6000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.2.drfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://www.entrust.net/rpa024314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exefalse
                                      • URL Reputation: safe
                                      		unknown

                                      World Map of Contacted IPs

                                      No contacted IP infos

                                      General Information

                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1545544
                                      Start date and time:2024-10-30 16:59:07 +01:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 6m 51s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:16
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe
                                      Detection:SUS
                                      Classification:sus26.winEXE@12/34@0/0
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe
                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                      Warnings

                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                      • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, ocsp.entrust.net, fe3cr.delivery.mp.microsoft.com
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • VT rate limit hit for: 24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      13:48:23API Interceptor15804666x Sleep call for process: DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe modified

                                      Joe Sandbox View / Context

                                      IPs

                                      No context

                                      Domains

                                      No context

                                      ASNs

                                      No context

                                      JA3 Fingerprints

                                      No context

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe (copy)

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                      Category:dropped
                                      Size (bytes):150528
                                      Entropy (8bit):6.466611797029326
                                      Encrypted:false
                                      SSDEEP:3072:w/25jvDSgsqsb5Uh28vAbTV1WW69B9VjMdxPedN9ug0z9TBfFS2Z4c/va:Ltzsb5Uh28+V1WW69B9VjMdxPedN9ug9
                                      MD5:9C953B8F51C128897ABCE0FB9AC21D93
                                      SHA1:AA75DAE2DC94AD7B983677075CEFD43AD99F5B14
                                      SHA-256:DF84BAC2EA2FA06F447299EFB5AC9DDE1B205CBB93457B5B8E09DB96EA7FCD2C
                                      SHA-512:C56E696DF17751A436CD372E915CC82B3594883F9B0C9CDBF5C45C02E34308046CFD4F3FFE8E73C79B9786AAC9736D5BFFF08A141A3401EDDCAE19D6E4319A48
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 9%
                                      Reputation:low
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...8.@]........../....2.j.....................@..................................................................................................... ...i......@.......................................................................h............................code...y[.......\.................. ..`.text...%....p.......`.............. ..`.rdata...K.......L...n..............@..@.pdata..@...........................@..@.data....#..........................@....rsrc....i... ...j..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\EF8153BvB.dat (copy)

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):325
                                      Entropy (8bit):3.8298456068389273
                                      Encrypted:false
                                      SSDEEP:6:rmXufS1XGwo4NGaw5B6QIFBx6snA6q9vL/RIjZn:6+alGwFD3x6f59v74Z
                                      MD5:2BF32C5F4E6984B0FF8BE328BC460950
                                      SHA1:D47ACAAECC2AAEC73C109FE7278644BA9E995EB4
                                      SHA-256:CA021A4A7829272C435E8A9A6237DCD6A6B6565ADCD9AFFA4ADEBEF9D50091B2
                                      SHA-512:932E38CA8A4716D1E4F2593AD03F66EC32DAFFEA4318C80C480F09579F5FA79A5301627B52D6B1122FE4742DC62879896365B4EF9D44C65F8F23A419FE34A719
                                      Malicious:false
                                      Reputation:low
                                      Preview:;Please set patch data up to 16 bytes for each line.....##..;BIT 0..;Disable USB 2.0 patch..ExtPatch = 00 00 00 01..CRC32 = 4F 9E 7C 90..ICInfo =..03 03 08 00 09 02 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..PatchData =..41 CF CC A9 45..##

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\EF8153BvC.dat (copy)

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):324
                                      Entropy (8bit):3.804575658661602
                                      Encrypted:false
                                      SSDEEP:6:rmXufS1XGwo4NGaw5B6QIFBXtSA6q1j/RIJRKyn:6+alGwFD3XtR51D+RD
                                      MD5:3DB12A7A8A8B12520EE5E00CDF42498F
                                      SHA1:6A81EF497F166879F6AD14909813D14BB32741E0
                                      SHA-256:900B567653672286F78EBE397D7419856E1F5EA31C5739593C0BC69C7B596135
                                      SHA-512:D005862A45C32B2F10F1BD35242ACD64FB1F68E2CAFF41BB0AA53F8C6EDEB5BDEE9577F5278EAA23E069F0B8ECEC98AD09C99F7055BCB016A58BD0B34C89DF6A
                                      Malicious:false
                                      Preview:;Please set patch data up to 16 bytes for each line.....##..;BIT 0..;Disable USB 2.0 patch..ExtPatch = 00 00 00 01..CRC32 = CC F4 AD CD..ICInfo =..03 03 08 00 09 46 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..PatchData =..40 CF CD 4D..##..

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\Patch64.exe (copy)

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                      Category:dropped
                                      Size (bytes):957304
                                      Entropy (8bit):6.264208672561971
                                      Encrypted:false
                                      SSDEEP:12288:eYoTcu0n1WIMHb7x1s0LfJCTIKUzi2a3QuKO3hv0KmlprzOfYPCx1A09F87dQ7oY:9cHDLfE0Sf59BU3Ao3on847rjvyS3d
                                      MD5:F2EDD66BA22FB33A8C1700D746185E4F
                                      SHA1:FF89434D9F9C16E6D1DA524210A19A5CF01CBAC1
                                      SHA-256:5C7B667EE60A5D217E784FD137DAE429BFBE3FF123DD74035E75CA88AB2EA479
                                      SHA-512:D0BA299FF8B87A4E2D701BABF29687AF2D76A8F047698C318F7E0EDB84E8339ADB08B380EDCAF719088D4D93080F01E4E1577DF77B05CD838A63D00976BF1188
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U(...I...I...I...;...I...;...I..}=.. I..}=...I..}=...I...;...I...;...I..D<...I...I...I...=...I...=]..I...I5..I...=...I..Rich.I..................PE..d....zde.........."..................@.........@..........................................`.....................................................................x9...v..x%......,...................................`...8............................................text............................... ..`.rdata...N.......P..................@..@.data....Y... ... ..................@....pdata..x9.......:...*..............@..@_RDATA...............d..............@..@.rsrc................f..............@..@.reloc..,............n..............@..B........................................................................................................................................................................................

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\RtlDirectDiagLib64.dll (copy)

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                      Category:dropped
                                      Size (bytes):376680
                                      Entropy (8bit):6.4657297234290905
                                      Encrypted:false
                                      SSDEEP:6144:n36pR3mMl0cWupLm49jmDaG6DXfpedVBiaFkPqf8P0tUdmY:34xm6v4DaZDPpedjYqDUj
                                      MD5:32ED49BD279DA21E0663968F962DBD9C
                                      SHA1:EFF2002A248302B43FFF539687B2D9D1891B47DC
                                      SHA-256:AB1573F56F755CB66BA23D743E13BE4E69CD684E986C855A6F9EC381770927C2
                                      SHA-512:6BB6479199FF37FA598F7C4B3406622F3901D5622A95A4641263160E1871303B3E2DE1AB6C1E0FF2E29262CB9F5C74939C99E594C36B33B87AC2E822FC5D3D40
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}...}...}..|...}..|...}..|...}...|...}...|...}...|...}..|...}...}>..}...|...}...|...}...}...}..l}...}...|...}Rich...}........PE..d......b.........." .........t...... 5..............................................a.....`A........................................P.......d%..x............p...+...l..hS..............p.......................(.......8............ ..X............................text............................... ..`.rdata....... ......................@..@.data.... ...@....... ..............@....pdata...+...p...,..................@..@_RDATA...............Z..............@..@.msvcjmcG............\..............@....rsrc................^..............@..@.reloc...............d..............@..B........................................................................................................................................................

