FaronicsDeployAgent_Semi-Automatic (1).exe
This report is generated from a file or URL submitted to this webservice on February 6th 2020 17:59:21 (UTC)
Guest System: Windows 7 64 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.30 © Hybrid Analysis
Incident Response
Risk Assessment
- Remote Access
- Contains a remote desktop related string
- Persistence
-
Modifies auto-execute functionality by setting/creating a value in the registry
Schedules a task to be executed at a specific time and date
Spawns a lot of processes
Writes data to a remote process - Fingerprint
-
Queries kernel debugger information
Reads the active computer name
Reads the cryptographic machine GUID - Evasive
-
Found a reference to a WMI query string known to be used for VM detection
Possibly checks for the presence of an Antivirus engine
Possibly tries to implement anti-virtualization techniques - Spreading
-
Opens the MountPointManager (often used to detect additional infection locations)
Tries to access unusual system drive letters - Network Behavior
- Contacts 2 domains and 1 host. View all details
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Malicious Indicators 6
-
Installation/Persistance
-
Allocates virtual memory in a remote process
- details
-
"FaronicsDeployAgent_Semi-Automatic_1_.exe" allocated memory in "\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{581F69E6-A5D1-48C7-9F6F-CC333007F7EB}"
"FWAInstallMonitor.exe" allocated memory in "\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{581F69E6-A5D1-48C7-9F6F-CC333007F7EB}"
"FWAInstallMonitor.exe" allocated memory in "%ALLUSERSPROFILE%\FWAInstallMonitor.exe"
"cmd.exe" allocated memory in "\Device\MountPointManager" - source
- API Call
- relevance
- 7/10
- ATT&CK ID
- T1055 (Show technique in the MITRE ATT&CK™ matrix)
-
Writes data to a remote process
- details
-
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote 1500 bytes to a remote process "%WINDIR%\SysWOW64\msiexec.exe" (Handle: 168)
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote 4 bytes to a remote process "C:\Windows\SysWOW64\msiexec.exe" (Handle: 168)
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote 8 bytes to a remote process "C:\Windows\SysWOW64\msiexec.exe" (Handle: 168)
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote 32 bytes to a remote process "C:\Windows\SysWOW64\msiexec.exe" (Handle: 168)
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote 52 bytes to a remote process "C:\Windows\SysWOW64\msiexec.exe" (Handle: 168)
"cmd.exe" wrote 32 bytes to a remote process "C:\Windows\SysWOW64\schtasks.exe" (Handle: 124)
"cmd.exe" wrote 52 bytes to a remote process "C:\Windows\SysWOW64\schtasks.exe" (Handle: 124)
"cmd.exe" wrote 4 bytes to a remote process "C:\Windows\SysWOW64\schtasks.exe" (Handle: 124)
"cmd.exe" wrote 8 bytes to a remote process "C:\Windows\SysWOW64\schtasks.exe" (Handle: 124)
"cmd.exe" wrote 32 bytes to a remote process "C:\Windows\SysWOW64\schtasks.exe" (Handle: 128)
"cmd.exe" wrote 52 bytes to a remote process "C:\Windows\SysWOW64\schtasks.exe" (Handle: 128)
"cmd.exe" wrote 4 bytes to a remote process "C:\Windows\SysWOW64\schtasks.exe" (Handle: 128)
"cmd.exe" wrote 8 bytes to a remote process "C:\Windows\SysWOW64\schtasks.exe" (Handle: 128) - source
- API Call
- relevance
- 6/10
- ATT&CK ID
- T1055 (Show technique in the MITRE ATT&CK™ matrix)
-
Allocates virtual memory in a remote process
-
Unusual Characteristics
-
Checks for a resource fork (ADS) file
- details
- "FaronicsDeployAgent_Semi-Automatic_1_.exe" checked file "C:"
- source
- API Call
- relevance
- 5/10
-
Spawns a lot of processes
- details
-
Spawned process "FaronicsDeployAgent_Semi-Automatic_1_.exe" (Show Process)
Spawned process "msiexec.exe" with commandline "Msiexec /i "%TEMP%\ProductInstaller\Cloud Agent_C64.msi" /q REBOOT="ReallySuppress"" (Show Process)
Spawned process "FWAInstallMonitor.exe" with commandline "/StartMonitor /CreateStartUpMonitorTask /MsiPath "%TEMP%\ProductInstaller\Cloud Agent_C64.msi" /Pid 3760" (Show Process)
Spawned process "regsvr32.exe" with commandline "/s "%PROGRAMFILES%\(x86)\Faronics\Faronics Deploy Agent\FWAWmiProvider.dll"" (Show Process)
Spawned process "ModulesUpgradeMgr.exe" with commandline "1.10.8110.95 "%PROGRAMFILES%\(x86)\Faronics\Faronics Deploy Agent\\" LaunchFromInstaller" (Show Process)
Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c %ALLUSERSPROFILE%\FWACleanupScheduler.bat" (Show Process)
Spawned process "schtasks.exe" with commandline "schtasks /Delete /tn LaunchStartUpFWAInstallHelper /f" (Show Process)
Spawned process "schtasks.exe" with commandline "schtasks /Create /RU System /tn LaunchStartUpFWAInstallHelper /tr "\"%ALLUSERSPROFILE%\FWAInstallMonitor.exe\" /StartMonitorAtStartUp 5 /MsiPath %TEMP%\FaronicsCloudAgent.msi" /sc onstart" (Show Process)
Spawned process "msiexec.exe" with commandline "Msiexec /i "%TEMP%\ProductInstaller\Software Updater_C64.msi" /q REBOOT="ReallySuppress"" (Show Process)
Spawned process "msiexec.exe" with commandline "Msiexec /i "%TEMP%\ProductInstaller\Usage Stats_C64.msi" /q REBOOT="ReallySuppress"" (Show Process)
Spawned process "wacD162.tmp" with commandline "{EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E247AEDB-16BD-4EEC-BBA9-E2BE9719F295}" (Show Process)
Spawned process "wacD162.tmp" with commandline "{EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0B7995D5-BD14-4ACD-9F5B-F58DC0F1B817}" (Show Process)
Spawned process "msiexec.exe" with commandline "Msiexec /i "%TEMP%\ProductInstaller\Imaging Client_C64.msi" /q REBOOT="ReallySuppress"" (Show Process)
Spawned process "Imaging.exe" with commandline "--addinstalldate" (Show Process)
Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c %ALLUSERSPROFILE%\FWACleanupScheduler.bat" (Show Process)
Spawned process "schtasks.exe" with commandline "schtasks /Delete /tn LaunchFWACleanupHelper /f" (Show Process)
Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c %ALLUSERSPROFILE%\FWACleanupScheduler.bat" (Show Process)
Spawned process "schtasks.exe" with commandline "schtasks /Delete /tn LaunchStartUpFWAInstallHelper /f" (Show Process) - source
- Monitored Target
- relevance
- 8/10
-
Tries to access unusual system drive letters
- details
-
"msiexec.exe" touched "K:"
"msiexec.exe" touched "L:"
"msiexec.exe" touched "M:"
"msiexec.exe" touched "N:"
"msiexec.exe" touched "O:"
"msiexec.exe" touched "P:"
"msiexec.exe" touched "Q:"
"msiexec.exe" touched "R:"
"msiexec.exe" touched "S:"
"msiexec.exe" touched "T:"
"msiexec.exe" touched "U:"
"msiexec.exe" touched "V:"
"msiexec.exe" touched "W:" - source
- API Call
- relevance
- 9/10
- ATT&CK ID
- T1083 (Show technique in the MITRE ATT&CK™ matrix)
-
Checks for a resource fork (ADS) file
-
Hiding 1 Malicious Indicators
- All indicators are available only in the private webservice or standalone version
-
Suspicious Indicators 27
-
Anti-Detection/Stealthyness
-
Possibly checks for the presence of an Antivirus engine
- details
-
"Malwarebytes" (Indicator: "malwarebytes")
"SUPERAntiSpyware" (Indicator: "superantispyware")
"Ad-Aware Antivirus" (Indicator: "antivirus")
"\Lavasoft\" (Indicator: "lavasoft") - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1063 (Show technique in the MITRE ATT&CK™ matrix)
-
Queries kernel debugger information
- details
-
"FaronicsDeployAgent_Semi-Automatic_1_.exe" at 00020572-00003340-00000033-17683653513
"msiexec.exe" at 00021482-00003432-00000033-30482165452
"FWAInstallMonitor.exe" at 00022242-00001244-00000033-69122603892
"ModulesUpgradeMgr.exe" at 00023257-00003568-00000033-92991601681
"msiexec.exe" at 00023903-00002064-00000033-101845980121
"msiexec.exe" at 00024303-00001856-00000033-111712045409
"wacD162.tmp" at 00024432-00004048-00000033-117079718339
"wacD162.tmp" at 00024551-00003752-00000033-119896868420
"msiexec.exe" at 00024892-00003872-00000033-133612799011
"Imaging.exe" at 00025037-00001144-00000033-141975514619 - source
- API Call
- relevance
- 6/10
-
Possibly checks for the presence of an Antivirus engine
-
Environment Awareness
-
Possibly tries to implement anti-virtualization techniques
- details
-
"VMware Horizon Client" (Indicator: "vmware")
"vmware-view.exe" (Indicator: "vmware")
"**** Inside UpgradeVMwareHorizonClient" (Indicator: "vmware")
"2017-12-0317:12:10:656 848ad8Report * Computer Model = VirtualBox" (Indicator: "virtualbox")
"2017-12-0317:12:10:671 848ad8Report * Bios Revision = VirtualBox" (Indicator: "virtualbox") - source
- File/Memory
- relevance
- 4/10
-
Reads the cryptographic machine GUID
- details
-
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
"msiexec.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
"FWAInstallMonitor.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
"ModulesUpgradeMgr.exe" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID") - source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Possibly tries to implement anti-virtualization techniques
-
General
-
Found a potential E-Mail address in binary/memory
- details
-
Pattern match: "eepmph@ep.uvux"
Pattern match: "pevxpepe@mee.gwpmfepm.jfxpeueuejpsm4e8me"
Pattern match: "yyxut3@puvsyuufvj5au.j"
Pattern match: "ug@svt7u1e0mp.cc"
Pattern match: "3esvuf@w6vyx4t.vyt"
Pattern match: "kh@j8rjjjhknkkh.9ukk"
Pattern match: "syo@mhg.9b9"
Pattern match: "u3esvuf@w6vyt.vyt"
Pattern match: "uqsvuf@wrvcyt.vwyt"
Pattern match: "av3ytefef@vyt.vyt"
Pattern match: "vdeht@7ehp.eht"
Pattern match: "e0ejm0y.fs@fm.etaet9jmm.ctshcsmt"
Pattern match: "2u@d7i.o"
Pattern match: "a39ptve@th98.t" - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1114 (Show technique in the MITRE ATT&CK™ matrix)
-
Opened the service control manager
- details
-
"FaronicsDeployAgent_Semi-Automatic_1_.exe" called "OpenSCManager" requesting access rights "SC_MANAGER_ALL_ACCESS" (0xf003f)
"FWAInstallMonitor.exe" called "OpenSCManager" requesting access rights "SC_MANAGER_ALL_ACCESS" (0xf003f)
"ModulesUpgradeMgr.exe" called "OpenSCManager" requesting access rights "SC_MANAGER_ALL_ACCESS" (0xf003f)
"ModulesUpgradeMgr.exe" called "OpenSCManager" requesting access rights "0X0" - source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1035 (Show technique in the MITRE ATT&CK™ matrix)
-
Found a potential E-Mail address in binary/memory
-
Installation/Persistance
-
Modifies auto-execute functionality by setting/creating a value in the registry
- details
-
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "SETVAL"; Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE"; Key: "FARONICSOFFLINEINSTALLER"; Value: ""C:\FaronicsDeployAgent_Semi-Automatic_1_.exe" -r") - source
- Registry Access
- relevance
- 8/10
- ATT&CK ID
- T1060 (Show technique in the MITRE ATT&CK™ matrix)
-
Modifies auto-execute functionality by setting/creating a value in the registry
-
Network Related
-
Found potential IP address in binary/memory
- details
-
"19.0.0.160"
Heuristic match: "2017-12-0312:24:15:12917247ecHandlerCBS package identity: Package_for_KB3035126~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:24:16:5821724b68HandlerCBS package identity: Package_for_KB2852386~31bf3856ad364e35~amd64~~6.1.1.3"
Heuristic match: "2017-12-0312:24:19:52017247ecHandlerCBS package identity: Package_for_KB2862152~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:24:21:28517247ecHandlerRequesting post-reboot reporting for package Package_for_KB2862152~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:24:21:28517247ecHandlerCBS package identity: Package_for_KB3156019~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:24:22:45717247ecHandlerRequesting post-reboot reporting for package Package_for_KB3156019~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:24:22:48917247ecHandlerCBS package identity: Package_for_KB2736422~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:24:24:34817247ecHandlerRequesting post-reboot reporting for package Package_for_KB2736422~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:24:24:59817247ecHandlerCBS package identity: Package_for_KB3031432~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:24:36:69217247ecHandlerRequesting post-reboot reporting for package Package_for_KB3031432~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:24:37:33217247ecHandlerCBS package identity: Package_for_KB3004375~31bf3856ad364e35~amd64~~6.1.3.1"
Heuristic match: "2017-12-0312:24:50:61417247ecHandlerRequesting post-reboot reporting for package Package_for_KB3004375~31bf3856ad364e35~amd64~~6.1.3.1."
Heuristic match: "2017-12-0312:24:50:62917247ecHandlerCBS package identity: Package_for_KB2698365~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:24:53:95717247ecHandlerRequesting post-reboot reporting for package Package_for_KB2698365~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:24:53:97317247ecHandlerCBS package identity: Package_for_KB2836943~31bf3856ad364e35~amd64~~6.1.2.0"
Heuristic match: "2017-12-0312:24:57:00417247ecHandlerRequesting post-reboot reporting for package Package_for_KB2836943~31bf3856ad364e35~amd64~~6.1.2.0."
Heuristic match: "2017-12-0312:24:57:02017247ecHandlerCBS package identity: Package_for_KB3045685~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:24:59:23917247ecHandlerRequesting post-reboot reporting for package Package_for_KB3045685~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:24:59:23917247ecHandlerCBS package identity: Package_for_KB2564958~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:25:01:53517247ecHandlerRequesting post-reboot reporting for package Package_for_KB2564958~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:25:01:53517247ecHandlerCBS package identity: Package_for_KB2729094~31bf3856ad364e35~amd64~~6.1.2.0"
Heuristic match: "2017-12-0312:25:03:70717247ecHandlerRequesting post-reboot reporting for package Package_for_KB2729094~31bf3856ad364e35~amd64~~6.1.2.0."