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\SalomonFwUpdaterI2C64W.exe (copy)

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                      Category:dropped
                                      Size (bytes):2775552
                                      Entropy (8bit):6.233900167724529
                                      Encrypted:false
                                      SSDEEP:49152:LH6slJy4DH1kHNarNjLt63g3ufYoW++DK+dTfAE:PrNfz3ufy+X+FfF
                                      MD5:97E83C8B38D9556A96C0292B5008EBEE
                                      SHA1:E14D1CEA73E4B14A0369CB980E1C94E3CF498BD1
                                      SHA-256:1C0B17D1011A473B61D7FA49D15E78AA3BF49CAB5903C88D93CAB939B90C5790
                                      SHA-512:937DABE61C954DB41A07202542DDEDB7FDD480D24908D57A89CB15D114E8505B9C7CFA7D52FFED8AD9033736327355312313E6FD2AD8D8CF3204E43935EF3FF1
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.q...q...q.......q.......q.......q..+....q......sq.......q.......q.......p.......q...q...r.......q.......q.......q..Rich.q..................PE..d......e..........".................`..........@..............................+...........`.........................................`6'.0....9'.h.............(..X........... *.......#.......................#.(.....#..............0..X............................text............................... ..`.rdata..fH...0...J..................@..@.data.........'..~...h'.............@....pdata...X....(..Z....'.............@..@.gxfg....-....)......@).............@..@.gehcont$.....*......n).............@..@.reloc....... *......p).............@..B........................................................................................................................................................................................

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\cfg.dat (copy)

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):848
                                      Entropy (8bit):2.790662817427232
                                      Encrypted:false
                                      SSDEEP:12:6+alGwx5PjWB2vxv623RKHe9vB10sNHcv6n:wllvPjWAI+9vB1Ls6n
                                      MD5:37E0B86058D6F62830849F66C49D5912
                                      SHA1:BE54F7E62E290B0FE5721D1FA1B67D60928B0554
                                      SHA-256:C4F874E42E872DFD14A50A51C029A5ECAF396325A7F7102AF223D5FCA0244211
                                      SHA-512:BF36496627299052D0FBED0281838385E59D7B34A3F34A0FFC23A0C1BBFB11149A59DF3110F12BDE4EB43A631C7D1AC210329A5682AFEE1194A9F66CD262B5D0
                                      Malicious:false
                                      Preview:;Please set patch data up to 16 bytes for each line.....##..;BIT_0..;RTL8153BND Disable USB 2.0 patch..EXTCFGNO = 00 00 00 01..;MACADDRMASK = FF FF FF FF FF FF..CRC32 = 52 70 00 63..00 01 D8 00 00 00 02 00 00 00 00 00 DA 0B 53 81..11 31 00 00 01 00 00 00 03 03 08 00 09 02 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 03 03 08 00 09 46 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 A3 03 08 00 03 0A 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00..00 00 00 00 00 00 00 99 00 00 00 5A 00 A5 00 FE..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00..##..

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\check0.log

                                      Download File
                                      Process:C:\Windows\System32\cmd.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:modified
                                      Size (bytes):184
                                      Entropy (8bit):4.974862036529254
                                      Encrypted:false
                                      SSDEEP:3:mFz2QENFgbc2XQlrSEXAu4+t++Mw2ywQRAxh2WXvQVfpy6jRt0InuJFLGqG+2FQV:yz2QENX2XaS+qE2ywPhxXIVE6tt0IGxH
                                      MD5:EF8D5691F923A9EEBA37818F316390AA
                                      SHA1:AC47559F5437BCBB276A99512B5879B1FC70E309
                                      SHA-256:44263D93DEA8B1FE918FA62B844213C5B26BA9899BD5E7EC367F403CD49C6883
                                      SHA-512:BFD9D2F880EB90391A139FA14538D3D327968969CDE3D42BCBD0E08F1E492B7FEA47C9E5BCC284686478D8D673FC1A07F872B39833F97DF6FD581A70B23A21C8
                                      Malicious:false
                                      Preview:Dell Docking Station EC and USB Hub Firmware Update Tool..[[[ SalomonFWUpdaterI2C: Tool Version:00.00.50: 64-Bit ]]] ..GetSalomonDockInfo Failed, check if Dock is connected to system..

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\devcon64.exe (copy)

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                      Category:dropped
                                      Size (bytes):99504
                                      Entropy (8bit):5.495851170365968
                                      Encrypted:false
                                      SSDEEP:1536:vZBiu1fRlQRDhJ2xSe9EejUFc5VdiPFMqO7W/Q2o6JvUUfr:vrhlQ08wEuAcFiNM3WYar
                                      MD5:E0BC467515EC6306F78D26E517291716
                                      SHA1:DBD27FFF7C42E8CB6FBEEEDB1D83292B9E8DCB41
                                      SHA-256:35AA07EFE5F8C535106419EAEA44438260029DEE83026CF617AFD33F4EBE4AFE
                                      SHA-512:FA68C069F90A10FBEAC133B2F0A085445E20501270A52E2BC90E6A1B8CFF0AB83CDE5952F8F55D8537FC8FB405C473EB38E50CCE9E18A0CEEEBC34B9E8AA6CD2
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^78.?Yk.?Yk.?Yk.[Zj.?Yk.[]j.?Yk.[\j.?Yk.[Xj.?Yk.?Xk.?Yk.[Pj.?Yk.[.k.?Yk.[[j.?YkRich.?Yk........PE..d.....:X.........."......^...........g.........@....................................s.....`.......... ......................................D...........x............>...F...p.......z..T............................p...............q...............................text...p].......^.................. ..`.rdata... ...p..."...b..............@..@.data...............................@....pdata..............................@..@.rsrc...x...........................@..@.reloc.......p.......<..............@..B................................................................................................................................................................................................................................................................................

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\ec_01.01.00.05.bin (copy)

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):131008
                                      Entropy (8bit):5.29051893437488
                                      Encrypted:false
                                      SSDEEP:3072:p1oYGj3b1Vn+a2q4IbVzF22+AaBdq0u/yEm:puTLbL+af9bl6Xjq0TN
                                      MD5:008935D60A53640F51F270E375564CED
                                      SHA1:35A18D693FEFD7CE49EC4442B89FA665CC861AE9
                                      SHA-256:A7DDEEEFF7B5F1A704FA7781F30A77BB5DC7B1050FA8A0F303949A2C39940D1B
                                      SHA-512:5266CF8D1CE09AEAF6AE363A16FFD663C0800F6A9BB81293B9E849B984D763CE92276B51B375AE1DBDBA611CBE2374328149CC07CBAC88DE68278CCCD71AD058
                                      Malicious:false
                                      Preview:...<..)%.x.@...<4..%...<..)%...........................%+..... ........<..%...... ....%.......%......`....%......J%...%..,...@...)%.......... ...J%..@...)%...%...$$@H....... ........<...'...$...................0...0.f@........<..B$..@.......@........................./.....................................l.............................................................................p............CST1.d2.................(.......ACEL...........................................'........ ....."p.(...Y...a..)...4...+....~...2.?............,....................................................3.8.Z..6Z.......................,i.@,i.@.....................7..i==.....................B......G...<A`L4.. ..p....O....... .Q..........R...@.. ...\.?.<..`..........................y............78...z)*............k...............s..<Ap.kcoD C-epyT 91DW.......w..<Ap.91DW....../.,.+...........2....G....G.....G....d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\ec_01.01.00.07.bin (copy)

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):131008
                                      Entropy (8bit):5.376113615083063
                                      Encrypted:false
                                      SSDEEP:3072:ioZDYps5obtlUEZFz8CME9PVYF2Eykl+PJhPLHL4:ii5GbgOFz83g63Z0RhT0
                                      MD5:DDD2686AE6794A2C9E1A14F4B3C2C18C
                                      SHA1:6F5DE68D94009EDDE321979A224802A05D1CC35E
                                      SHA-256:BC28B6EF4BC18D41CD599A42EE14F8EC125F6C287259B1F45A9FC4C55E98261B
                                      SHA-512:A1DB7ED2F9E74C35AC38B59E557FF4712766D23345B976DE4820A91EA0B63217513BAB67700DFBBEABEE7792C579058FFC1CE7DDDDC0734B45985D91EDC85D5B
                                      Malicious:false
                                      Preview:...<..)%.x.@...<4..%...< .)%...........................%+..... ........<H..%...... ....%.......%......`....%......J%...%..,...@...)%.......... ...J%..@...)%...%...$$@H....... ........<...'...$...................0...0.i@........<..B$..@.......@........................@1..br................................................................................................................p.{...........CST1.d2.................(.......ACEL...........................................'........ ....."p.(...Y...a..)...4...+....~...2.?............,....................................................3.8.Z..6Z.......................,i.@,i.@.....................7..i==.....................B......G...<A`L4.. ..p....O....... .Q..........R...@.. ...\.?.<..`..........................y............78...z)*............k...............s..<Ap.kcoD C-epyT 91DW.......w..<Ap.91DW....../.,.+...........2....G....G.....G....d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\ec_89.01.03.05.bin (copy)

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):131008
                                      Entropy (8bit):5.2981282556226335
                                      Encrypted:false
                                      SSDEEP:3072:y1oYGj3bTKVLfAT/e6VBF2kLouEiL8SrJkAbf:yuTLb+Lf4/XHdTHLBrRz
                                      MD5:F0A5EC75809558A243FD8D24E6048FC0
                                      SHA1:E41440A671ED288F423F129530E9C99310C2540D
                                      SHA-256:BDBAB2971411C8CFF5543E22EBA1A4B9E2BE584A84E279F53FB7B2B1936FA648
                                      SHA-512:FA415FB317CDF9A419D651F7E37F54F7F54BC7F88637C89D1EBC050949CF031C3C5D6078A0A9A9437F0E9B4EA09B4345A0C922AE9A984E8571AE1E9F693F42D9
                                      Malicious:false
                                      Preview:...<..)%.x.@...<4..%...<$.)%...........................%+..... ........<..%...... ....%.......%......`....%......J%...%..,...@...)%.......... ...J%..@...)%...%...$$@H....... ........<...'...$...................0...0"g@........<..B$..@.......@........................./.....................................l.............................................................................p............CST1.d2.................(.......ACEL...........................................'........ ....."p.(...Y...a..)...4...+....~...2.?............,....................................................3.8.Z..6Z.......................,i.@,i.@.....................7..i==.....................B......G...<A`L4.. ..p....O....... .Q..........R...@.. ...\.?.<..`..........................y............78...z)*............k...............s..<Ap.kcoD C-epyT 91DW.......w..<Ap.91DW....../.,.+...........2....G....G.....G....d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-1U24J.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):200
                                      Entropy (8bit):4.091442402392643
                                      Encrypted:false
                                      SSDEEP:3:xomjNdJJ/jXL4GyoSFMC3xpG128gN+Ezg6xowOii6f/3PPPPPPPPPPPPPPPPPPPD:LJynFzpW8znx7tnfAvy
                                      MD5:8EBF16A284A1CBC54EF2453568F48439
                                      SHA1:FCB50AD224A67D04250F2B1D1FFC68E7B6C3C249
                                      SHA-256:D39173325AE814466B415989F4B9E39ACB4C4DFE910D68DAE5CDD8E10335C662
                                      SHA-512:E2FAE14801BBD98955A64AB5EF7ED8F0E05758DFDE5B3398ADCF77A357B4BBB07D272B2774E1161B8BBFD68754E5DAE2D3E57A7525F9095898DFC21EDC280110
                                      Malicious:false
                                      Preview:Realtek, Patch64.exe, v2.0.22.2,11/27/2023......This is RTL8153BND..Already Patched !!!..Patch OK!!!....#00 Result = 0x00..*************************************************************************....