Heuristic match: "2017-12-0312:25:03:98917247ecHandlerCBS package identity: Package_for_KB2973351~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:25:12:58217247ecHandlerRequesting post-reboot reporting for package Package_for_KB2973351~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:25:12:59817247ecHandlerCBS package identity: Package_for_KB2892074~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:25:15:34817247ecHandlerRequesting post-reboot reporting for package Package_for_KB2892074~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:25:15:53517247ecHandlerCBS package identity: Package_for_KB2813430~31bf3856ad364e35~amd64~~6.1.1.4"
Heuristic match: "2017-12-0312:25:21:34817247ecHandlerRequesting post-reboot reporting for package Package_for_KB2813430~31bf3856ad364e35~amd64~~6.1.1.4."
Heuristic match: "2017-12-0312:25:21:36417247ecHandlerCBS package identity: Package_for_KB3108371~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:25:23:84817247ecHandlerRequesting post-reboot reporting for package Package_for_KB3108371~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:25:23:84817247ecHandlerCBS package identity: Package_for_KB3004361~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:25:26:33217247ecHandlerRequesting post-reboot reporting for package Package_for_KB3004361~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:25:26:33217247ecHandlerCBS package identity: Package_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:25:29:31717247ecHandlerRequesting post-reboot reporting for package Package_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:25:29:31717247ecHandlerCBS package identity: Package_for_KB2491683~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:25:31:87917247ecHandlerRequesting post-reboot reporting for package Package_for_KB2491683~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:25:31:87917247ecHandlerCBS package identity: Package_for_KB4040980~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:25:45:52017247ecHandlerRequesting post-reboot reporting for package Package_for_KB4040980~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:25:45:52017247ecHandlerCBS package identity: Package_for_KB4019990~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:25:50:84817247ecHandlerRequesting post-reboot reporting for package Package_for_KB4019990~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:25:50:84817247ecHandlerCBS package identity: Package_for_KB2799926~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:25:54:33217247ecHandlerRequesting post-reboot reporting for package Package_for_KB2799926~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:25:54:33217247ecHandlerCBS package identity: Package_for_KB2506928~31bf3856ad364e35~amd64~~6.1.2.0"
Heuristic match: "2017-12-0312:25:57:98917247ecHandlerRequesting post-reboot reporting for package Package_for_KB2506928~31bf3856ad364e35~amd64~~6.1.2.0."
Heuristic match: "2017-12-0312:25:57:98917247ecHandlerCBS package identity: Package_for_KB3138378~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:26:01:67617247ecHandlerRequesting post-reboot reporting for package Package_for_KB3138378~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:26:02:14517247ecHandlerCBS package identity: Package_for_KB3004375~31bf3856ad364e35~amd64~~6.1.3.1"
Heuristic match: "2017-12-0312:26:06:72317247ecHandlerRequesting post-reboot reporting for package Package_for_KB3004375~31bf3856ad364e35~amd64~~6.1.3.1."
Heuristic match: "2017-12-0312:26:06:73917247ecHandlerCBS package identity: Package_for_KB2705219~31bf3856ad364e35~amd64~~6.1.2.0"
Heuristic match: "2017-12-0312:26:10:98917247ecHandlerRequesting post-reboot reporting for package Package_for_KB2705219~31bf3856ad364e35~amd64~~6.1.2.0."
Heuristic match: "2017-12-0312:26:11:37917247ecHandlerCBS package identity: Package_for_KB2984972~31bf3856ad364e35~amd64~~6.1.1.4"
Heuristic match: "2017-12-0312:26:27:73917247ecHandlerRequesting post-reboot reporting for package Package_for_KB2984972~31bf3856ad364e35~amd64~~6.1.1.4."
Heuristic match: "2017-12-0312:26:27:77017247ecHandlerCBS package identity: Package_for_KB3010788~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:26:33:78517247ecHandlerRequesting post-reboot reporting for package Package_for_KB3010788~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:26:33:78517247ecHandlerCBS package identity: Package_for_KB3140245~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:26:38:89517247ecHandlerRequesting post-reboot reporting for package Package_for_KB3140245~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:26:38:92617247ecHandlerCBS package identity: Package_for_KB2978120~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:26:44:28517247ecHandlerRequesting post-reboot reporting for package Package_for_KB2978120~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:26:44:30117247ecHandlerCBS package identity: Package_for_KB3155178~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:26:49:48917247ecHandlerRequesting post-reboot reporting for package Package_for_KB3155178~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:26:56:27017247ecHandlerCBS package identity: Package_for_KB2992611~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:27:08:16017247ecHandlerRequesting post-reboot reporting for package Package_for_KB2992611~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:27:08:17617247ecHandlerCBS package identity: Package_for_KB3101722~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:27:13:28517247ecHandlerRequesting post-reboot reporting for package Package_for_KB3101722~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:27:13:28517247ecHandlerCBS package identity: Package_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5"
Heuristic match: "2017-12-0312:27:23:06717247ecHandlerRequesting post-reboot reporting for package Package_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5."
Heuristic match: "2017-12-0312:27:23:12917247ecHandlerCBS package identity: Package_for_KB2973112~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:27:32:16017247ecHandlerRequesting post-reboot reporting for package Package_for_KB2973112~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:27:32:17617247ecHandlerCBS package identity: Package_for_KB2552343~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:27:37:02017247ecHandlerRequesting post-reboot reporting for package Package_for_KB2552343~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:27:37:16017247ecHandlerCBS package identity: Package_for_KB2808679~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:27:44:03517247ecHandlerRequesting post-reboot reporting for package Package_for_KB2808679~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:27:44:05117247ecHandlerCBS package identity: Package_for_KB3035132~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:27:48:94217247ecHandlerRequesting post-reboot reporting for package Package_for_KB3035132~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:27:48:94217247ecHandlerCBS package identity: Package_for_KB2761217~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:27:53:09817247ecHandlerRequesting post-reboot reporting for package Package_for_KB2761217~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:27:53:11417247ecHandlerCBS package identity: Package_for_KB2786081~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:27:57:03517247ecHandlerRequesting post-reboot reporting for package Package_for_KB2786081~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:27:57:05117247ecHandlerCBS package identity: Package_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:28:02:17617247ecHandlerRequesting post-reboot reporting for package Package_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:28:02:72317247ecHandlerCBS package identity: Package_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:28:21:36417247ecHandlerRequesting post-reboot reporting for package Package_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:28:21:37917247ecHandlerCBS package identity: Package_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:28:27:23917247ecHandlerRequesting post-reboot reporting for package Package_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:28:27:23917247ecHandlerCBS package identity: Package_for_KB2977292~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:28:33:30117247ecHandlerRequesting post-reboot reporting for package Package_for_KB2977292~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:28:33:31717247ecHandlerCBS package identity: Package_for_KB3037574~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:28:44:64517247ecHandlerRequesting post-reboot reporting for package Package_for_KB3037574~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:28:44:66017247ecHandlerCBS package identity: Package_for_KB3006121~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:28:50:03517247ecHandlerRequesting post-reboot reporting for package Package_for_KB3006121~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:28:50:05117247ecHandlerCBS package identity: Package_for_KB2598845~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:28:55:09817247ecHandlerRequesting post-reboot reporting for package Package_for_KB2598845~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:28:55:11417247ecHandlerCBS package identity: Package_for_KB3092627~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:29:00:81717247ecHandlerRequesting post-reboot reporting for package Package_for_KB3092627~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:29:00:83217247ecHandlerCBS package identity: Package_for_KB2861698~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:29:11:09817247ecHandlerRequesting post-reboot reporting for package Package_for_KB2861698~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:29:11:11417247ecHandlerCBS package identity: Package_for_KB2506014~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:29:20:78517247ecHandlerRequesting post-reboot reporting for package Package_for_KB2506014~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:29:20:78517247ecHandlerCBS package identity: Package_for_KB2727528~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:29:26:33217247ecHandlerRequesting post-reboot reporting for package Package_for_KB2727528~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:29:26:39517247ecHandlerCBS package identity: Package_for_KB2908783~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:29:34:22317247ecHandlerRequesting post-reboot reporting for package Package_for_KB2908783~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:29:34:28517247ecHandlerCBS package identity: Package_for_KB3184143~31bf3856ad364e35~amd64~~6.1.1.4"
Heuristic match: "2017-12-0312:29:43:95717247ecHandlerRequesting post-reboot reporting for package Package_for_KB3184143~31bf3856ad364e35~amd64~~6.1.1.4."
Heuristic match: "2017-12-0312:29:43:95717247ecHandlerCBS package identity: Package_for_KB2706045~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:29:53:45717247ecHandlerRequesting post-reboot reporting for package Package_for_KB2706045~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:29:53:48917247ecHandlerCBS package identity: Package_for_KB3122648~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:30:07:05117247ecHandlerRequesting post-reboot reporting for package Package_for_KB3122648~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:30:07:05117247ecHandlerCBS package identity: Package_for_KB3054476~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:30:16:00417247ecHandlerRequesting post-reboot reporting for package Package_for_KB3054476~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:30:16:00417247ecHandlerCBS package identity: Package_for_KB2621440~31bf3856ad364e35~amd64~~6.1.1.5"
Heuristic match: "2017-12-0312:30:24:67617247ecHandlerRequesting post-reboot reporting for package Package_for_KB2621440~31bf3856ad364e35~amd64~~6.1.1.5."
Heuristic match: "2017-12-0312:30:24:67617247ecHandlerCBS package identity: Package_for_KB3139914~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:30:35:56717247ecHandlerRequesting post-reboot reporting for package Package_for_KB3139914~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:30:35:58217247ecHandlerCBS package identity: Package_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:30:56:20717247ecHandlerRequesting post-reboot reporting for package Package_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:30:56:53517247ecHandlerCBS package identity: Package_for_KB2726535~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:31:24:66017247ecHandlerRequesting post-reboot reporting for package Package_for_KB2726535~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:31:25:23917247ecHandlerCBS package identity: Package_for_KB3011780~31bf3856ad364e35~amd64~~6.1.1.5"
Heuristic match: "2017-12-0312:31:48:84817247ecHandlerRequesting post-reboot reporting for package Package_for_KB3011780~31bf3856ad364e35~amd64~~6.1.1.5."
Heuristic match: "2017-12-0312:31:48:84817247ecHandlerCBS package identity: Package_for_KB3156016~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:31:58:39517247ecHandlerRequesting post-reboot reporting for package Package_for_KB3156016~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:31:58:39517247ecHandlerCBS package identity: Package_for_KB2690533~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:32:07:28517247ecHandlerRequesting post-reboot reporting for package Package_for_KB2690533~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:32:07:34817247ecHandlerCBS package identity: Package_for_KB2685813~31bf3856ad364e35~amd64~~6.1.1.11"
Heuristic match: "2017-12-0312:32:21:02017247ecHandlerRequesting post-reboot reporting for package Package_for_KB2685813~31bf3856ad364e35~amd64~~6.1.1.11."
Heuristic match: "2017-12-0312:32:21:06717247ecHandlerCBS package identity: Package_for_KB2742599~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:32:33:61417247ecHandlerRequesting post-reboot reporting for package Package_for_KB2742599~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:32:33:64517247ecHandlerCBS package identity: Package_for_KB2729452~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:32:46:20717247ecHandlerRequesting post-reboot reporting for package Package_for_KB2729452~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:32:46:22317247ecHandlerCBS package identity: Package_for_KB3109560~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:32:56:33217247ecHandlerRequesting post-reboot reporting for package Package_for_KB3109560~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:32:56:34817247ecHandlerCBS package identity: Package_for_KB2791765~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:33:06:67617247ecHandlerRequesting post-reboot reporting for package Package_for_KB2791765~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:33:06:69217247ecHandlerCBS package identity: Package_for_KB2685939~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:33:15:73917247ecHandlerRequesting post-reboot reporting for package Package_for_KB2685939~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:33:15:77017247ecHandlerCBS package identity: Package_for_KB2579686~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:33:26:72317247ecHandlerRequesting post-reboot reporting for package Package_for_KB2579686~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:33:26:87917247ecHandlerCBS package identity: Package_for_KB2773072~31bf3856ad364e35~amd64~~6.1.1.5"
Heuristic match: "2017-12-0312:33:39:56717247ecHandlerRequesting post-reboot reporting for package Package_for_KB2773072~31bf3856ad364e35~amd64~~6.1.1.5."
Heuristic match: "2017-12-0312:33:39:58217247ecHandlerCBS package identity: Package_for_KB2888049~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:33:50:81717247ecHandlerRequesting post-reboot reporting for package Package_for_KB2888049~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:33:50:83217247ecHandlerCBS package identity: Package_for_KB3161958~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:34:01:42617247ecHandlerRequesting post-reboot reporting for package Package_for_KB3161958~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:34:01:47317247ecHandlerCBS package identity: Package_for_KB3124275~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:34:20:30117247ecHandlerRequesting post-reboot reporting for package Package_for_KB3124275~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:34:20:30117247ecHandlerCBS package identity: Package_for_KB3150220~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:34:33:62917247ecHandlerRequesting post-reboot reporting for package Package_for_KB3150220~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:34:33:64517247ecHandlerCBS package identity: Package_for_KB2911501~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:34:49:66017247ecHandlerRequesting post-reboot reporting for package Package_for_KB2911501~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:34:49:69217247ecHandlerCBS package identity: Package_for_KB2991963~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:35:06:58217247ecHandlerRequesting post-reboot reporting for package Package_for_KB2991963~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:35:06:61417247ecHandlerCBS package identity: Package_for_KB3046017~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:35:23:09817247ecHandlerRequesting post-reboot reporting for package Package_for_KB3046017~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:35:23:14517247ecHandlerCBS package identity: Package_for_KB2604115~31bf3856ad364e35~amd64~~6.1.1.3"
Heuristic match: "2017-12-0312:35:42:47317247ecHandlerRequesting post-reboot reporting for package Package_for_KB2604115~31bf3856ad364e35~amd64~~6.1.1.3."
Heuristic match: "2017-12-0312:35:42:50417247ecHandlerCBS package identity: Package_for_KB2533552~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:35:48:42617247ecHandlerRequesting post-reboot reporting for package Package_for_KB2533552~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:35:49:05117247ecHandlerCBS package identity: Package_for_KB3080149~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:36:21:05117247ecHandlerRequesting post-reboot reporting for package Package_for_KB3080149~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:36:21:09817247ecHandlerCBS package identity: Package_for_KB2732059~31bf3856ad364e35~amd64~~6.1.5.1"
Heuristic match: "2017-12-0312:36:36:45717247ecHandlerRequesting post-reboot reporting for package Package_for_KB2732059~31bf3856ad364e35~amd64~~6.1.5.1."
Heuristic match: "2017-12-0312:36:36:47317247ecHandlerCBS package identity: Package_for_KB3107998~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:36:55:17617247ecHandlerRequesting post-reboot reporting for package Package_for_KB3107998~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:36:55:20717247ecHandlerCBS package identity: Package_for_KB3078601~31bf3856ad364e35~amd64~~6.1.1.5"
Heuristic match: "2017-12-0312:37:16:12917247ecHandlerRequesting post-reboot reporting for package Package_for_KB3078601~31bf3856ad364e35~amd64~~6.1.1.5."
Heuristic match: "2017-12-0312:37:16:48917247ecHandlerCBS package identity: Package_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5"
Heuristic match: "2017-12-0312:37:47:45717247ecHandlerRequesting post-reboot reporting for package Package_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5."
Heuristic match: "2017-12-0312:37:47:48917247ecHandlerCBS package identity: Package_for_KB3179573~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:38:02:20717247ecHandlerRequesting post-reboot reporting for package Package_for_KB3179573~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:38:02:23917247ecHandlerCBS package identity: Package_for_KB2770660~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:38:16:61417247ecHandlerRequesting post-reboot reporting for package Package_for_KB2770660~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:38:16:81717247ecHandlerCBS package identity: Package_for_KB2758857~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:38:40:12917247ecHandlerRequesting post-reboot reporting for package Package_for_KB2758857~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:38:59:66017247ecHandlerCBS package identity: Package_for_KB2509553~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:39:14:66017247ecHandlerRequesting post-reboot reporting for package Package_for_KB2509553~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:39:14:69217247ecHandlerCBS package identity: Package_for_KB3092601~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:39:29:52017247ecHandlerRequesting post-reboot reporting for package Package_for_KB3092601~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:39:29:53517247ecHandlerCBS package identity: Package_for_KB2862335~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:39:44:28517247ecHandlerRequesting post-reboot reporting for package Package_for_KB2862335~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:39:44:31717247ecHandlerCBS package identity: Package_for_KB3138910~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:39:59:03517247ecHandlerRequesting post-reboot reporting for package Package_for_KB3138910~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:39:59:09817247ecHandlerCBS package identity: Package_for_KB2750841~31bf3856ad364e35~amd64~~6.1.1.3"
Heuristic match: "2017-12-0312:40:19:06717247ecHandlerRequesting post-reboot reporting for package Package_for_KB2750841~31bf3856ad364e35~amd64~~6.1.1.3."
Heuristic match: "2017-12-0312:40:19:11417247ecHandlerCBS package identity: Package_for_KB2868038~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:40:33:86417247ecHandlerRequesting post-reboot reporting for package Package_for_KB2868038~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:40:33:92617247ecHandlerCBS package identity: Package_for_KB3108381~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:40:49:33217247ecHandlerRequesting post-reboot reporting for package Package_for_KB3108381~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:40:49:41017247ecHandlerCBS package identity: Package_for_KB3023215~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:41:15:05117247ecHandlerRequesting post-reboot reporting for package Package_for_KB3023215~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:41:15:11417247ecHandlerCBS package identity: Package_for_KB3074543~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:41:37:16017247ecHandlerRequesting post-reboot reporting for package Package_for_KB3074543~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:41:37:19217247ecHandlerCBS package identity: Package_for_KB2864202~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:41:52:61417247ecHandlerRequesting post-reboot reporting for package Package_for_KB2864202~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:41:52:64517247ecHandlerCBS package identity: Package_for_KB3109103~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:42:07:97317247ecHandlerRequesting post-reboot reporting for package Package_for_KB3109103~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:45:04:75417247ecHandlerCBS package identity: Package_for_KB2667402~31bf3856ad364e35~amd64~~6.1.2.0"
Heuristic match: "2017-12-0312:45:25:58217247ecHandlerRequesting post-reboot reporting for package Package_for_KB2667402~31bf3856ad364e35~amd64~~6.1.2.0."
Heuristic match: "2017-12-0312:45:25:62917247ecHandlerCBS package identity: Package_for_KB2807986~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:45:51:41017247ecHandlerRequesting post-reboot reporting for package Package_for_KB2807986~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:45:51:44217247ecHandlerCBS package identity: Package_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:46:25:06717247ecHandlerRequesting post-reboot reporting for package Package_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:46:25:12917247ecHandlerCBS package identity: Package_for_KB3161102~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:46:54:95717247ecHandlerRequesting post-reboot reporting for package Package_for_KB3161102~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:46:54:98917247ecHandlerCBS package identity: Package_for_KB2603229~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:47:12:22317247ecHandlerRequesting post-reboot reporting for package Package_for_KB2603229~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:47:12:27017247ecHandlerCBS package identity: Package_for_KB2719857~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:47:29:33217247ecHandlerRequesting post-reboot reporting for package Package_for_KB2719857~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:47:29:37917247ecHandlerCBS package identity: Package_for_KB3139398~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:47:46:12917247ecHandlerRequesting post-reboot reporting for package Package_for_KB3139398~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:47:46:25417247ecHandlerCBS package identity: Package_for_KB3046269~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:48:07:36417247ecHandlerRequesting post-reboot reporting for package Package_for_KB3046269~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:48:07:36417247ecHandlerCBS package identity: Package_for_KB2834140~31bf3856ad364e35~amd64~~6.1.2.0"
Heuristic match: "2017-12-0312:48:24:66017247ecHandlerRequesting post-reboot reporting for package Package_for_KB2834140~31bf3856ad364e35~amd64~~6.1.2.0."
Heuristic match: "2017-12-0312:48:24:69217247ecHandlerCBS package identity: Package_for_KB2862330~31bf3856ad364e35~amd64~~6.1.2.0"
Heuristic match: "2017-12-0312:48:42:27017247ecHandlerRequesting post-reboot reporting for package Package_for_KB2862330~31bf3856ad364e35~amd64~~6.1.2.0."
Heuristic match: "2017-12-0312:48:42:36417247ecHandlerCBS package identity: Package_for_KB2843630~31bf3856ad364e35~amd64~~6.1.3.1"
Heuristic match: "2017-12-0312:49:06:28517247ecHandlerRequesting post-reboot reporting for package Package_for_KB2843630~31bf3856ad364e35~amd64~~6.1.3.1."
Heuristic match: "2017-12-0312:49:06:31717247ecHandlerCBS package identity: Package_for_KB3076895~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:49:24:08217247ecHandlerRequesting post-reboot reporting for package Package_for_KB3076895~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:49:24:11417247ecHandlerCBS package identity: Package_for_KB2506212~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:49:45:14517247ecHandlerRequesting post-reboot reporting for package Package_for_KB2506212~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:49:45:20717247ecHandlerCBS package identity: Package_for_KB3133977~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:50:07:33217247ecHandlerRequesting post-reboot reporting for package Package_for_KB3133977~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:50:07:50417247ecHandlerCBS package identity: Package_for_KB2893519~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:50:30:09817247ecHandlerRequesting post-reboot reporting for package Package_for_KB2893519~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:50:30:11417247ecHandlerCBS package identity: Package_for_KB3013531~31bf3856ad364e35~amd64~~6.1.2.0"
Heuristic match: "2017-12-0312:50:49:09817247ecHandlerRequesting post-reboot reporting for package Package_for_KB3013531~31bf3856ad364e35~amd64~~6.1.2.0."
Heuristic match: "2017-12-0312:50:49:12917247ecHandlerCBS package identity: Package_for_KB2847927~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:51:10:87917247ecHandlerRequesting post-reboot reporting for package Package_for_KB2847927~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:51:10:91017247ecHandlerCBS package identity: Package_for_KB2853952~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:51:28:14517247ecHandlerRequesting post-reboot reporting for package Package_for_KB2853952~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:51:28:19217247ecHandlerCBS package identity: Package_for_KB3021917~31bf3856ad364e35~amd64~~6.1.1.3"
Heuristic match: "2017-12-0312:51:45:47317247ecHandlerRequesting post-reboot reporting for package Package_for_KB3021917~31bf3856ad364e35~amd64~~6.1.1.3."
Heuristic match: "2017-12-0312:51:45:50417247ecHandlerCBS package identity: Package_for_KB3030377~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:52:02:81717247ecHandlerRequesting post-reboot reporting for package Package_for_KB3030377~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:52:02:84817247ecHandlerCBS package identity: Package_for_KB2973201~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:52:25:86417247ecHandlerRequesting post-reboot reporting for package Package_for_KB2973201~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:52:25:89517247ecHandlerCBS package identity: Package_for_KB2545698~31bf3856ad364e35~amd64~~6.1.1.3"
Heuristic match: "2017-12-0312:52:45:94217247ecHandlerRequesting post-reboot reporting for package Package_for_KB2545698~31bf3856ad364e35~amd64~~6.1.1.3."
Heuristic match: "2017-12-0312:52:46:03517247ecHandlerCBS package identity: Package_for_KB2685811~31bf3856ad364e35~amd64~~6.1.1.11"
Heuristic match: "2017-12-0312:53:12:47317247ecHandlerRequesting post-reboot reporting for package Package_for_KB2685811~31bf3856ad364e35~amd64~~6.1.1.11."
Heuristic match: "2017-12-0312:53:12:55117247ecHandlerCBS package identity: Package_for_KB2966583~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:53:31:61417247ecHandlerRequesting post-reboot reporting for package Package_for_KB2966583~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:53:31:64517247ecHandlerCBS package identity: Package_for_KB2900986~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:53:56:33217247ecHandlerRequesting post-reboot reporting for package Package_for_KB2900986~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:53:56:37917247ecHandlerCBS package identity: Package_for_KB2972100~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:54:20:30117247ecHandlerRequesting post-reboot reporting for package Package_for_KB2972100~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:54:20:33217247ecHandlerCBS package identity: Package_for_KB2800095~31bf3856ad364e35~amd64~~6.1.2.0"
Heuristic match: "2017-12-0312:54:38:42617247ecHandlerRequesting post-reboot reporting for package Package_for_KB2800095~31bf3856ad364e35~amd64~~6.1.2.0."
Heuristic match: "2017-12-0312:54:38:45717247ecHandlerCBS package identity: Package_for_KB3138612~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:54:59:12917247ecHandlerRequesting post-reboot reporting for package Package_for_KB3138612~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:54:59:16017247ecHandlerCBS package identity: Package_for_KB3022777~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:55:21:62917247ecHandlerRequesting post-reboot reporting for package Package_for_KB3022777~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:55:21:66017247ecHandlerCBS package identity: Package_for_KB2660075~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:55:40:55117247ecHandlerRequesting post-reboot reporting for package Package_for_KB2660075~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:55:41:42617247ecHandlerCBS package identity: Package_for_KB3060716~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:56:26:69217247ecHandlerRequesting post-reboot reporting for package Package_for_KB3060716~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:56:26:75417247ecHandlerCBS package identity: Package_for_KB2884256~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:56:45:86417247ecHandlerRequesting post-reboot reporting for package Package_for_KB2884256~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:56:46:11417247ecHandlerCBS package identity: Package_for_KB3003743~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:57:22:50417247ecHandlerRequesting post-reboot reporting for package Package_for_KB3003743~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:57:22:53517247ecHandlerCBS package identity: Package_for_KB3020370~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0312:57:43:55117247ecHandlerRequesting post-reboot reporting for package Package_for_KB3020370~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0312:57:43:61417247ecHandlerCBS package identity: Package_for_KB2972211~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:58:09:67617247ecHandlerRequesting post-reboot reporting for package Package_for_KB2972211~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:58:09:70717247ecHandlerCBS package identity: Package_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:58:27:83217247ecHandlerRequesting post-reboot reporting for package Package_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:58:27:86417247ecHandlerCBS package identity: Package_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:58:50:94217247ecHandlerRequesting post-reboot reporting for package Package_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:58:50:97317247ecHandlerCBS package identity: Package_for_KB2968294~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0312:59:16:16017247ecHandlerRequesting post-reboot reporting for package Package_for_KB2968294~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0312:59:39:98917247ecHandlerCBS package identity: Package_for_KB2919469~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0312:59:59:72317247ecHandlerRequesting post-reboot reporting for package Package_for_KB2919469~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0312:59:59:73917247ecHandlerCBS package identity: Package_for_KB3021674~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0313:00:23:22317247ecHandlerRequesting post-reboot reporting for package Package_for_KB3021674~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0313:00:23:36417247ecHandlerCBS package identity: Package_for_KB2937610~31bf3856ad364e35~amd64~~6.1.1.3"
Heuristic match: "2017-12-0313:02:11:05117247ecHandlerRequesting post-reboot reporting for package Package_for_KB2937610~31bf3856ad364e35~amd64~~6.1.1.3."
Heuristic match: "2017-12-0313:02:11:11417247ecHandlerCBS package identity: Package_for_KB2836942~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:02:48:11417247ecHandlerRequesting post-reboot reporting for package Package_for_KB2836942~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0313:02:48:20717247ecHandlerCBS package identity: Package_for_KB2931356~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:03:27:64517247ecHandlerRequesting post-reboot reporting for package Package_for_KB2931356~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0313:03:27:83217247ecHandlerCBS package identity: Package_for_KB2985461~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:04:02:66017247ecHandlerRequesting post-reboot reporting for package Package_for_KB2985461~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0313:05:41:66017247ecHandlerCBS package identity: Package_for_KB2585542~31bf3856ad364e35~amd64~~6.1.1.3"
Heuristic match: "2017-12-0313:06:52:66017247ecHandlerRequesting post-reboot reporting for package Package_for_KB2585542~31bf3856ad364e35~amd64~~6.1.1.3."