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-5BRVH.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                      Category:dropped
                                      Size (bytes):150528
                                      Entropy (8bit):6.466611797029326
                                      Encrypted:false
                                      SSDEEP:3072:w/25jvDSgsqsb5Uh28vAbTV1WW69B9VjMdxPedN9ug0z9TBfFS2Z4c/va:Ltzsb5Uh28+V1WW69B9VjMdxPedN9ug9
                                      MD5:9C953B8F51C128897ABCE0FB9AC21D93
                                      SHA1:AA75DAE2DC94AD7B983677075CEFD43AD99F5B14
                                      SHA-256:DF84BAC2EA2FA06F447299EFB5AC9DDE1B205CBB93457B5B8E09DB96EA7FCD2C
                                      SHA-512:C56E696DF17751A436CD372E915CC82B3594883F9B0C9CDBF5C45C02E34308046CFD4F3FFE8E73C79B9786AAC9736D5BFFF08A141A3401EDDCAE19D6E4319A48
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                      • Antivirus: ReversingLabs, Detection: 9%
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...8.@]........../....2.j.....................@..................................................................................................... ...i......@.......................................................................h............................code...y[.......\.................. ..`.text...%....p.......`.............. ..`.rdata...K.......L...n..............@..@.pdata..@...........................@..@.data....#..........................@....rsrc....i... ...j..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-5RNOL.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):131008
                                      Entropy (8bit):5.376113615083063
                                      Encrypted:false
                                      SSDEEP:3072:ioZDYps5obtlUEZFz8CME9PVYF2Eykl+PJhPLHL4:ii5GbgOFz83g63Z0RhT0
                                      MD5:DDD2686AE6794A2C9E1A14F4B3C2C18C
                                      SHA1:6F5DE68D94009EDDE321979A224802A05D1CC35E
                                      SHA-256:BC28B6EF4BC18D41CD599A42EE14F8EC125F6C287259B1F45A9FC4C55E98261B
                                      SHA-512:A1DB7ED2F9E74C35AC38B59E557FF4712766D23345B976DE4820A91EA0B63217513BAB67700DFBBEABEE7792C579058FFC1CE7DDDDC0734B45985D91EDC85D5B
                                      Malicious:false
                                      Preview:...<..)%.x.@...<4..%...< .)%...........................%+..... ........<H..%...... ....%.......%......`....%......J%...%..,...@...)%.......... ...J%..@...)%...%...$$@H....... ........<...'...$...................0...0.i@........<..B$..@.......@........................@1..br................................................................................................................p.{...........CST1.d2.................(.......ACEL...........................................'........ ....."p.(...Y...a..)...4...+....~...2.?............,....................................................3.8.Z..6Z.......................,i.@,i.@.....................7..i==.....................B......G...<A`L4.. ..p....O....... .Q..........R...@.. ...\.?.<..`..........................y............78...z)*............k...............s..<Ap.kcoD C-epyT 91DW.......w..<Ap.91DW....../.,.+...........2....G....G.....G....d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-85VN5.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):131008
                                      Entropy (8bit):5.29051893437488
                                      Encrypted:false
                                      SSDEEP:3072:p1oYGj3b1Vn+a2q4IbVzF22+AaBdq0u/yEm:puTLbL+af9bl6Xjq0TN
                                      MD5:008935D60A53640F51F270E375564CED
                                      SHA1:35A18D693FEFD7CE49EC4442B89FA665CC861AE9
                                      SHA-256:A7DDEEEFF7B5F1A704FA7781F30A77BB5DC7B1050FA8A0F303949A2C39940D1B
                                      SHA-512:5266CF8D1CE09AEAF6AE363A16FFD663C0800F6A9BB81293B9E849B984D763CE92276B51B375AE1DBDBA611CBE2374328149CC07CBAC88DE68278CCCD71AD058
                                      Malicious:false
                                      Preview:...<..)%.x.@...<4..%...<..)%...........................%+..... ........<..%...... ....%.......%......`....%......J%...%..,...@...)%.......... ...J%..@...)%...%...$$@H....... ........<...'...$...................0...0.f@........<..B$..@.......@........................./.....................................l.............................................................................p............CST1.d2.................(.......ACEL...........................................'........ ....."p.(...Y...a..)...4...+....~...2.?............,....................................................3.8.Z..6Z.......................,i.@,i.@.....................7..i==.....................B......G...<A`L4.. ..p....O....... .Q..........R...@.. ...\.?.<..`..........................y............78...z)*............k...............s..<Ap.kcoD C-epyT 91DW.......w..<Ap.91DW....../.,.+...........2....G....G.....G....d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-90SFQ.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                      Category:dropped
                                      Size (bytes):150528
                                      Entropy (8bit):6.466611797029326
                                      Encrypted:false
                                      SSDEEP:3072:w/25jvDSgsqsb5Uh28vAbTV1WW69B9VjMdxPedN9ug0z9TBfFS2Z4c/va:Ltzsb5Uh28+V1WW69B9VjMdxPedN9ug9
                                      MD5:9C953B8F51C128897ABCE0FB9AC21D93
                                      SHA1:AA75DAE2DC94AD7B983677075CEFD43AD99F5B14
                                      SHA-256:DF84BAC2EA2FA06F447299EFB5AC9DDE1B205CBB93457B5B8E09DB96EA7FCD2C
                                      SHA-512:C56E696DF17751A436CD372E915CC82B3594883F9B0C9CDBF5C45C02E34308046CFD4F3FFE8E73C79B9786AAC9736D5BFFF08A141A3401EDDCAE19D6E4319A48
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                      • Antivirus: ReversingLabs, Detection: 9%
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...8.@]........../....2.j.....................@..................................................................................................... ...i......@.......................................................................h............................code...y[.......\.................. ..`.text...%....p.......`.............. ..`.rdata...K.......L...n..............@..@.pdata..@...........................@..@.data....#..........................@....rsrc....i... ...j..................@..@................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-93IT0.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):325
                                      Entropy (8bit):3.8298456068389273
                                      Encrypted:false
                                      SSDEEP:6:rmXufS1XGwo4NGaw5B6QIFBx6snA6q9vL/RIjZn:6+alGwFD3x6f59v74Z
                                      MD5:2BF32C5F4E6984B0FF8BE328BC460950
                                      SHA1:D47ACAAECC2AAEC73C109FE7278644BA9E995EB4
                                      SHA-256:CA021A4A7829272C435E8A9A6237DCD6A6B6565ADCD9AFFA4ADEBEF9D50091B2
                                      SHA-512:932E38CA8A4716D1E4F2593AD03F66EC32DAFFEA4318C80C480F09579F5FA79A5301627B52D6B1122FE4742DC62879896365B4EF9D44C65F8F23A419FE34A719
                                      Malicious:false
                                      Preview:;Please set patch data up to 16 bytes for each line.....##..;BIT 0..;Disable USB 2.0 patch..ExtPatch = 00 00 00 01..CRC32 = 4F 9E 7C 90..ICInfo =..03 03 08 00 09 02 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..PatchData =..41 CF CC A9 45..##

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-AJDB4.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                      Category:dropped
                                      Size (bytes):957304
                                      Entropy (8bit):6.264208672561971
                                      Encrypted:false
                                      SSDEEP:12288:eYoTcu0n1WIMHb7x1s0LfJCTIKUzi2a3QuKO3hv0KmlprzOfYPCx1A09F87dQ7oY:9cHDLfE0Sf59BU3Ao3on847rjvyS3d
                                      MD5:F2EDD66BA22FB33A8C1700D746185E4F
                                      SHA1:FF89434D9F9C16E6D1DA524210A19A5CF01CBAC1
                                      SHA-256:5C7B667EE60A5D217E784FD137DAE429BFBE3FF123DD74035E75CA88AB2EA479
                                      SHA-512:D0BA299FF8B87A4E2D701BABF29687AF2D76A8F047698C318F7E0EDB84E8339ADB08B380EDCAF719088D4D93080F01E4E1577DF77B05CD838A63D00976BF1188
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U(...I...I...I...;...I...;...I..}=.. I..}=...I..}=...I...;...I...;...I..D<...I...I...I...=...I...=]..I...I5..I...=...I..Rich.I..................PE..d....zde.........."..................@.........@..........................................`.....................................................................x9...v..x%......,...................................`...8............................................text............................... ..`.rdata...N.......P..................@..@.data....Y... ... ..................@....pdata..x9.......:...*..............@..@_RDATA...............d..............@..@.rsrc................f..............@..@.reloc..,............n..............@..B........................................................................................................................................................................................

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-CJ3T3.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                      Category:dropped
                                      Size (bytes):99504
                                      Entropy (8bit):5.495851170365968
                                      Encrypted:false
                                      SSDEEP:1536:vZBiu1fRlQRDhJ2xSe9EejUFc5VdiPFMqO7W/Q2o6JvUUfr:vrhlQ08wEuAcFiNM3WYar
                                      MD5:E0BC467515EC6306F78D26E517291716
                                      SHA1:DBD27FFF7C42E8CB6FBEEEDB1D83292B9E8DCB41
                                      SHA-256:35AA07EFE5F8C535106419EAEA44438260029DEE83026CF617AFD33F4EBE4AFE
                                      SHA-512:FA68C069F90A10FBEAC133B2F0A085445E20501270A52E2BC90E6A1B8CFF0AB83CDE5952F8F55D8537FC8FB405C473EB38E50CCE9E18A0CEEEBC34B9E8AA6CD2
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^78.?Yk.?Yk.?Yk.[Zj.?Yk.[]j.?Yk.[\j.?Yk.[Xj.?Yk.?Xk.?Yk.[Pj.?Yk.[.k.?Yk.[[j.?YkRich.?Yk........PE..d.....:X.........."......^...........g.........@....................................s.....`.......... ......................................D...........x............>...F...p.......z..T............................p...............q...............................text...p].......^.................. ..`.rdata... ...p..."...b..............@..@.data...............................@....pdata..............................@..@.rsrc...x...........................@..@.reloc.......p.......<..............@..B................................................................................................................................................................................................................................................................................

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-DD05B.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                      Category:dropped
                                      Size (bytes):2775552
                                      Entropy (8bit):6.233900167724529
                                      Encrypted:false
                                      SSDEEP:49152:LH6slJy4DH1kHNarNjLt63g3ufYoW++DK+dTfAE:PrNfz3ufy+X+FfF
                                      MD5:97E83C8B38D9556A96C0292B5008EBEE
                                      SHA1:E14D1CEA73E4B14A0369CB980E1C94E3CF498BD1
                                      SHA-256:1C0B17D1011A473B61D7FA49D15E78AA3BF49CAB5903C88D93CAB939B90C5790
                                      SHA-512:937DABE61C954DB41A07202542DDEDB7FDD480D24908D57A89CB15D114E8505B9C7CFA7D52FFED8AD9033736327355312313E6FD2AD8D8CF3204E43935EF3FF1
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.q...q...q.......q.......q.......q..+....q......sq.......q.......q.......p.......q...q...r.......q.......q.......q..Rich.q..................PE..d......e..........".................`..........@..............................+...........`.........................................`6'.0....9'.h.............(..X........... *.......#.......................#.(.....#..............0..X............................text............................... ..`.rdata..fH...0...J..................@..@.data.........'..~...h'.............@....pdata...X....(..Z....'.............@..@.gxfg....-....)......@).............@..@.gehcont$.....*......n).............@..@.reloc....... *......p).............@..B........................................................................................................................................................................................

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-ED6D2.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):848
                                      Entropy (8bit):2.790662817427232
                                      Encrypted:false
                                      SSDEEP:12:6+alGwx5PjWB2vxv623RKHe9vB10sNHcv6n:wllvPjWAI+9vB1Ls6n
                                      MD5:37E0B86058D6F62830849F66C49D5912
                                      SHA1:BE54F7E62E290B0FE5721D1FA1B67D60928B0554
                                      SHA-256:C4F874E42E872DFD14A50A51C029A5ECAF396325A7F7102AF223D5FCA0244211
                                      SHA-512:BF36496627299052D0FBED0281838385E59D7B34A3F34A0FFC23A0C1BBFB11149A59DF3110F12BDE4EB43A631C7D1AC210329A5682AFEE1194A9F66CD262B5D0
                                      Malicious:false
                                      Preview:;Please set patch data up to 16 bytes for each line.....##..;BIT_0..;RTL8153BND Disable USB 2.0 patch..EXTCFGNO = 00 00 00 01..;MACADDRMASK = FF FF FF FF FF FF..CRC32 = 52 70 00 63..00 01 D8 00 00 00 02 00 00 00 00 00 DA 0B 53 81..11 31 00 00 01 00 00 00 03 03 08 00 09 02 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 03 03 08 00 09 46 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 A3 03 08 00 03 0A 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00..00 00 00 00 00 00 00 99 00 00 00 5A 00 A5 00 FE..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00..##..

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-GB31N.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):324
                                      Entropy (8bit):3.804575658661602
                                      Encrypted:false
                                      SSDEEP:6:rmXufS1XGwo4NGaw5B6QIFBXtSA6q1j/RIJRKyn:6+alGwFD3XtR51D+RD
                                      MD5:3DB12A7A8A8B12520EE5E00CDF42498F
                                      SHA1:6A81EF497F166879F6AD14909813D14BB32741E0
                                      SHA-256:900B567653672286F78EBE397D7419856E1F5EA31C5739593C0BC69C7B596135
                                      SHA-512:D005862A45C32B2F10F1BD35242ACD64FB1F68E2CAFF41BB0AA53F8C6EDEB5BDEE9577F5278EAA23E069F0B8ECEC98AD09C99F7055BCB016A58BD0B34C89DF6A
                                      Malicious:false
                                      Preview:;Please set patch data up to 16 bytes for each line.....##..;BIT 0..;Disable USB 2.0 patch..ExtPatch = 00 00 00 01..CRC32 = CC F4 AD CD..ICInfo =..03 03 08 00 09 46 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00..PatchData =..40 CF CD 4D..##..

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-LBEQK.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):3153469
                                      Entropy (8bit):6.354681137568422
                                      Encrypted:false
                                      SSDEEP:49152:dWGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbd333xF:HtLutqgwh4NYxtJpkxhGO333L
                                      MD5:8E793246AF4897C6C84F6CC4C536FC8E
                                      SHA1:2568AC967E6D4F08C27A4C1D53FCA727160AC74D
                                      SHA-256:8D42C9F49AD70774CDCD17F6A89A071B21E2E12E13B51AB673E26A07DBE0E107
                                      SHA-512:F58EF259ED5B64F6E08E4A4BB31356DE7760FC1767E36FD907617857A012A637E62492C64D945F3D601CC8CE6AD0B43FA2FD816E92E3D733CA3694DF3B63B209
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,..p......hf,......p,...@...........................0...........@......@....................-.......-..9...................................................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc.................-.............@..@..............1.......0.............@..@........................................................

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-LES54.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                      Category:dropped
                                      Size (bytes):376680
                                      Entropy (8bit):6.4657297234290905
                                      Encrypted:false
                                      SSDEEP:6144:n36pR3mMl0cWupLm49jmDaG6DXfpedVBiaFkPqf8P0tUdmY:34xm6v4DaZDPpedjYqDUj
                                      MD5:32ED49BD279DA21E0663968F962DBD9C
                                      SHA1:EFF2002A248302B43FFF539687B2D9D1891B47DC
                                      SHA-256:AB1573F56F755CB66BA23D743E13BE4E69CD684E986C855A6F9EC381770927C2
                                      SHA-512:6BB6479199FF37FA598F7C4B3406622F3901D5622A95A4641263160E1871303B3E2DE1AB6C1E0FF2E29262CB9F5C74939C99E594C36B33B87AC2E822FC5D3D40
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}...}...}..|...}..|...}..|...}...|...}...|...}...|...}..|...}...}>..}...|...}...|...}...}...}..l}...}...|...}Rich...}........PE..d......b.........." .........t...... 5..............................................a.....`A........................................P.......d%..x............p...+...l..hS..............p.......................(.......8............ ..X............................text............................... ..`.rdata....... ......................@..@.data.... ...@....... ..............@....pdata...+...p...,..................@..@_RDATA...............Z..............@..@.msvcjmcG............\..............@....rsrc................^..............@..@.reloc...............d..............@..B........................................................................................................................................................

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\is-T4OSG.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:data
                                      Category:dropped
                                      Size (bytes):131008
                                      Entropy (8bit):5.2981282556226335
                                      Encrypted:false
                                      SSDEEP:3072:y1oYGj3bTKVLfAT/e6VBF2kLouEiL8SrJkAbf:yuTLb+Lf4/XHdTHLBrRz
                                      MD5:F0A5EC75809558A243FD8D24E6048FC0
                                      SHA1:E41440A671ED288F423F129530E9C99310C2540D
                                      SHA-256:BDBAB2971411C8CFF5543E22EBA1A4B9E2BE584A84E279F53FB7B2B1936FA648
                                      SHA-512:FA415FB317CDF9A419D651F7E37F54F7F54BC7F88637C89D1EBC050949CF031C3C5D6078A0A9A9437F0E9B4EA09B4345A0C922AE9A984E8571AE1E9F693F42D9
                                      Malicious:false
                                      Preview:...<..)%.x.@...<4..%...<$.)%...........................%+..... ........<..%...... ....%.......%......`....%......J%...%..,...@...)%.......... ...J%..@...)%...%...$$@H....... ........<...'...$...................0...0"g@........<..B$..@.......@........................./.....................................l.............................................................................p............CST1.d2.................(.......ACEL...........................................'........ ....."p.(...Y...a..)...4...+....~...2.?............,....................................................3.8.Z..6Z.......................,i.@,i.@.....................7..i==.....................B......G...<A`L4.. ..p....O....... .Q..........R...@.. ...\.?.<..`..........................y............78...z)*............k...............s..<Ap.kcoD C-epyT 91DW.......w..<Ap.91DW....../.,.+...........2....G....G.....G....d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.d.