Heuristic match: "2017-12-0313:06:52:69217247ecHandlerCBS package identity: Package_for_KB3170735~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0313:07:37:66017247ecHandlerRequesting post-reboot reporting for package Package_for_KB3170735~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0313:07:37:70717247ecHandlerCBS package identity: Package_for_KB3137061~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:08:22:36417247ecHandlerRequesting post-reboot reporting for package Package_for_KB3137061~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0313:08:22:39517247ecHandlerCBS package identity: Package_for_KB2547666~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:09:03:91017247ecHandlerRequesting post-reboot reporting for package Package_for_KB2547666~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0313:09:03:95717247ecHandlerCBS package identity: Package_for_KB2894844~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0313:09:58:16017247ecHandlerRequesting post-reboot reporting for package Package_for_KB2894844~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0313:09:58:19217247ecHandlerCBS package identity: Package_for_KB3093513~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:10:38:75417247ecHandlerRequesting post-reboot reporting for package Package_for_KB3093513~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0313:10:38:78517247ecHandlerCBS package identity: Package_for_KB2640148~31bf3856ad364e35~amd64~~6.1.2.0"
Heuristic match: "2017-12-0313:11:24:80117247ecHandlerRequesting post-reboot reporting for package Package_for_KB2640148~31bf3856ad364e35~amd64~~6.1.2.0."
Heuristic match: "2017-12-0313:11:24:84817247ecHandlerCBS package identity: Package_for_KB2631813~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0313:12:07:11417247ecHandlerRequesting post-reboot reporting for package Package_for_KB2631813~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0313:12:07:81717247ecHandlerCBS package identity: Package_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:13:29:61417247ecHandlerRequesting post-reboot reporting for package Package_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0313:13:30:27017247ecHandlerCBS package identity: Package_for_KB3075220~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:14:30:09817247ecHandlerRequesting post-reboot reporting for package Package_for_KB3075220~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0313:14:30:16017247ecHandlerCBS package identity: Package_for_KB2840631~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:15:20:87917247ecHandlerRequesting post-reboot reporting for package Package_for_KB2840631~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0313:15:21:55117247ecHandlerCBS package identity: Package_for_KB3071756~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0313:16:50:05117247ecHandlerRequesting post-reboot reporting for package Package_for_KB3071756~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0313:16:50:12917247ecHandlerCBS package identity: Package_for_KB4019990~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0313:17:07:69217247ecHandlerRequesting post-reboot reporting for package Package_for_KB4019990~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0313:17:07:70717247ecHandlerCBS package identity: Package_for_KB4040980~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:17:28:42617247ecHandlerRequesting post-reboot reporting for package Package_for_KB4040980~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0313:17:28:48917247ecHandlerCBS package identity: Package_for_KB2479943~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:18:12:64517247ecHandlerRequesting post-reboot reporting for package Package_for_KB2479943~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0313:40:27:80117247ecHandlerCBS package identity: Package_for_KB2763523~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0313:41:26:80117247ecHandlerRequesting post-reboot reporting for package Package_for_KB2763523~31bf3856ad364e35~amd64~~6.1.1.1."
Heuristic match: "2017-12-0313:41:26:87917247ecHandlerCBS package identity: Package_for_KB2620704~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:42:20:14517247ecHandlerRequesting post-reboot reporting for package Package_for_KB2620704~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0313:42:52:55117247ecHandlerCBS package identity: Package_for_KB3072305~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0313:44:09:23917247ecHandlerRequesting post-reboot reporting for package Package_for_KB3072305~31bf3856ad364e35~amd64~~6.1.1.2."
Heuristic match: "2017-12-0313:44:09:28517247ecHandlerCBS package identity: Package_for_KB2552343~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:44:40:75417247ecHandlerRequesting post-reboot reporting for package Package_for_KB2552343~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0313:44:40:84817247ecHandlerCBS package identity: Package_for_KB2918077~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:45:35:34817247ecHandlerRequesting post-reboot reporting for package Package_for_KB2918077~31bf3856ad364e35~amd64~~6.1.1.0."
Heuristic match: "2017-12-0313:45:35:37917247ecHandlerCBS package identity: Package_for_KB3115858~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:52:08:52017247ecHandlerCBS package identity: Package_for_KB2560656~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0313:52:22:6601724b48HandlerCBS package identity: Package_for_KB3084135~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:52:37:55117247ecHandlerCBS package identity: Package_for_KB2891804~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0313:52:56:09817247ecHandlerCBS package identity: Package_for_KB2789645~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:53:18:8481724310HandlerCBS package identity: Package_for_KB2563227~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:53:38:17617247ecHandlerCBS package identity: Package_for_KB3019978~31bf3856ad364e35~amd64~~6.1.1.2"
Heuristic match: "2017-12-0313:53:54:4101724310HandlerCBS package identity: Package_for_KB3147071~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0313:54:15:5201724310HandlerCBS package identity: Package_for_KB3055642~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:57:35:4731724310HandlerCBS package identity: Package_for_KB2978742~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:57:51:8951724310HandlerCBS package identity: Package_for_KB3086255~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:58:08:25417248e0HandlerCBS package identity: Package_for_KB3067903~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:58:24:45717248e0HandlerCBS package identity: Package_for_KB3006137~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:58:42:52017248e0HandlerCBS package identity: Package_for_KB3127220~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:58:59:64517248e0HandlerCBS package identity: Package_for_KB3108664~31bf3856ad364e35~amd64~~6.1.1.0"
Heuristic match: "2017-12-0313:59:17:3321724900HandlerCBS package identity: Package_for_KB2656356~31bf3856ad364e35~amd64~~6.1.1.1"
Heuristic match: "2017-12-0317:12:30:640 848648HandlerPost-reboot status for package Package_for_KB2862152~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:12:31:281 848648HandlerPost-reboot status for package Package_for_KB3156019~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:12:31:984 848648HandlerPost-reboot status for package Package_for_KB2736422~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:32:343 848648HandlerPost-reboot status for package Package_for_KB3031432~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:32:375 848648HandlerPost-reboot status for package Package_for_KB3004375~31bf3856ad364e35~amd64~~6.1.3.1: 0x00000000."
Heuristic match: "2017-12-0317:12:33:281 848648HandlerPost-reboot status for package Package_for_KB2698365~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:12:34:140 848648HandlerPost-reboot status for package Package_for_KB2836943~31bf3856ad364e35~amd64~~6.1.2.0: 0x00000000."
Heuristic match: "2017-12-0317:12:35:265 848648HandlerPost-reboot status for package Package_for_KB3045685~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:36:125 848648HandlerPost-reboot status for package Package_for_KB2564958~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:12:36:687 848648HandlerPost-reboot status for package Package_for_KB2729094~31bf3856ad364e35~amd64~~6.1.2.0: 0x00000000."
Heuristic match: "2017-12-0317:12:37:875 848648HandlerPost-reboot status for package Package_for_KB2973351~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:12:38:921 848648HandlerPost-reboot status for package Package_for_KB2892074~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:39:562 848648HandlerPost-reboot status for package Package_for_KB2813430~31bf3856ad364e35~amd64~~6.1.1.4: 0x00000000."
Heuristic match: "2017-12-0317:12:40:203 848648HandlerPost-reboot status for package Package_for_KB3108371~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:41:000 848648HandlerPost-reboot status for package Package_for_KB3004361~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:41:609 848648HandlerPost-reboot status for package Package_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:42:781 848648HandlerPost-reboot status for package Package_for_KB2491683~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:12:43:484 848648HandlerPost-reboot status for package Package_for_KB4040980~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:44:359 848648HandlerPost-reboot status for package Package_for_KB4019990~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:12:45:281 848648HandlerPost-reboot status for package Package_for_KB2799926~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:46:218 848648HandlerPost-reboot status for package Package_for_KB2506928~31bf3856ad364e35~amd64~~6.1.2.0: 0x00000000."
Heuristic match: "2017-12-0317:12:46:812 848648HandlerPost-reboot status for package Package_for_KB3138378~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:47:250 848648HandlerPost-reboot status for package Package_for_KB3004375~31bf3856ad364e35~amd64~~6.1.3.1: 0x00000000."
Heuristic match: "2017-12-0317:12:47:687 848648HandlerPost-reboot status for package Package_for_KB2705219~31bf3856ad364e35~amd64~~6.1.2.0: 0x00000000."
Heuristic match: "2017-12-0317:12:48:562 848648HandlerPost-reboot status for package Package_for_KB2984972~31bf3856ad364e35~amd64~~6.1.1.4: 0x00000000."
Heuristic match: "2017-12-0317:12:49:000 848648HandlerPost-reboot status for package Package_for_KB3010788~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:12:49:156 848648HandlerPost-reboot status for package Package_for_KB3140245~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:50:015 848648HandlerPost-reboot status for package Package_for_KB2978120~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:50:484 848648HandlerPost-reboot status for package Package_for_KB3155178~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:51:031 848648HandlerPost-reboot status for package Package_for_KB2992611~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:51:531 848648HandlerPost-reboot status for package Package_for_KB3101722~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:52:062 848648HandlerPost-reboot status for package Package_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5: 0x00000000."
Heuristic match: "2017-12-0317:12:53:328 848648HandlerPost-reboot status for package Package_for_KB2973112~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:53:343 848648HandlerPost-reboot status for package Package_for_KB2552343~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:54:203 848648HandlerPost-reboot status for package Package_for_KB2808679~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:12:54:671 848648HandlerPost-reboot status for package Package_for_KB3035132~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:55:328 848648HandlerPost-reboot status for package Package_for_KB2761217~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:55:828 848648HandlerPost-reboot status for package Package_for_KB2786081~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:57:328 848648HandlerPost-reboot status for package Package_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:12:57:671 848648HandlerPost-reboot status for package Package_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:12:58:296 848648HandlerPost-reboot status for package Package_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:12:59:296 848648HandlerPost-reboot status for package Package_for_KB2977292~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:00:218 848648HandlerPost-reboot status for package Package_for_KB3037574~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:00:968 848648HandlerPost-reboot status for package Package_for_KB3006121~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:01:875 848648HandlerPost-reboot status for package Package_for_KB2598845~31bf3856ad364e35~amd64~~6.1.1.0: 0x80242016."
Heuristic match: "2017-12-0317:13:03:031 848648HandlerPost-reboot status for package Package_for_KB3092627~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:03:046 848648HandlerPost-reboot status for package Package_for_KB2861698~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:03:750 848648HandlerPost-reboot status for package Package_for_KB2506014~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:04:671 848648HandlerPost-reboot status for package Package_for_KB2727528~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:05:781 848648HandlerPost-reboot status for package Package_for_KB2908783~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:06:234 848648HandlerPost-reboot status for package Package_for_KB3184143~31bf3856ad364e35~amd64~~6.1.1.4: 0x00000000."
Heuristic match: "2017-12-0317:13:06:234 848648HandlerPost-reboot status for package Package_for_KB2706045~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:06:250 848648HandlerPost-reboot status for package Package_for_KB3122648~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:06:265 848648HandlerPost-reboot status for package Package_for_KB3054476~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:06:265 848648HandlerPost-reboot status for package Package_for_KB2621440~31bf3856ad364e35~amd64~~6.1.1.5: 0x00000000."
Heuristic match: "2017-12-0317:13:06:281 848648HandlerPost-reboot status for package Package_for_KB3139914~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:06:281 848648HandlerPost-reboot status for package Package_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:06:296 848648HandlerPost-reboot status for package Package_for_KB2726535~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:06:296 848648HandlerPost-reboot status for package Package_for_KB3011780~31bf3856ad364e35~amd64~~6.1.1.5: 0x00000000."
Heuristic match: "2017-12-0317:13:06:312 848648HandlerPost-reboot status for package Package_for_KB3156016~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:06:312 848648HandlerPost-reboot status for package Package_for_KB2690533~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:06:328 848648HandlerPost-reboot status for package Package_for_KB2685813~31bf3856ad364e35~amd64~~6.1.1.11: 0x00000000."
Heuristic match: "2017-12-0317:13:06:343 848648HandlerPost-reboot status for package Package_for_KB2742599~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:06:343 848648HandlerPost-reboot status for package Package_for_KB2729452~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:06:359 848648HandlerPost-reboot status for package Package_for_KB3109560~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:07:281 848648HandlerPost-reboot status for package Package_for_KB2791765~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:07:875 848648HandlerPost-reboot status for package Package_for_KB2685939~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:08:796 848648HandlerPost-reboot status for package Package_for_KB2579686~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:09:390 848648HandlerPost-reboot status for package Package_for_KB2773072~31bf3856ad364e35~amd64~~6.1.1.5: 0x00000000."
Heuristic match: "2017-12-0317:13:09:921 848648HandlerPost-reboot status for package Package_for_KB2888049~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:10:093 848648HandlerPost-reboot status for package Package_for_KB3161958~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:10:125 848648HandlerPost-reboot status for package Package_for_KB3124275~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:10:140 848648HandlerPost-reboot status for package Package_for_KB3150220~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:10:140 848648HandlerPost-reboot status for package Package_for_KB2911501~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:10:156 848648HandlerPost-reboot status for package Package_for_KB2991963~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:10:156 848648HandlerPost-reboot status for package Package_for_KB3046017~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:10:171 848648HandlerPost-reboot status for package Package_for_KB2604115~31bf3856ad364e35~amd64~~6.1.1.3: 0x00000000."
Heuristic match: "2017-12-0317:13:10:171 848648HandlerPost-reboot status for package Package_for_KB2533552~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:10:187 848648HandlerPost-reboot status for package Package_for_KB3080149~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:10:203 848648HandlerPost-reboot status for package Package_for_KB2732059~31bf3856ad364e35~amd64~~6.1.5.1: 0x00000000."
Heuristic match: "2017-12-0317:13:10:203 848648HandlerPost-reboot status for package Package_for_KB3107998~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:10:203 848648HandlerPost-reboot status for package Package_for_KB3078601~31bf3856ad364e35~amd64~~6.1.1.5: 0x00000000."
Heuristic match: "2017-12-0317:13:10:218 848648HandlerPost-reboot status for package Package_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5: 0x00000000."
Heuristic match: "2017-12-0317:13:10:218 848648HandlerPost-reboot status for package Package_for_KB3179573~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:10:234 848648HandlerPost-reboot status for package Package_for_KB2770660~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:10:250 848648HandlerPost-reboot status for package Package_for_KB2758857~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:10:265 848648HandlerPost-reboot status for package Package_for_KB2509553~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:10:265 848648HandlerPost-reboot status for package Package_for_KB3092601~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:10:265 848648HandlerPost-reboot status for package Package_for_KB2862335~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:10:281 848648HandlerPost-reboot status for package Package_for_KB3138910~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:10:281 848648HandlerPost-reboot status for package Package_for_KB2750841~31bf3856ad364e35~amd64~~6.1.1.3: 0x00000000."
Heuristic match: "2017-12-0317:13:10:312 848648HandlerPost-reboot status for package Package_for_KB2868038~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:10:421 848648HandlerPost-reboot status for package Package_for_KB3108381~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:10:593 848648HandlerPost-reboot status for package Package_for_KB3023215~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:10:828 848648HandlerPost-reboot status for package Package_for_KB3074543~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:031 848648HandlerPost-reboot status for package Package_for_KB2864202~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:203 848648HandlerPost-reboot status for package Package_for_KB3109103~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:218 848648HandlerPost-reboot status for package Package_for_KB2667402~31bf3856ad364e35~amd64~~6.1.2.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:250 848648HandlerPost-reboot status for package Package_for_KB2807986~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:11:250 848648HandlerPost-reboot status for package Package_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:390 848648HandlerPost-reboot status for package Package_for_KB3161102~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:11:406 848648HandlerPost-reboot status for package Package_for_KB2603229~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:421 848648HandlerPost-reboot status for package Package_for_KB2719857~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:11:437 848648HandlerPost-reboot status for package Package_for_KB3139398~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:11:437 848648HandlerPost-reboot status for package Package_for_KB3046269~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:453 848648HandlerPost-reboot status for package Package_for_KB2834140~31bf3856ad364e35~amd64~~6.1.2.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:453 848648HandlerPost-reboot status for package Package_for_KB2862330~31bf3856ad364e35~amd64~~6.1.2.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:468 848648HandlerPost-reboot status for package Package_for_KB2843630~31bf3856ad364e35~amd64~~6.1.3.1: 0x00000000."
Heuristic match: "2017-12-0317:13:11:468 848648HandlerPost-reboot status for package Package_for_KB3076895~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:11:500 848648HandlerPost-reboot status for package Package_for_KB2506212~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:11:500 848648HandlerPost-reboot status for package Package_for_KB3133977~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:11:531 848648HandlerPost-reboot status for package Package_for_KB2893519~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:546 848648HandlerPost-reboot status for package Package_for_KB3013531~31bf3856ad364e35~amd64~~6.1.2.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:546 848648HandlerPost-reboot status for package Package_for_KB2847927~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:11:546 848648HandlerPost-reboot status for package Package_for_KB2853952~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:11:562 848648HandlerPost-reboot status for package Package_for_KB3021917~31bf3856ad364e35~amd64~~6.1.1.3: 0x00000000."
Heuristic match: "2017-12-0317:13:11:562 848648HandlerPost-reboot status for package Package_for_KB3030377~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:11:578 848648HandlerPost-reboot status for package Package_for_KB2973201~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:11:578 848648HandlerPost-reboot status for package Package_for_KB2545698~31bf3856ad364e35~amd64~~6.1.1.3: 0x00000000."
Heuristic match: "2017-12-0317:13:11:593 848648HandlerPost-reboot status for package Package_for_KB2685811~31bf3856ad364e35~amd64~~6.1.1.11: 0x00000000."
Heuristic match: "2017-12-0317:13:11:593 848648HandlerPost-reboot status for package Package_for_KB2966583~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:11:609 848648HandlerPost-reboot status for package Package_for_KB2900986~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:11:609 848648HandlerPost-reboot status for package Package_for_KB2972100~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:625 848648HandlerPost-reboot status for package Package_for_KB2800095~31bf3856ad364e35~amd64~~6.1.2.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:625 848648HandlerPost-reboot status for package Package_for_KB3138612~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:11:640 848648HandlerPost-reboot status for package Package_for_KB3022777~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:640 848648HandlerPost-reboot status for package Package_for_KB2660075~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:656 848648HandlerPost-reboot status for package Package_for_KB3060716~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:671 848648HandlerPost-reboot status for package Package_for_KB2884256~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:11:671 848648HandlerPost-reboot status for package Package_for_KB3003743~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:11:687 848648HandlerPost-reboot status for package Package_for_KB3020370~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:11:687 848648HandlerPost-reboot status for package Package_for_KB2972211~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:703 848648HandlerPost-reboot status for package Package_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:11:703 848648HandlerPost-reboot status for package Package_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:703 848648HandlerPost-reboot status for package Package_for_KB2968294~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:11:718 848648HandlerPost-reboot status for package Package_for_KB2919469~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:718 848648HandlerPost-reboot status for package Package_for_KB3021674~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:11:734 848648HandlerPost-reboot status for package Package_for_KB2937610~31bf3856ad364e35~amd64~~6.1.1.3: 0x00000000."
Heuristic match: "2017-12-0317:13:11:734 848648HandlerPost-reboot status for package Package_for_KB2836942~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:750 848648HandlerPost-reboot status for package Package_for_KB2931356~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:750 848648HandlerPost-reboot status for package Package_for_KB2985461~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:812 848648HandlerPost-reboot status for package Package_for_KB2585542~31bf3856ad364e35~amd64~~6.1.1.3: 0x00000000."
Heuristic match: "2017-12-0317:13:11:812 848648HandlerPost-reboot status for package Package_for_KB3170735~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:11:812 848648HandlerPost-reboot status for package Package_for_KB3137061~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:828 848648HandlerPost-reboot status for package Package_for_KB2547666~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:828 848648HandlerPost-reboot status for package Package_for_KB2894844~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:11:843 848648HandlerPost-reboot status for package Package_for_KB3093513~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:843 848648HandlerPost-reboot status for package Package_for_KB2640148~31bf3856ad364e35~amd64~~6.1.2.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:859 848648HandlerPost-reboot status for package Package_for_KB2631813~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:11:859 848648HandlerPost-reboot status for package Package_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:859 848648HandlerPost-reboot status for package Package_for_KB3075220~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:875 848648HandlerPost-reboot status for package Package_for_KB2840631~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:875 848648HandlerPost-reboot status for package Package_for_KB3071756~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:11:875 848648HandlerPost-reboot status for package Package_for_KB4019990~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:11:875 848648HandlerPost-reboot status for package Package_for_KB4040980~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:890 848648HandlerPost-reboot status for package Package_for_KB2479943~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:890 848648HandlerPost-reboot status for package Package_for_KB2763523~31bf3856ad364e35~amd64~~6.1.1.1: 0x00000000."
Heuristic match: "2017-12-0317:13:11:890 848648HandlerPost-reboot status for package Package_for_KB2620704~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:906 848648HandlerPost-reboot status for package Package_for_KB3072305~31bf3856ad364e35~amd64~~6.1.1.2: 0x00000000."
Heuristic match: "2017-12-0317:13:11:906 848648HandlerPost-reboot status for package Package_for_KB2552343~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:11:906 848648HandlerPost-reboot status for package Package_for_KB2918077~31bf3856ad364e35~amd64~~6.1.1.0: 0x00000000."
Heuristic match: "2017-12-0317:13:31:64018565b8HandlerCBS package identity: Package_for_KB3177467~31bf3856ad364e35~amd64~~6.1.1.1" - source
- File/Memory
- relevance
- 3/10
-
Sends traffic on typical HTTP outbound port, but without HTTP header
- details
- TCP traffic to 52.41.91.1 on port 443 is sent without HTTP header
- source
- Network Traffic
- relevance
- 5/10
-
Found potential IP address in binary/memory
-
Remote Access Related
-
Contains a remote desktop related string
- details
-
"winvnc.exe" (Indicator for product: Generic VNC)
"uvnc_service" (Indicator for product: Generic VNC) - source
- File/Memory
- relevance
- 10/10
-
Contains indicators of bot communication commands
- details
-
"CustomUninstall CIdentifyProduct::GetProductInfoFromUninstallKey Products DisplayName=%s DisplayVersion=%s UninstallCmd=%s" (Indicator: "cmd=")
"New CIdentifyProduct::GetProductInfoFromUninstallKey Products DisplayName=%s ProductId=%d UninstallCmd=%s" (Indicator: "cmd=") - source
- File/Memory
- relevance
- 10/10
- ATT&CK ID
- T1094 (Show technique in the MITRE ATT&CK™ matrix)
-
Contains references to WMI/WMIC
- details
-
"On Error Resume Next
Set objWMIService = GetObject("winmgmts:\\.\root\faronics")
Set objService = GetObject("winmgmts:\\.\root\cimv2")
strWMIQuery = "Select * from Win32_Service Where Nam" (Indicator: "root\cimv2"), "Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
Set colServiceList = objWMIService.ExecQuery _
("Select * from Win32_Service where Name='FWUSvc'")
For each objService in colServiceList
errReturn = objSe" (Indicator: "root\cimv2"), "End IfSet objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")" (Indicator: "root\cimv2") - source
- File/Memory
- relevance
- 10/10
- ATT&CK ID
- T1047 (Show technique in the MITRE ATT&CK™ matrix)
-
Contains a remote desktop related string
-
System Destruction
-
Opens file with deletion access rights
- details
-
"FWAInstallMonitor.exe" opened "%ALLUSERSPROFILE%\FWACleanupScheduler.bat" with delete access
"FWAInstallMonitor.exe" opened "%ALLUSERSPROFILE%\MsiZap.exe" with delete access
"FWAInstallMonitor.exe" opened "%ALLUSERSPROFILE%\FWAInstallMonitor.exe" with delete access
"FWAInstallMonitor.exe" opened "%TEMP%\FaronicsCloudAgent.msi" with delete access - source
- API Call
- relevance
- 7/10
-
Opens file with deletion access rights
-
System Security
-
Has the capability to lower Firefox security settings
- details
- "user_pref("app.update.auto", false);user_pref("app.update.enabled", false);" (Indicator: "user_pref("app.update.auto",false);"; File: "259499016e93ddb3a785c34187f0bf0df5a5f808cf1b94ac851f38e019ed10bd.bin")
- source
- File/Memory
- relevance
- 10/10
- ATT&CK ID
- T1112 (Show technique in the MITRE ATT&CK™ matrix)
-
Modifies Software Policy Settings
- details
-
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CRLS")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CTLS")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CRLS")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CTLS")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CRLS")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CTLS")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\TRUSTEDPEOPLE")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\TRUSTEDPEOPLE\CERTIFICATES")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\TRUSTEDPEOPLE\CRLS") - source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1112 (Show technique in the MITRE ATT&CK™ matrix)
-
Has the capability to lower Firefox security settings
-
Unusual Characteristics
-
Installs hooks/patches the running process
- details
-
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote bytes "68130000" to virtual address "0x770E1680" (part of module "WS2_32.DLL")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote bytes "d83a5975" to virtual address "0x755A01E0" (part of module "SSPICLI.DLL")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote bytes "b4365975" to virtual address "0x755A025C" (part of module "SSPICLI.DLL")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote bytes "b4365975" to virtual address "0x755A0278" (part of module "SSPICLI.DLL")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote bytes "b4365975" to virtual address "0x755A01E4" (part of module "SSPICLI.DLL")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote bytes "d83a5975" to virtual address "0x755A0258" (part of module "SSPICLI.DLL")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote bytes "d83a5975" to virtual address "0x755A0274" (part of module "SSPICLI.DLL")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote bytes "b4360200" to virtual address "0x75594D68" (part of module "SSPICLI.DLL")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote bytes "7111b0007a3baf00ab8b02007f950200fc8c0200729602006cc805001ecdac007d26ac00" to virtual address "0x772507E4" (part of module "USER32.DLL")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote bytes "b840132074ffe0" to virtual address "0x75593AD8" (part of module "SSPICLI.DLL")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote bytes "d83a0200" to virtual address "0x75594E38" (part of module "SSPICLI.DLL")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote bytes "60122074" to virtual address "0x74154028" (part of module "WEBIO.DLL")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote bytes "c0dfcf771cf9ce77ccf8ce770d64d07700000000c0115e7700000000fc3e5e7700000000e0135e77000000009457897725e0cf77c6e0cf7700000000bc6a887700000000cf315e770000000093198977000000002c325e7700000000" to virtual address "0x76D41000" (part of module "NSI.DLL")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote bytes "b4365975" to virtual address "0x755A0200" (part of module "SSPICLI.DLL")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote bytes "b4360200" to virtual address "0x75594EA4" (part of module "SSPICLI.DLL")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote bytes "b8c0152074ffe0" to virtual address "0x755936B4" (part of module "SSPICLI.DLL")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote bytes "d83a0200" to virtual address "0x75594D78" (part of module "SSPICLI.DLL")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote bytes "b830122074ffe0" to virtual address "0x770E1368" (part of module "WS2_32.DLL")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" wrote bytes "d83a5975" to virtual address "0x755A01FC" (part of module "SSPICLI.DLL")