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\patch.log (copy)

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):200
                                      Entropy (8bit):4.091442402392643
                                      Encrypted:false
                                      SSDEEP:3:xomjNdJJ/jXL4GyoSFMC3xpG128gN+Ezg6xowOii6f/3PPPPPPPPPPPPPPPPPPPD:LJynFzpW8znx7tnfAvy
                                      MD5:8EBF16A284A1CBC54EF2453568F48439
                                      SHA1:FCB50AD224A67D04250F2B1D1FFC68E7B6C3C249
                                      SHA-256:D39173325AE814466B415989F4B9E39ACB4C4DFE910D68DAE5CDD8E10335C662
                                      SHA-512:E2FAE14801BBD98955A64AB5EF7ED8F0E05758DFDE5B3398ADCF77A357B4BBB07D272B2774E1161B8BBFD68754E5DAE2D3E57A7525F9095898DFC21EDC280110
                                      Malicious:false
                                      Preview:Realtek, Patch64.exe, v2.0.22.2,11/27/2023......This is RTL8153BND..Already Patched !!!..Patch OK!!!....#00 Result = 0x00..*************************************************************************....

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\unins000.dat

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:InnoSetup Log DellDockFW_UPGRADE_UTILITY {598FF4F3-A5CE-4782-9F8E-B615F4B2880D}, version 0x418, 4542 bytes, 663680\37\user, C:\Program Files (x86)\DellDockFW_UPGRADE_
                                      Category:modified
                                      Size (bytes):4542
                                      Entropy (8bit):3.6643676744388602
                                      Encrypted:false
                                      SSDEEP:96:+a9+f6dXC8jPD4op0VCJCxCS+0PfrHhLNK:+aMfCP4K0PfrHy
                                      MD5:8E8B6921819B5CF54A19C18136B25348
                                      SHA1:3CC955BF5B16DB52052023C363743FC7E07B3225
                                      SHA-256:362C7C04891FAB7BE1B843C788D7FF97480B4990785F1379D7775EC23696C33A
                                      SHA-512:DF476717F71AAA161E849D05FD3F9B6D490CC479522BD120839F9869F85FB70EF337E05352C9A6B21AEEF6E7BC4F6A47338E87A289941E43A3212E54621E9C9E
                                      Malicious:false
                                      Preview:Inno Setup Uninstall Log (b)....................................{598FF4F3-A5CE-4782-9F8E-B615F4B2880D}..........................................................................................DellDockFW_UPGRADE_UTILITY..............................................................................................................................................................................................................................................~..+...............6.6.3.6.8.0......f.r.o.n.t.d.e.s.k......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.D.e.l.l.D.o.c.k.F.W._.U.P.G.R.A.D.E._.U.T.I.L.I.T.Y....................D.. .....f..................C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.D.e.l.l.D.o.c.k.F.W._.U.P.G.R.A.D.E._.U.T.I.L.I.T.Y..b...C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.S.t.a.r.t. .M.e.n.u.\.P.r.o.g.r.a.m.s.\.D.e.l.l.D.o.c.k.F.W._.U.P.G.R.A.D.E._.U.T.I.L.I.T.Y......D.e.l.l.D.o.c.k.F.W._.U.P.G.R.A.D.E._.U.T.I.L.I.T.Y......e.n.g.l.i.s.h....

                                      C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\unins000.exe (copy)

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):3153469
                                      Entropy (8bit):6.354681137568422
                                      Encrypted:false
                                      SSDEEP:49152:dWGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbd333xF:HtLutqgwh4NYxtJpkxhGO333L
                                      MD5:8E793246AF4897C6C84F6CC4C536FC8E
                                      SHA1:2568AC967E6D4F08C27A4C1D53FCA727160AC74D
                                      SHA-256:8D42C9F49AD70774CDCD17F6A89A071B21E2E12E13B51AB673E26A07DBE0E107
                                      SHA-512:F58EF259ED5B64F6E08E4A4BB31356DE7760FC1767E36FD907617857A012A637E62492C64D945F3D601CC8CE6AD0B43FA2FD816E92E3D733CA3694DF3B63B209
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,..p......hf,......p,...@...........................0...........@......@....................-.......-..9...................................................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc.................-.............@..@..............1.......0.............@..@........................................................

                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DellDockFW_UPGRADE_UTILITY\DellDockFW_UPGRADE_UTILITY.lnk

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Oct 30 15:00:09 2024, mtime=Wed Oct 30 15:00:09 2024, atime=Thu Mar 14 06:03:42 2024, length=150528, window=hide
                                      Category:dropped
                                      Size (bytes):1344
                                      Entropy (8bit):4.632433273771452
                                      Encrypted:false
                                      SSDEEP:24:8mKY5TOE2udOE1tifX1bUARBOWD8++NuCMdHcr9X1ddHcpUUpiQJ+QJUwqygm:8mb5l2udO3X1vnOWD8++NQdYX1ddt0J4
                                      MD5:F03543CF8E8203135CF213A8000DE976
                                      SHA1:8E08E61C4D22CCB0A9243F8F2BD2ECFCF8CA146E
                                      SHA-256:606A4ACB086BD0CAE10DCF464EE094A35541F6D554F029E88B1C36F94E1D3530
                                      SHA-512:A42685B5B77113C6994BF810430528A9481F9C8DA546F8000E16B7BCEBDB1A8C7080232064C64104ADA793F05419957A4276FDB136B25662923E6648D429F73F
                                      Malicious:false
                                      Preview:L..................F.... .....f..*..{.i..*....b..u...L...........................P.O. .:i.....+00.../C:\.....................1.....^Y....PROGRA~2.........O.I^Y......................V.....T.c.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....~.1.....^Y....DELLDO~1..f......^Y..^Y.............................9a.D.e.l.l.D.o.c.k.F.W._.U.P.G.R.A.D.E._.U.T.I.L.I.T.Y.......2..L..nXu8 .DELLFW~1.EXE..z......^Y..^Y......E.........................D.e.l.l.F.W._.U.P.G.R.A.D.E._.D.O.C.K._.U.T.I.L.I.T.Y._.v.1...2...e.x.e.......................-.................../.$l.....C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe..e.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.D.e.l.l.D.o.c.k.F.W._.U.P.G.R.A.D.E._.U.T.I.L.I.T.Y.\.D.e.l.l.F.W._.U.P.G.R.A.D.E._.D.O.C.K._.U.T.I.L.I.T.Y._.v.1...2...e.x.e.1.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.D.e.l.l.D.o.c.k.F.W._.U.P.G.R.A.D.E._.U.T.I.L.I.T.Y.........*.

                                      C:\Users\user\AppData\Local\Temp\9B10.tmp\9B11.tmp\9B12.bat

                                      Download File
                                      Process:C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe
                                      File Type:ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):7897
                                      Entropy (8bit):3.7976842154222252
                                      Encrypted:false
                                      SSDEEP:192:W93vtMulJYLwNtt9Unt9KVtEIttKuQtkpCttF9htt79ovtdW9OvtRtttIDdh:w3vtxJYLwNtt9Unt9KVtEIttKuQtkpCV
                                      MD5:1B130E99A457DF03BDF186D6FF816849
                                      SHA1:F7EBA7850FE528EE0CC7BAF89FD06725C44C7D4B
                                      SHA-256:4CE59C12615548A5C9550472039AED42DCEDD018DE55B46F5CE2FBA5B3F9DED6
                                      SHA-512:223D7ED298CB678468F24F216DEB54DC5110E5F1647B213FC59173B1380597D81373602C84F80E5D586266E5503F093170DF4C43351095D4BEED7050B92914B0
                                      Malicious:false
                                      Preview:@shift /0..@echo off..SalomonFwUpdaterI2C64W.exe /dockinfo >check0.log..find /i check0.log "GetSalomonDockInfo Failed, check if Dock is connected to system" && goto wodock..goto check1....:check1..@echo off..SalomonFwUpdaterI2C64W.exe /dockdata >check1.log..find /i check1.log "WD22TB4" && goto check2..find /i check1.log "WD19" && goto check2..find /i check1.log "WD19S" && goto check2..find /i check1.log "WD19DC" && goto check2..find /i check1.log "WD19DCS" && goto check2..find /i check1.log "WD19TB" && goto check2..find /i check1.log "WD19TBS" && goto check2..goto docknotsupport....:check2..SalomonFwUpdaterI2C64W.exe /dockinfo >check2.log..find /i check2.log "Version:01.01.00.05" && goto FEC..find /i check2.log "Version:01.01.00.07" && goto FEC..goto docknotsupport....:FEC..@echo off..echo *************************************************************************..echo * *..echo * Update DOCK EC FW (v89.01.03.05).