"msiexec.exe" wrote bytes "7111b0007a3baf00ab8b02007f950200fc8c0200729602006cc805001ecdac007d26ac00" to virtual address "0x772507E4" (part of module "USER32.DLL") - source
- Hook Detection
- relevance
- 10/10
- ATT&CK ID
- T1179 (Show technique in the MITRE ATT&CK™ matrix)
-
Reads information about supported languages
- details
- "FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\LOCALE"; Key: "00000409")
- source
- Registry Access
- relevance
- 3/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Installs hooks/patches the running process
-
Hiding 10 Suspicious Indicators
- All indicators are available only in the private webservice or standalone version
-
Informative 25
-
Environment Awareness
-
Queries volume information
- details
- "msiexec.exe" queries volume information of "C:\" at 00021482-00003432-00000046-30779620666
- source
- API Call
- relevance
- 2/10
- ATT&CK ID
- T1120 (Show technique in the MITRE ATT&CK™ matrix)
-
Queries volume information of an entire harddrive
- details
- "msiexec.exe" queries volume information of "C:\" at 00021482-00003432-00000046-30779620666
- source
- API Call
- relevance
- 8/10
- ATT&CK ID
- T1120 (Show technique in the MITRE ATT&CK™ matrix)
-
Reads the registry for installed applications
- details
-
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADDRESSBOOK")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADOBE AIR")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADOBE AIR"; Key: "DISPLAYNAME"; Value: "000000000100000014000000410064006F006200650020004100490052000000")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADOBE FLASH PLAYER ACTIVEX")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADOBE FLASH PLAYER ACTIVEX"; Key: "DISPLAYNAME"; Value: "00000000010000003C000000410064006F0062006500200046006C00610073006800200050006C006100790065007200200032003700200041006300740069007600650058000000")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADOBE SHOCKWAVE PLAYER")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ADOBE SHOCKWAVE PLAYER"; Key: "DISPLAYNAME"; Value: "000000000100000038000000410064006F00620065002000530068006F0063006B007700610076006500200050006C0061007900650072002000310032002E0033000000")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AUTOITV3")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AUTOITV3"; Key: "DISPLAYNAME"; Value: "0000000001000000220000004100750074006F00490074002000760033002E0033002E00310034002E0032000000")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CONNECTION MANAGER")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DIRECTDRAWEX")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FONTCORE")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IE40")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IE4DATA")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IE5BAKEX")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IEDATA")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IEDATA0")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IEDATA1")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IEDATA10") - source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Queries volume information
-
External Systems
-
Sample was identified as clean by Antivirus engines
- details
- 0/69 Antivirus vendors marked sample as malicious (0% detection rate)
- source
- External System
- relevance
- 10/10
-
Sample was identified as clean by Antivirus engines
-
General
-
Accesses Software Policy Settings
- details
-
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CRLS"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CTLS"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CRLS"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CTLS"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CRLS"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CTLS"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\TRUSTEDPEOPLE"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\TRUSTEDPEOPLE\CERTIFICATES"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\POLICIES\MICROSOFT\SYSTEMCERTIFICATES\TRUSTEDPEOPLE\CRLS"; Key: "") - source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Accesses System Certificates Settings
- details
-
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\MY"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\104C63D2546B8021DD105E9FBA5A8D78169F6B32"; Key: "BLOB")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\1FB86B1168EC743154062E8C9CC5B171A4B7CCB4"; Key: "BLOB")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\247106A405B288A46E70A0262717162D0903E734"; Key: "BLOB")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\27AC9369FAF25207BB2627CEFACCBE4EF9C319B8"; Key: "BLOB")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\339CDD57CFD5B141169B615FF31428782D1DA639"; Key: "BLOB")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\5AEAEE3F7F2A9449CEBAFEEC68FDD184F20124A7"; Key: "BLOB")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\902EF2DEEB3C5B13EA4C3D5193629309E231AE55"; Key: "BLOB")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\C86EDBC71AB05078F61ACDF3D8DC5DB61EB75FB6"; Key: "BLOB")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\E3FC0AD84F2F5A83ED6F86F567F8B14B40DCBF12"; Key: "BLOB")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\EAB040689A0D805B5D6FD654FC168CFF00B78BE3"; Key: "BLOB")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\F5AD0BCC1AD56CD150725B1C866C30AD92EF21B0"; Key: "BLOB")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CERTIFICATES\FF67367C5CD4DE4AE18BCCE1D70FDABD7C866135"; Key: "BLOB")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CRLS"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKCU\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\CA\CTLS"; Key: "")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Path: "HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\CA"; Key: "") - source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1112 (Show technique in the MITRE ATT&CK™ matrix)
-
Contacts domains
- details
-
"deploy.faronics.com"
"nv0mddxkh7.execute-api.us-west-2.amazonaws.com" - source
- Network Traffic
- relevance
- 1/10
-
Contacts server
- details
- "52.41.91.1:443"
- source
- Network Traffic
- relevance
- 1/10
-
Contains PDB pathways
- details
-
"D:\Faronics\morocco\Faronics_Hg\CLOUD\Faronics-Deploy_CloudAgent\Source\bin\Release\FaronicsDeployAgent\Win32\FaronicsDeployAgent.pdb"
"%USERPROFILE%\Desktop\FilesUnlocker\Release\FilesUnlocker.pdb"
"D:\__FARONICS_DEPLOY__\Workstation-Side\DeployAgentBuild\SoftwareUpdater\bin\Release\SoftwareUpdater\Win32\SoftwareUpdater.pdb"
"X"LT "p"T\p"P"RSDSjB![]WC:\CodeBases\isdev\Redist\Language Independent\x64\ISBEW64.pdbh@H@h8 H8@`pHH`@p @pH8pH8@(0H@pH(@8((H@pH(@P0xX P@@`8pxX p@xX @X @ @H` @@ @0H @@` x@8Px@(@P@(@@p@xP@@pHP @ h@H` @@@(@@pPxP@BP0", "NS(u0Faronics StorageSpace [1Y%0Installed version of Deep Freeze is not compatible with Faronics StorageSpace.The Faronics Cloud Agent cannot be uninstalled until all other Faronics products have been uninstalled.Faronics StorageSpace installation failed. Please ensure you have {0}MB of defragmented hard disk space available.Faronics StorageSpace installation failed. StorageSpace drive is not available.Faronics StorageSpace installation failed.La version Deep Freeze installe n'est pas compatible avec Faronics StorageSpace.Faronics Cloud Agent ne peut pas tre dsinstall tant que les autres produits Faronics n'ont pas t dsinstalls.chec de l'installation de Faronics StorageSpace. Assurez-vous d'avoir {0}Mo d'espace dfragment disponible sur le disque dur.chec de l'installation de Faronics StorageSpace. Le lecteur StorageSpace n est pas disponible.chec de l'installation de Faronics StorageSpace.Die installierte Version von Deep Freeze ist nicht mit Faronics StorageSpace kompatibel.Der Faronics Cloud Agent kann erst deinstalliert werden
nachdem alle anderen Faronics Produkte deinstalliert wurden.Die Installation von Faronics StorageSpace ist fehlgeschlagen. Stellen Sie bitte sicher
das {0}MB defragmentierter Festplattenspeicher zur Verfgung stehen.Die Installation von Faronics StorageSpace ist fehlgeschlagen. Das StorageSpace-Laufwerk ist nicht verfgbar.Die Installation von Faronics StorageSpace ist fehlgeschlagen.000000U00_0Deep Freezen000000o0Faronics StorageSpacek0[_W0f0D0~0[000Faronics Cloud Agent o00]0n0NY0y0f0n0FaronicsT0000000Y00~0g0000000g0M0~0[000Faronics StorageSpace0000000g0M0~0[00g0W0_00eGrSU00f0D0j0D00000000n0zzM0[L0{0}MBB00S0h00xW0f0O0`0U0D00Faronics StorageSpace n0000000k01YWeW0~0W0_00StorageSpace 0000o0O(ug0M0~0[000Faronics StorageSpace0000000g0M0~0[00g0W0_00La versin instalada de Deep Freeze no es compatible con Faronics StorageSpace.El Faronics Cloud Agent no se puede desinstalar hasta que no se hayan desinstalado todos los dems productos Faronics.Error al instalar Faronics StorageSpace. Asegrese de contar con {0}MB de espacio desfragmentado disponible en el disco rgido.No se pudo instalar Faronics StorageSpace. La unidad StorageSpace no est disponible.Error al instalar Faronics StorageSpace.A verso instalada do Deep Freeze no compatvel com o Faronics StorageSpace.O Faronics Cloud Agent no pode ser desinstalado at que todos os outros produtos Faronics tenha sido desinstalados.A instalao do Faronics StorageSpace falhou. Certifique-se de que possui {0}MB de espao disponvel em disco desfragmentado.A instalao do Faronics StorageSpace falhou. A unidade do StorageSpace no est disponvel.A instalao do Faronics StorageSpace falhou.H$`6RSDS\A[ghG5a4D:\__FARONICS_DEPLOY__\Workstation-Side\DeployAgentBuild\CloudAgent\Source\Workstation\StorageSpace\Source\StorageSpacesCustomActions\Release\StorageSpacesCustomActions.pdb < @ 0< @@ `p<@ @`` ` @ @ DT` @D @
!
!@p1X 4@P\< 4@@!!@P$<P$@1 0p<p1@Xh<1@ 3<3@4<4@1DTd1@D1@13<3@2|
3 |2`20$2|2@1@$2@|`28H`2@|`D2@h`2@0|2PL`2@0@LD2@hxD2@h|2@2@8h38
3@ 0h3@ yFa4[(XWHa(`;*h=8Z", "dmRSDSDSAEKD:\__FARONICS_DEPLOY__\Workstation-Side\DeployAgentBuild\CloudAgent\Source\Workstation\bin\Release\FWAInstallHelper\Win32\FWAInstallHelper.pdbd" - source
- File/Memory
- relevance
- 1/10
-
Creates a writable file in a temporary directory
- details
-
"FaronicsDeployAgent_Semi-Automatic_1_.exe" created file "%TEMP%\ProductInstaller\Software Updater_C64.msi"
"FaronicsDeployAgent_Semi-Automatic_1_.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\ProductInstaller\Usage Stats_C64.msi"
"FaronicsDeployAgent_Semi-Automatic_1_.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\ProductInstaller\Cloud Agent_C64.msi"
"FaronicsDeployAgent_Semi-Automatic_1_.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\~DF2B47EA067A162B48.TMP"
"FaronicsDeployAgent_Semi-Automatic_1_.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\~DF35FDB9C559B6D05F.TMP"
"FaronicsDeployAgent_Semi-Automatic_1_.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\ProductInstaller\Imaging Client_C64.msi"
"FaronicsDeployAgent_Semi-Automatic_1_.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\~DF3D06CA403500F27B.TMP"
"FaronicsDeployAgent_Semi-Automatic_1_.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\~DF7AB258B1B2DFB870.TMP"
"FaronicsDeployAgent_Semi-Automatic_1_.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\~DF143DA0AD5658F5DF.TMP"
"FaronicsDeployAgent_Semi-Automatic_1_.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\~DF159E0ADFFC7DDD28.TMP"
"FaronicsDeployAgent_Semi-Automatic_1_.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\~DF88DA4FCE6D47CFCA.TMP"
"FaronicsDeployAgent_Semi-Automatic_1_.exe" created file "C:\Users\%USERNAME%\AppData\Local\Temp\~DFC6ACFA95A4D2D37D.TMP" - source
- API Call
- relevance
- 1/10
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\Global\WindowsUpdateTracingMutex"
"Global\WindowsUpdateTracingMutex"
"DBWinMutex"
"\Sessions\1\BaseNamedObjects\DBWinMutex"
"\Sessions\1\BaseNamedObjects\Global\MSILOG_0a141e5a1d5dd0fGOL.b2afcISM_pmeT_lacoL_ataDppA_SWBUPAH_sresU_:C"
"Global\_MSIExecute"
"Global\MSILOG_0a141e5a1d5dd0fGOL.b2afcISM_pmeT_lacoL_ataDppA_SWBUPAH_sresU_:C"
"\Sessions\1\BaseNamedObjects\Global\_MSIExecute"
"\Sessions\1\BaseNamedObjects\Fwa_ModulesUpgradeMgr" - source
- Created Mutant
- relevance
- 3/10
-
Overview of unique CLSIDs touched in registry
- details
-
"FaronicsDeployAgent_Semi-Automatic_1_.exe" touched "XML DOM Document 3.0" (Path: "HKCU\WOW6432NODE\CLSID\{F5078F32-C551-11D3-89B9-0000F81FE221}")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" touched "UpdateSession Class" (Path: "HKCU\WOW6432NODE\CLSID\{4CB43D7F-7EEE-4906-8698-60DA1C38F2FE}")
"FaronicsDeployAgent_Semi-Automatic_1_.exe" touched "SUSInternal Class 1.0" (Path: "HKCR\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E60687F7-01A1-40AA-86AC-DB1CBF673334}")
"msiexec.exe" touched "Msi install server" (Path: "HKCU\WOW6432NODE\CLSID\{000C101C-0000-0000-C000-000000000046}")
"msiexec.exe" touched "PSFactoryBuffer" (Path: "HKCU\WOW6432NODE\CLSID\{000C103E-0000-0000-C000-000000000046}")
"msiexec.exe" touched "Microsoft Windows Installer Message RPC" (Path: "HKCU\CLSID\{000C101D-0000-0000-C000-000000000046}\DLLVERSION")
"FWAInstallMonitor.exe" touched "XML DOM Document 6.0" (Path: "HKCU\WOW6432NODE\CLSID\{88D96A05-F192-11D4-A65F-0040963251E5}")
"ModulesUpgradeMgr.exe" touched "WBEM Locator" (Path: "HKCR\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}")
"ModulesUpgradeMgr.exe" touched "Windows Management and Instrumentation" (Path: "HKCR\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}")
"ModulesUpgradeMgr.exe" touched "Microsoft WBEM Call Context" (Path: "HKCR\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\TREATAS")
"ModulesUpgradeMgr.exe" touched "Microsoft WBEM (non)Standard Marshaling for IWbemServices" (Path: "HKCR\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TREATAS")
"ModulesUpgradeMgr.exe" touched "Microsoft WBEM WbemClassObject Marshalling proxy" (Path: "HKCR\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{4590F812-1D3A-11D0-891F-00AA004B2E24}\TREATAS")
"schtasks.exe" touched "TaskScheduler class" (Path: "HKCU\WOW6432NODE\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}")
"wacD162.tmp" touched "PSDispatch" (Path: "HKCR\SOFTWARE\CLASSES\CLSID\{00020420-0000-0000-C000-000000000046}") - source
- Registry Access
- relevance
- 3/10
-
Process launched with changed environment
- details
-
Process "ModulesUpgradeMgr.exe" (Show Process) was launched with modified environment variables: "PROCESSOR_ARCHITECTURE, CommonProgramFiles, ProgramFiles"
Process "ModulesUpgradeMgr.exe" (Show Process) was launched with missing environment variables: "PROCESSOR_ARCHITEW6432"
Process "schtasks.exe" (Show Process) was launched with new environment variables: "PROMPT="$P$G""
Process "msiexec.exe" (Show Process) was launched with new environment variables: "VXDIR="C:\VxStream""
Process "msiexec.exe" (Show Process) was launched with modified environment variables: "Path"
Process "wacD162.tmp" (Show Process) was launched with modified environment variables: "Path"
Process "wacD162.tmp" (Show Process) was launched with missing environment variables: "PROMPT, VXDIR"
Process "msiexec.exe" (Show Process) was launched with new environment variables: "PROMPT="$P$G", VXDIR="C:\VxStream""
Process "msiexec.exe" (Show Process) was launched with modified environment variables: "Path"
Process "Imaging.exe" (Show Process) was launched with modified environment variables: "PROCESSOR_ARCHITECTURE, CommonProgramFiles, ProgramFiles, Path"
Process "Imaging.exe" (Show Process) was launched with missing environment variables: "PROMPT, VXDIR, PROCESSOR_ARCHITEW6432"
Process "cmd.exe" (Show Process) was launched with new environment variables: "PROCESSOR_ARCHITEW6432="AMD64""
Process "cmd.exe" (Show Process) was launched with modified environment variables: "PROCESSOR_ARCHITECTURE, CommonProgramFiles, ProgramFiles"
Process "schtasks.exe" (Show Process) was launched with new environment variables: "PROMPT="$P$G""
Process "cmd.exe" (Show Process) was launched with missing environment variables: "PROMPT"
Process "schtasks.exe" (Show Process) was launched with new environment variables: "PROMPT="$P$G"" - source
- Monitored Target
- relevance
- 10/10
-
Runs shell commands
- details
-
"%WINDIR%\system32\cmd.exe /c %ALLUSERSPROFILE%\FWACleanupScheduler.bat" on 2020-2-6.18:10:28.798
"%WINDIR%\system32\cmd.exe /c %ALLUSERSPROFILE%\FWACleanupScheduler.bat" on 2020-2-6.18:16:25.563
"%WINDIR%\system32\cmd.exe /c %ALLUSERSPROFILE%\FWACleanupScheduler.bat" on 2020-2-6.18:16:29.235 - source
- Monitored Target
- relevance
- 5/10
-
Sample shows a variety of benign indicators
- details
- The input file/all extracted files were not detected as malicious and the input file is signed with a validated certificate
- source
- Indicator Combinations
- relevance
- 10/10
-
Spawns new processes
- details
-
Spawned process "msiexec.exe" with commandline "Msiexec /i "%TEMP%\ProductInstaller\Cloud Agent_C64.msi" /q REBO ..." (Show Process)
Spawned process "FWAInstallMonitor.exe" with commandline "/StartMonitor /CreateStartUpMonitorTask /MsiPath "%TEMP%\Product ..." (Show Process), Spawned process "regsvr32.exe" with commandline "/s "%PROGRAMFILES%\(x86)\Faronics\Faronics Deploy Agent\FWAWmiPr ..." (Show Process)
Spawned process "ModulesUpgradeMgr.exe" with commandline "1.10.8110.95 "%PROGRAMFILES%\(x86)\Faronics\Faronics Deploy Agen ..." (Show Process), Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c %ALLUSERSPROFILE%\FWACleanupSchedul ..." (Show Process), Spawned process "schtasks.exe" with commandline "schtasks /Delete /tn LaunchStartUpFWAInstallHelper /f" (Show Process), Spawned process "schtasks.exe" with commandline "schtasks /Create /RU System /tn LaunchStartUpFWAInstallHelper ..." (Show Process), Spawned process "msiexec.exe" with commandline "Msiexec /i "%TEMP%\ProductInstaller\Software Updater_C64.msi" /q ..." (Show Process), Spawned process "msiexec.exe" with commandline "Msiexec /i "%TEMP%\ProductInstaller\Usage Stats_C64.msi" /q REBO ..." (Show Process), Spawned process "wacD162.tmp" with commandline "{EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E247AEDB-16BD-4EEC-BBA9- ..." (Show Process), Spawned process "wacD162.tmp" with commandline "{EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0B7995D5-BD14-4ACD-9F5B- ..." (Show Process), Spawned process "msiexec.exe" with commandline "Msiexec /i "%TEMP%\ProductInstaller\Imaging Client_C64.msi" /q R ..." (Show Process), Spawned process "Imaging.exe" with commandline "--addinstalldate" (Show Process), Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c %ALLUSERSPROFILE%\FWACleanupSchedul ..." (Show Process), Spawned process "schtasks.exe" with commandline "schtasks /Delete /tn LaunchFWACleanupHelper /f" (Show Process), Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c %ALLUSERSPROFILE%\FWACleanupSchedul ..." (Show Process), Spawned process "schtasks.exe" with commandline "schtasks /Delete /tn LaunchStartUpFWAInstallHelper /f" (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
Spawns new processes that are not known child processes
- details
-
Spawned process "msiexec.exe" with commandline "Msiexec /i "%TEMP%\ProductInstaller\Cloud Agent_C64.msi" /q REBO ..." (Show Process)
Spawned process "FWAInstallMonitor.exe" with commandline "/StartMonitor /CreateStartUpMonitorTask /MsiPath "%TEMP%\Product ..." (Show Process), Spawned process "regsvr32.exe" with commandline "/s "%PROGRAMFILES%\(x86)\Faronics\Faronics Deploy Agent\FWAWmiPr ..." (Show Process)
Spawned process "ModulesUpgradeMgr.exe" with commandline "1.10.8110.95 "%PROGRAMFILES%\(x86)\Faronics\Faronics Deploy Agen ..." (Show Process), Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c %ALLUSERSPROFILE%\FWACleanupSchedul ..." (Show Process), Spawned process "schtasks.exe" with commandline "schtasks /Delete /tn LaunchStartUpFWAInstallHelper /f" (Show Process), Spawned process "schtasks.exe" with commandline "schtasks /Create /RU System /tn LaunchStartUpFWAInstallHelper ..." (Show Process), Spawned process "msiexec.exe" with commandline "Msiexec /i "%TEMP%\ProductInstaller\Software Updater_C64.msi" /q ..." (Show Process), Spawned process "msiexec.exe" with commandline "Msiexec /i "%TEMP%\ProductInstaller\Usage Stats_C64.msi" /q REBO ..." (Show Process), Spawned process "wacD162.tmp" with commandline "{EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E247AEDB-16BD-4EEC-BBA9- ..." (Show Process), Spawned process "wacD162.tmp" with commandline "{EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0B7995D5-BD14-4ACD-9F5B- ..." (Show Process), Spawned process "msiexec.exe" with commandline "Msiexec /i "%TEMP%\ProductInstaller\Imaging Client_C64.msi" /q R ..." (Show Process), Spawned process "Imaging.exe" with commandline "--addinstalldate" (Show Process), Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c %ALLUSERSPROFILE%\FWACleanupSchedul ..." (Show Process), Spawned process "schtasks.exe" with commandline "schtasks /Delete /tn LaunchFWACleanupHelper /f" (Show Process), Spawned process "cmd.exe" with commandline "%WINDIR%\system32\cmd.exe /c %ALLUSERSPROFILE%\FWACleanupSchedul ..." (Show Process), Spawned process "schtasks.exe" with commandline "schtasks /Delete /tn LaunchStartUpFWAInstallHelper /f" (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
The input sample is signed with a certificate
- details
-
The input sample is signed with a certificate issued by "C=CA, S=British Columbia, L=Vancouver, O=Faronics Corporation, CN=Faronics Corporation" (SHA1: F1:0A:D7:90:78:CD:8C:B9:8C:71:D9:76:3B:C2:F8:FB:5F:F8:5C:E0: (1.2.840.113549.1.1.11); see report for more information)
The input sample is signed with a certificate issued by "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured ID Code Signing CA" (SHA1: 92:C1:58:8E:85:AF:22:01:CE:79:15:E8:53:8B:49:2F:60:5B:80:C6: (1.2.840.113549.1.1.11); see report for more information)
The input sample is signed with a certificate issued by "C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA" (SHA1: 05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43: (sha1RSA(RSA)); see report for more information) - source
- Certificate Data
- relevance
- 10/10
- ATT&CK ID
- T1116 (Show technique in the MITRE ATT&CK™ matrix)
-
The input sample is signed with a valid certificate
- details
- The entire certificate chain of the input sample was validated successfully.
- source
- Certificate Data
- relevance
- 10/10
-
Accesses Software Policy Settings
-
Installation/Persistance
-
Connects to LPC ports
- details
-
"FaronicsDeployAgent_Semi-Automatic_1_.exe" connecting to "\ThemeApiPort"
"msiexec.exe" connecting to "\ThemeApiPort"
"regsvr32.exe" connecting to "\ThemeApiPort"
"schtasks.exe" connecting to "\ThemeApiPort"
"wacD162.tmp" connecting to "\ThemeApiPort" - source
- API Call
- relevance
- 1/10
-
Dropped files
- details
-
"Usage Stats_C64.msi" has type "Composite Document File V2 Document Little Endian O%WINDIR%\Version 6.1 MSI Installer Number of Characters: 0 Last Saved By: InstallShield Number of Words: 0 Title: Installation Database Comments: Contact: Your local administrator Keywords: InstallerMSIDatabase Subject: Faronics UsageStats Author: Faronics Corporation Security: 1 Number of Pages: 200 Name of Creating Application: InstallShield 2012 Spring - Premier Edition 19 Last Saved Time/Date: Tue Sep 17 12:55:21 2019 Create Time/Date: Tue Sep 17 12:55:21 2019 Last Printed: Tue Sep 17 12:55:21 2019 Revision Number: {448BCF4E-9BD0-45F0-AD19-CB6DBA69D054} Code page: 1252 Template: x64;1033"
"Software Updater_C64.msi" has type "Composite Document File V2 Document Can't read SAT"
"FWACleanupScheduler.bat" has type "ASCII text with CRLF line terminators"
"Cloud Agent_C64.msi" has type "Composite Document File V2 Document Can't read SAT"
"Imaging Client_C64.msi" has type "Composite Document File V2 Document Little Endian Os: Windows Version 6.1 MSI Installer Number of Characters: 0 Last Saved By: InstallShield Number of Words: 0 Title: Installation Database Comments: Contact: Your local administrator Keywords: InstallerMSIDatabase Subject: Faronics Imaging Author: Faronics Corporation Security: 1 Number of Pages: 200 Name of Creating Application: InstallShield 2012 - Premier Edition 18 Last Saved Time/Date: Fri Jan 10 16:01:36 2020 Create Time/Date: Fri Jan 10 16:01:36 2020 Last Printed: Fri Jan 10 16:01:36 2020 Revision Number: {F5DE7ACB-AF57-407D-9F58-260F98ACE29F} Code page: 1252 Template: Intel;1033"
"tmp59B0.tmp" has type "data"
"CloudAgentCleanupHelper.LOG" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"
"tmp8544.tmp" has type "data"
"Products.ini" has type "data"
"1814E26C1E25849B8396DBC50D93D010.mof" has type "C++ source Little-endian UTF-16 Unicode text with CRLF CR line terminators"
"tmp5701.tmp" has type "data"
"AAF97DF8955A0A044709078E6305D4FE.mof" has type "C++ source Little-endian UTF-16 Unicode text with CRLF CR line terminators"
"48CEEC55102547DB8D2945999C51BC92.mof" has type "C++ source Little-endian UTF-16 Unicode text with CRLF CR line terminators"
"Imaging.log" has type "Little-endian UTF-16 Unicode text with no line terminators"
"tmp5C21.tmp" has type "data"
"WindowsUpdate.log" has type "ASCII text with very long lines with CRLF line terminators"
"ModulesMgrLogs.log" has type "UTF-8 Unicode (with BOM) text with CRLF line terminators"
"1C29FC8FA2CF87E04D41BFB25C6A2483.mof" has type "C++ source Little-endian UTF-16 Unicode text with CRLF CR line terminators" - source
- Binary File
- relevance
- 3/10
-
Touches files in the Windows directory
- details
-
"FaronicsDeployAgent_Semi-Automatic_1_.exe" touched file "%WINDIR%\Globalization\Sorting\SortDefault.nls"
"FaronicsDeployAgent_Semi-Automatic_1_.exe" touched file "%WINDIR%\SysWOW64\en-US\msctf.dll.mui"
"FaronicsDeployAgent_Semi-Automatic_1_.exe" touched file "%WINDIR%\Fonts\segoeui.ttf"
"FaronicsDeployAgent_Semi-Automatic_1_.exe" touched file "%WINDIR%\Fonts\segoeuib.ttf"
"FaronicsDeployAgent_Semi-Automatic_1_.exe" touched file "%WINDIR%\Fonts\segoeuii.ttf"
"FaronicsDeployAgent_Semi-Automatic_1_.exe" touched file "%WINDIR%\Fonts\segoeuiz.ttf"
"FaronicsDeployAgent_Semi-Automatic_1_.exe" touched file "%WINDIR%\Fonts\segoeuil.ttf"
"FaronicsDeployAgent_Semi-Automatic_1_.exe" touched file "%WINDIR%\SysWOW64\en-US\KernelBase.dll.mui" - source
- API Call
- relevance
- 7/10
-
Connects to LPC ports
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "http://ocsp.thawte.com0"
Pattern match: "http://crl.thawte.com/ThawteTimestampingCA.crl0"
Pattern match: "http://ts-ocsp.ws.symantec.com07"
Pattern match: "http://ts-aia.ws.symantec.com/tss-ca-g2.cer0"
Pattern match: "http://ts-crl.ws.symantec.com/tss-ca-g2.crl0"
Pattern match: "http://crl.verisign.com/pca3.crl0"
Pattern match: "https://www.verisign.com/cps0"
Pattern match: "http://logo.verisign.com/vslogo.gif04"
Pattern match: "http://ocsp.verisign.com0"
Pattern match: "crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0"
Pattern match: "https://www.verisign.com/rpa"
Pattern match: "http://sf.symcb.com/sf.crl0f"
Pattern match: "https://d.symcb.com/cps0%"
Pattern match: "https://d.symcb.com/rpa0"
Pattern match: "http://sf.symcd.com0&"
Pattern match: "http://sf.symcb.com/sf.crt0"
Pattern match: "https://www.verisign.com/cps0*"
Pattern match: "https://www.verisign.com/rpa0"
Pattern match: "http://crl.verisign.com/pca3-g5.crl04"
Pattern match: "http://sv.symcb.com/sv.crl0f"
Pattern match: "http://sv.symcd.com0&"
Pattern match: "http://sv.symcb.com/sv.crt0"
Pattern match: "http://s2.symcb.com0"
Pattern match: "http://www.symauth.com/cps0"
Pattern match: "http://www.symauth.com/rpa00"
Pattern match: "http://s1.symcb.com/pca3-g5.crl0"
Pattern match: "www.Faronics.comcaRemoveVRootsISCHECKFORPRODUCTUPDATESAllUsersApplicationUsersNoAgreeToLicenseChange_IsMaintenanceCloseRestartRestartManagerOptionTypicalSetupType_IsSetupTypeMinDisplay_IsBitmapDlg{662F6929-F98A-483A-9B6D-E28F4802268E}[1]ALLUSERSARPPRODUCTI"
Pattern match: "http://crl.verisign.com/tss-ca.crl0"
Pattern match: "crl.verisign.com/ThawteTimestampingCA.crl0"
Pattern match: "csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D"