                                      C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp

                                      Download File
                                      Process:C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe
                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                      Category:modified
                                      Size (bytes):3129344
                                      Entropy (8bit):6.368012964598985
                                      Encrypted:false
                                      SSDEEP:49152:FWGtLBcXqFpBR6SVb8kq4pgquLMMji4NYxtJpkxhGjIHTbd333x3:ftLutqgwh4NYxtJpkxhGO3331
                                      MD5:832E804AB463815164C8D19D9A98A79B
                                      SHA1:07D1C7C12604091B047827CAB73C85653796D1DD
                                      SHA-256:8CCB174BB377879198F28096DABB6CBBA243A4B2777AEF81C038CA559726F3FB
                                      SHA-512:B68747F248200F3B1A65A13C942F42C1EDAD6C76E0BA5712DD819F27949CDAD781DE98057D99477CFC59042099339FACAC9FF67C30802ADF67D1E34B2E010054
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,..p......hf,......p,...@...........................0...........@......@....................-.......-..9...................................................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc.................-.............@..@..............1.......0.............@..@........................................................

                                      C:\Users\user\AppData\Local\Temp\is-T91OE.tmp\_isetup\_isdecmp.dll

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                      Category:dropped
                                      Size (bytes):29472
                                      Entropy (8bit):7.042110181107409
                                      Encrypted:false
                                      SSDEEP:768:BD7FEAbd+EDsIOmF+OiR9rikW/F+M9OAriXiRQU:M07sIOYRiPWkWNl9WXil
                                      MD5:077CB4461A2767383B317EB0C50F5F13
                                      SHA1:584E64F1D162398B7F377CE55A6B5740379C4282
                                      SHA-256:8287D0E287A66EE78537C8D1D98E426562B95C50F569B92CEA9CE36A9FA57E64
                                      SHA-512:B1FCB0265697561EF497E6A60FCEE99DC5EA0CF02B4010DA9F5ED93BCE88BDFEA6BFE823A017487B8059158464EA29636AAD8E5F9DD1E8B8A1B6EAAAB670E547
                                      Malicious:true
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........I...(...(...(..n ..(...(...(...$..(...$..(...$..(..Rich.(..................PE..L......B...........!..... ..........p........0....P..........................P.......................................;.......;..(....................4.. ?...@.......0...............................................0...............................text............ .................. ..`.rdata.......0.......$..............@..@.reloc.......@.......2..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\Users\user\AppData\Local\Temp\is-T91OE.tmp\_isetup\_setup64.tmp

                                      Download File
                                      Process:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      File Type:PE32+ executable (console) x86-64, for MS Windows
                                      Category:dropped
                                      Size (bytes):6144
                                      Entropy (8bit):4.720366600008286
                                      Encrypted:false
                                      SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                      MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                      SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                      SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                      SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                      Malicious:false
                                      Antivirus:
                                      • Antivirus: ReversingLabs, Detection: 0%
                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                      Static File Info

                                      General

                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                      Entropy (8bit):7.850147802165105
                                      TrID:
                                      • Win32 Executable (generic) a (10002005/4) 98.45%
                                      • Inno Setup installer (109748/4) 1.08%
                                      • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                      • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                      File name:24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe
                                      File size:3'597'832 bytes
                                      MD5:6b0996924a1ff0df14223b378c8e4fb8
                                      SHA1:c491eb345f1cc3a701e7ace9ed3e4662830afa55
                                      SHA256:1e67c3ae6c79fb0768a19be602116008c06d396a81a5b206345edad34061882b
                                      SHA512:12f832ecb96ac2bbb6d74e40e84a4fb3f0e7c3be10549b989e68b2480e1b10438fb03ee3f58af06747c3f43035cf3defa1d07e82f784b87f3ec3b982a11b2514
                                      SSDEEP:98304:ekLnTz+mYmhvlCoNNnmEmE+CTo/smDHuGUKrIv4/:5Tz+xYvlCobRo/smazK
                                      TLSH:5DF5013BB268753EC7AA0B3125739234997BFB51641B8C1E67F0180CCF366621E3AE55
                                      File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                      File Icon

                                      Icon Hash:71cc92f4a296cc71

                                      Static PE Info

                                      General

                                      Entrypoint:0x4b5eec
                                      Entrypoint Section:.itext
                                      Digitally signed:true
                                      Imagebase:0x400000
                                      Subsystem:windows gui
                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                      Time Stamp:0x63ECF218 [Wed Feb 15 14:54:16 2023 UTC]
                                      TLS Callbacks:
                                      CLR (.Net) Version:
                                      OS Version Major:6
                                      OS Version Minor:1
                                      File Version Major:6
                                      File Version Minor:1
                                      Subsystem Version Major:6
                                      Subsystem Version Minor:1
                                      Import Hash:e569e6f445d32ba23766ad67d1e3787f

                                      Authenticode Signature

                                      Signature Valid:true
                                      Signature Issuer:CN=Entrust Code Signing CA - OVCS2, O="Entrust, Inc.", C=US
                                      Signature Validation Error:The operation completed successfully
                                      Error Number:0
                                      Not Before, Not After
                                      • 14/02/2024 21:43:54 27/02/2025 21:43:53
                                      Subject Chain
                                      • CN=Dell Technologies Inc., O=Dell Technologies Inc., L=Round Rock, S=Texas, C=US
                                      Version:3
                                      Thumbprint MD5:D195E4B56B98FA758A11B91699D9FA13
                                      Thumbprint SHA-1:90EF77769F6AD66A1A4F87A0207B892AFA3D50AD
                                      Thumbprint SHA-256:7F04F3E8051D619D1BAE336FF63A8ABF99F7990B4BBB546279E269E2E692A269
                                      Serial:791A038A0A9EB2E42199A3615A706641

                                      Entrypoint Preview

                                      Instruction
                                      push ebp
                                      mov ebp, esp
                                      add esp, FFFFFFA4h
                                      push ebx
                                      push esi
                                      push edi
                                      xor eax, eax
                                      mov dword ptr [ebp-3Ch], eax
                                      mov dword ptr [ebp-40h], eax
                                      mov dword ptr [ebp-5Ch], eax
                                      mov dword ptr [ebp-30h], eax
                                      mov dword ptr [ebp-38h], eax
                                      mov dword ptr [ebp-34h], eax
                                      mov dword ptr [ebp-2Ch], eax
                                      mov dword ptr [ebp-28h], eax
                                      mov dword ptr [ebp-14h], eax
                                      mov eax, 004B14B8h
                                      call 00007F291C770EF5h
                                      xor eax, eax
                                      push ebp
                                      push 004B65E2h
                                      push dword ptr fs:[eax]
                                      mov dword ptr fs:[eax], esp
                                      xor edx, edx
                                      push ebp
                                      push 004B659Eh
                                      push dword ptr fs:[edx]
                                      mov dword ptr fs:[edx], esp
                                      mov eax, dword ptr [004BE634h]
                                      call 00007F291C8139E7h
                                      call 00007F291C81353Ah
                                      lea edx, dword ptr [ebp-14h]
                                      xor eax, eax
                                      call 00007F291C786994h
                                      mov edx, dword ptr [ebp-14h]
                                      mov eax, 004C1D84h
                                      call 00007F291C76BAE7h
                                      push 00000002h
                                      push 00000000h
                                      push 00000001h
                                      mov ecx, dword ptr [004C1D84h]
                                      mov dl, 01h
                                      mov eax, dword ptr [004238ECh]
                                      call 00007F291C787B17h
                                      mov dword ptr [004C1D88h], eax
                                      xor edx, edx
                                      push ebp
                                      push 004B654Ah
                                      push dword ptr fs:[edx]
                                      mov dword ptr fs:[edx], esp
                                      call 00007F291C813A6Fh
                                      mov dword ptr [004C1D90h], eax
                                      mov eax, dword ptr [004C1D90h]
                                      cmp dword ptr [eax+0Ch], 01h
                                      jne 00007F291C819C8Ah
                                      mov eax, dword ptr [004C1D90h]
                                      mov edx, 00000028h
                                      call 00007F291C78840Ch
                                      mov edx, dword ptr [004C1D90h]

                                      Data Directories

                                      NameVirtual AddressVirtual Size Is in Section
                                      IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xfdc.idata
                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x7608.rsrc
                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x36b8280x2de0
                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IAT0xc22f40x254.idata
                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                      Sections

                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                      .text0x10000xb39e40xb3a0043af0a9476ca224d8e8461f1e22c94daFalse0.34525867693110646data6.357635049994181IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      .itext0xb50000x16880x1800185e04b9a1f554e31f7f848515dc890cFalse0.54443359375data5.971425428435973IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      .data0xb70000x37a40x3800cab2107c933b696aa5cf0cc6c3fd3980False0.36097935267857145data5.048648594372454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                      .bss0xbb0000x6de80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                      .idata0xc20000xfdc0x1000e7d1635e2624b124cfdce6c360ac21cdFalse0.3798828125data5.029087481102678IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                      .didata0xc30000x1a40x2008ced971d8a7705c98b173e255d8c9aa7False0.345703125data2.7509822285969876IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                      .edata0xc40000x9a0x2008d4e1e508031afe235bf121c80fd7d5fFalse0.2578125data1.877162954504408IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .tls0xc50000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                      .rdata0xc60000x5d0x2008f2f090acd9622c88a6a852e72f94e96False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .rsrc0xc70000x76080x7800e4403c3b863d02d2ead2231436faeaa0False0.20846354166666667data4.186259088101422IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                      Resources

                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                      RT_ICON0xc74380x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.125059045819556
                                      RT_STRING0xcb6600x360data0.34375
                                      RT_STRING0xcb9c00x260data0.3256578947368421
                                      RT_STRING0xcbc200x45cdata0.4068100358422939
                                      RT_STRING0xcc07c0x40cdata0.3754826254826255
                                      RT_STRING0xcc4880x2d4data0.39226519337016574
                                      RT_STRING0xcc75c0xb8data0.6467391304347826
                                      RT_STRING0xcc8140x9cdata0.6410256410256411
                                      RT_STRING0xcc8b00x374data0.4230769230769231
                                      RT_STRING0xccc240x398data0.3358695652173913
                                      RT_STRING0xccfbc0x368data0.3795871559633027
                                      RT_STRING0xcd3240x2a4data0.4275147928994083
                                      RT_RCDATA0xcd5c80x10data1.5
                                      RT_RCDATA0xcd5d80x2c4data0.6384180790960452
                                      RT_RCDATA0xcd89c0x2cdata1.2045454545454546
                                      RT_GROUP_ICON0xcd8c80x14dataEnglishUnited States1.25
                                      RT_VERSION0xcd8dc0x584dataEnglishUnited States0.2747875354107649
                                      RT_MANIFEST0xcde600x7a8XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3377551020408163

                                      Imports

                                      DLLImport
                                      kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetSystemWindowsDirectoryW, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                      comctl32.dllInitCommonControls
                                      version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                      user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                      oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                      netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                      advapi32.dllConvertStringSecurityDescriptorToSecurityDescriptorW, RegQueryValueExW, AdjustTokenPrivileges, GetTokenInformation, ConvertSidToStringSidW, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                      Exports

                                      NameOrdinalAddress
                                      TMethodImplementationIntercept30x4541a8
                                      __dbk_fcall_wrapper20x40d0a0
                                      dbkFCallWrapperAddr10x4be63c

                                      Possible Origin

                                      Language of compilation systemCountry where language is spokenMap
                                      EnglishUnited States

                                      Network Behavior

                                      No network behavior found

                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:12:00:03
                                      Start date:30/10/2024
                                      Path:C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe"
                                      Imagebase:0x400000
                                      File size:3'597'832 bytes
                                      MD5 hash:6B0996924A1FF0DF14223B378C8E4FB8
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:Borland Delphi
                                      Reputation:low
                                      Has exited:false

                                      General

                                      Target ID:2
                                      Start time:12:00:04
                                      Start date:30/10/2024
                                      Path:C:\Users\user\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp
                                      Wow64 process (32bit):true
                                      Commandline:"C:\Users\user~1\AppData\Local\Temp\is-11DL1.tmp\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.tmp" /SL5="$103E8,2740915,793600,C:\Users\user\Desktop\24314_DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe"
                                      Imagebase:0x400000
                                      File size:3'129'344 bytes
                                      MD5 hash:832E804AB463815164C8D19D9A98A79B
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:Borland Delphi
                                      Antivirus matches:
                                      • Detection: 0%, ReversingLabs
                                      Reputation:low
                                      Has exited:false

                                      General

                                      Target ID:4
                                      Start time:12:00:09
                                      Start date:30/10/2024
                                      Path:C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe"
                                      Imagebase:0x140000000
                                      File size:150'528 bytes
                                      MD5 hash:9C953B8F51C128897ABCE0FB9AC21D93
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:false

                                      General

                                      Target ID:5
                                      Start time:12:00:09
                                      Start date:30/10/2024
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff75da10000
                                      File size:862'208 bytes
                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:false

                                      General

                                      Target ID:6
                                      Start time:12:00:09
                                      Start date:30/10/2024
                                      Path:C:\Windows\System32\cmd.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Windows\system32\cmd" /c "C:\Users\user\AppData\Local\Temp\9B10.tmp\9B11.tmp\9B12.bat "C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\DellFW_UPGRADE_DOCK_UTILITY_v1.2.exe""
                                      Imagebase:0x7ff6445c0000
                                      File size:289'792 bytes
                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:false

                                      General

                                      Target ID:7
                                      Start time:12:00:09
                                      Start date:30/10/2024
                                      Path:C:\Program Files (x86)\DellDockFW_UPGRADE_UTILITY\SalomonFwUpdaterI2C64W.exe
                                      Wow64 process (32bit):false
                                      Commandline:SalomonFwUpdaterI2C64W.exe /dockinfo
                                      Imagebase:0x7ff719780000
                                      File size:2'775'552 bytes
                                      MD5 hash:97E83C8B38D9556A96C0292B5008EBEE
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:8
                                      Start time:12:00:09
                                      Start date:30/10/2024
                                      Path:C:\Windows\System32\find.exe
                                      Wow64 process (32bit):false
                                      Commandline:find /i check0.log "GetSalomonDockInfo Failed, check if Dock is connected to system"
                                      Imagebase:0x7ff73c200000
                                      File size:17'920 bytes
                                      MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:moderate
                                      Has exited:true

                                      Disassembly

                                      No disassembly