Pattern match: "csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0"
Pattern match: "http://logo.verisign.com/vslogo.gif0"
Pattern match: "http://ocsp.verisign.com01"
Pattern match: "http://www.flexerasoftware.com0"
Heuristic match: "##### CIdentifyProduct::FindProductInDifferentLocation() - In side .net"
Heuristic match: "##### CIdentifyProduct::GetSpecialProductVersion() - In side .net"
Pattern match: "http://www.cutepdf.com/download/converter.exe"
Pattern match: "http://%s:%s/SU_Downloads/"
Heuristic match: "deploy.faronics.com"
Heuristic match: "nv0mddxkh7.execute-api.us-west-2.amazonaws.com"
Pattern match: "www.Faronics.comcaRemoveVRootsISCHECKFORPRODUCTUPDATESAllUsersApplicationUsersNoAgreeToLicenseChange_IsMaintenanceCloseRestartRestartManagerOptionTypicalSetupType_IsSetupTypeMinDisplay_IsBitmapDlg{5DF6159E-A8AC-4A48-940C-7927C5101B8C}[1]ALLUSERSARPPRODUCTI"
Pattern match: "http://https://True1YYes:ILu~:ILu~###o~"
Pattern match: "http://crl.verisign.com/tss-ca.crl0U%0"
Pattern match: "crl.verisign.com/ThawteTimestampingCA.crl0U%0"
Pattern match: "csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0DU"
Pattern match: "csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0U#0k&p?-50`HB0"
Pattern match: "https://fe2.update.microsoft.com/v6/UpdateRegulationService/UpdateRegulation.asmx"
Pattern match: "http://au.download.windowsupdate.com/d/msdownload/update/software/secu/2015/02/windows6.1-kb3035126-x64_2899e9a9ef507c3bdfc2f5b3773242084b0b3101.psf"
Pattern match: "http://au.download.windowsupdate.com/d/msdownload/update/software/secu/2016/04/windows6.1-kb3156019-x64_2f98a8f7fa876a339f16efde8389f71c858fe8c7.psf"
Pattern match: "http://au.download.windowsupdate.com/c/msdownload/update/software/secu/2015/02/windows6.1-kb3035132-x64_ac10e3eec155e801261092a1d09cc0016276ffc2.psf"
Pattern match: "http://au.download.windowsupdate.com/d/msdownload/update/software/secu/2015/12/windows6.1-kb3110329-x64_265466e08e0a88293fccc87d63d7e5e4cc1213fb.psf"
Pattern match: "http://au.download.windowsupdate.com/c/msdownload/update/software/secu/2016/04/windows6.1-kb3156016-x64_cafab3f4a878bd0c1570536dfb4dfe07c3c37004.psf"
Pattern match: "http://au.download.windowsupdate.com/d/msdownload/update/software/secu/2015/08/windows6.1-kb3078601-x64_33840b8540e89e694dd72cd0f66cd54c16841551.psf"
Pattern match: "http://au.download.windowsupdate.com/d/msdownload/update/software/secu/2017/11/windows6.1-kb4048957-x64_89a5cec83b9f9a86fd95cc57e6205fb695448f7b.psf"
Pattern match: "https://fe2.update.microsoft.com/v6/ClientWebService/client.asmx"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946987_7e1608db514d113dcdd5804cdc6dd846a95846a5.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-sr-cyrl_7d1d570694d045da0c22f05e733cae84122dc636.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/software/ftpk/2013/10/ie-spelling-eu_8ca5cabd91102e1f8f86dd0dcf71b0948a4ebc6b.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946609_a35ead95d7cc969b0f330941c87874d6c27874dd.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-ru_c21e390222f2031e1f1a2b7625203f590016faa8.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946613_12e80d99ec519c477a3a7b0b30c38590fdbf29fa.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946989_958e523a52285ec0d9cd44e60dc4752df2c45031.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946809_956a2f816d410c0ccdb3547eb85440d016d601d3.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946995_c832019a5c4ed3584c147b41ce3f39be1fca9a05.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/software/ftpk/2013/11/ie-spelling-nl_3576e6450352dfc0c0892bf62384e75a56d780a7.msu"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-sk_4f4ea78ab6593037e1f984bbe073251d7bbf7948.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/software/ftpk/2013/11/ie-spelling-gl_50363ca00296d55202435d869ba9e706e5979287.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946447_7489887af837b199e591f957d0427bcf6474b263.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/software/ftpk/2013/11/ie-spelling-da_29485c052dc28c0033e2ac5211e54c1bcc2dc8d6.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946449_122bde0e847c1a65d3bf045fac0b4fe26a305adc.cab"
Pattern match: "http://download.windowsupdate.com/msdownload/update/software/updt/2011/04/windows6.1-kb982018-v3-x64_7853a1c9c63611e17cd2c923704bf2e924bdfe7b.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946815_5935416778327e3e2033bd312449998c4f1c5729.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-id_eb574545d285e6a4cf04c6d1277aba036e97d8ee.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946991_8bd4e102f8e98a4b480884494a29b1c7c9964f30.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946983_e4cba3bc09479e2025141b34cd5cd30cc1c37b70.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946819_a0f32b08eef016d168d9fc5cb6aa0b7435748834.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946993_87a0ebc05ece9d683a0a7586d97d0464fd6e51bc.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-nb_f2e75cb9e611a5ac30a6fe4f6965c03bee4560e7.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/software/ftpk/2013/11/ie-spelling-cs_7670ca9307fba39cdb965f3e2d867284806be287.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/software/ftpk/2013/10/ie-spelling-ar_30977b7225e46f241f3889766267ffb8642fb9a5.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946985_bd1510311d13985cdb2ddeff406971b3bab3e2c8.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-sv_6dc16b4b494a3f4002d7405f50823f163bec5cb3.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9947155_38a5361f2aece680dfb3123ec7ea3c114397eab2.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946807_7c4d5da2a478617ecd41834d88a2103a9050673e.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-hr_fb4fe854cf9e01af3b6ebcc76eae8f1c8e16a124.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946611_f45cdd8461c53fda49bfbd423525870634e1a010.cab"
Pattern match: "http://download.windowsupdate.com/msdownload/update/software/dflt/2011/07/4641781_9a3fd13770adce3bb551cfb769607eea1d442ef8.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-sl_9759fddb17d254c6101883838865bc5298c0ec3d.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946710_816b4846d7f891b997dc300717877f0718e4f390.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-it_757781c5b1d45d53a65ba44d741e7a2168c56755.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946817_f26ae028a5b6729bb4f495247d7bfd0e69456303.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946821_f5082b842c8abc5c47cfc68f98340ec384b69fa9.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-ro_15653f12aeff49baa8484596302139b5b4aece7d.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946811_5fc25e1d989e0f67474214a0d67d8cd5258b05bd.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/software/ftpk/2013/10/ie-spelling-pt-br_ef47448dd9313e50a2c579deda6a8e8bb2474485.msu"
Pattern match: "http://download.windowsupdate.com/msdownload/update/software/updt/2012/09/windows6.1-kb2732487-v2-x64_90cdfa45eae23f853204394de11708a945785117.msu"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-sr-latn_90c9b8ecc4818b12b3f3a2e06bd67c1da4d41efb.msu"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-ca_96ee75c0dfd663091adffd5ece95c08a4f3e6d99.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946813_1ff8fa10b1c8d1091f0556fdeeaa23f401190214.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-uk_d41473bf80b63070a200d57cd626a03d95733ca3.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/software/ftpk/2013/11/ie-spelling-et_e022664e0ae93d15b8ab03dba4b4ace3bf25aa04.msu"
Pattern match: "http://download.windowsupdate.com/msdownload/update/common/2012/10/6001224_6e7a63b92772bd2d84698519e862297c034d70a7.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-de_868820b048f75dd5aba424c1b4b34c20cf239456.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9946981_75c2312cb5debcce21ec2d1035a341369ad2218e.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-pl_5849ca60c56e4278ddd573a5f5c4fc89ca31255a.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2015/02/16506822_6cd71e87b26d8d7ba1b16032304ae8ca9ade0167.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9947738_6194f94fb84071b02033143f821e93c481407006.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9947742_48d159684b523ad7ed2969920be714c0f2de54a1.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/software/secu/2013/12/windows6.1-kb2912390-x64_413ad3ebc0199bd6d0ec00aaa0a17c73a00b8c30.msu"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/others/2014/09/14135006_5c7b2d5b54e977fe049585d7c28de518e2e60b7a.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2015/10/18928664_f53f4ad84e3a1c30803f0642cf18faa630a9d502.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/software/ftpk/2013/11/ie-spelling-en_eb351282502a45726223354a4e92d17807d78bbb.msu"
Pattern match: "http://download.windowsupdate.com/msdownload/update/software/secu/2011/06/windows6.1-kb2532531-x64_e76d3898952ba2d157e78fbef8b02247fa354045.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9947414_a7fc6cf72b969e21c0946a6c40db4ef6cd79a66f.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-es_51ba34590e81e0958affe0a4c35682cb5fed5fb4.msu"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-lv_0d2c7eaff98f432e597fef46ff09497022b407f5.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9947734_4122b8e299621897ba13d4138a15679cb9413194.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9947740_d1d5c6967805ff477a7a7de9cb5c3dcec54c6ee0.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2014/09/14588865_25e41ba7c9bfb155839e7cbaa3d480d07db9c5b6.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/software/ftpk/2013/11/ie-spelling-fr_c13c1d2748c918d502620308ec9d9f1732781734.msu"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/updt/2013/12/windows6.1-kb2913152-v2-x64_0f001a1b36594692d091186e430aef82112f58b5.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9947744_35abd95860f3ebe836a420c8de25f2c0198d8c6a.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/software/ftpk/2013/11/ie-spelling-pt-pt_6f6c539385ff12f525f40f4f6a158e621f10bef8.msu"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-nn_9e48255da0dccbba3809a9357206086907b15e9e.msu"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/updt/2014/09/windows6.1-kb2978092-x64_dd830519aa3d6716949e45856851d87c1edef522.msu"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/secu/2015/09/windows6.1-kb3042058-x64_4e7e044dbb5c095851bd1c28c9d8eb5c17975e10.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9947412_48f123a76660a5d081cc401fe19a4f8dae784638.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/10/ie-spelling-bg_08ae9cfa042f1cfd77a8b2a1e433f0a18c76f697.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9947750_81414d4178bf04435c62b4ecad16e9535e78cb37.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/others/2014/02/11151035_fbacc390944339e332cece5af75ecb8d866d26ce.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/12/10257536_48907c9590d070e4c60b703effe8dfaa044adbf6.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/others/2014/10/15366051_f4915422b340d37804cf8786e6770765ffe6793a.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-he_5cb369423e545c3f17ffff28be66faa14b30ae20.msu"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/others/2014/09/14588111_5f8c7e2e3005ad900cf459d5429860ba3437e7bc.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-el_6b97f367323c01e473b9ae5d3899367ca8a554fc.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9947732_8891c5f24ff3dd4bcbde8ecc4655bd6bdcfc71d9.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/software/ftpk/2013/11/ie-spelling-fi_935ac6bac542111ccf42349eb55ff7123f4e8ca2.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9947157_bab9a718f746d26d0d71d2cf937074e7a00636ae.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9947748_8d431d0c7fed8cb9391762fd4c494bda22edfcb6.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-tr_6f7393381c59a02a43cd12ec6d5a5ba367bc16bc.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2015/02/16506823_1c5b47119f7f815eb11fb570539e92f40c4d4a7f.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9947736_0109440cbb2e2541dc2ae8d5b52f7bbfe8a285c1.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2013/11/9947746_9296e1904258e26ff0b81dd38f29467d31ec5c68.cab"
Pattern match: "http://download.windowsupdate.com/d/msdownload/update/software/ftpk/2013/11/ie-spelling-lt_ea2f88dd2dcbe8dd4137f3e89ee2a2b27a9e31f1.msu"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/others/2015/02/16506825_c19b25a74d1b4b5ad7a3b40886be1ab00251b8e4.cab"
Pattern match: "http://download.windowsupdate.com/c/msdownload/update/software/updt/2014/09/windows6.1-kb2977728-x64_f3007869bf6d406a35ed892803d696bfcf97d96c.msu"
Pattern match: "www.faronics.comcaRemoveVRootsISCHECKFORPRODUCTUPDATESAllUsersApplicationUsersNoAgreeToLicenseChange_IsMaintenanceCloseRestartRestartManagerOptionTypicalSetupType_IsSetupTypeMinDisplay_IsBitmapDlg{581F69E6-A5D1-48C7-9F6F-CC333007F7EB}[1]ALLUSERSARPNOREMOVE"
Pattern match: "upgrade.FSSInstaller.exe/UpgradeFSSFaronics"
Heuristic match: "Y_^[]UQUVEpffuM+PR3Iu3FFfPa^]UMEPQjR]UQMSVWEp@u}+4+wwV,MVQSOG+QPS;#_^[]UjhIdPQSVW!3PEd}EePEEeFwMPMVRQP.SB"
Heuristic match: "tVC.MC"
Heuristic match: "dPVW!3PEdEPMQUREPe3VREyAPEf*,twMQUREPMQe3VRE$yAPfJ*,t9U};uEM;u3!~;|;~;}9}rMQS3EEfU9}8rE$P.Md"
Heuristic match: "dPt!3ESVWPEd39j3h,M}]fE(jhM]u]]8hjQj73yYhxEfj7qYh@EEPMQEZPh [EM}rUR_}u]]ErEP=N:3jfMh,M}]jhMEu]]hjRj73yYhxEfj7qYh@EMQUREDPh [Eu7}rEPI}u]]rMQ.Md"
Pattern match: "UsageStatsFWAInstallHelperExe.exe/RemoveAllDeployProductFailed"
Pattern match: "https://deploy.faronics.com/" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
-
System Security
-
Creates or modifies windows services
- details
-
"FaronicsDeployAgent_Semi-Automatic_1_.exe" (Access type: "CREATE"; Path: "HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS")
"ModulesUpgradeMgr.exe" (Access type: "CREATE"; Path: "HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS") - source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1112 (Show technique in the MITRE ATT&CK™ matrix)
-
Opens the Kernel Security Device Driver (KsecDD) of Windows
- details
-
"FaronicsDeployAgent_Semi-Automatic_1_.exe" opened "\Device\KsecDD"
"msiexec.exe" opened "\Device\KsecDD"
"FWAInstallMonitor.exe" opened "\Device\KsecDD"
"regsvr32.exe" opened "\Device\KsecDD"
"ModulesUpgradeMgr.exe" opened "\Device\KsecDD"
"schtasks.exe" opened "\Device\KsecDD"
"wacD162.tmp" opened "\Device\KsecDD"
"Imaging.exe" opened "\Device\KsecDD" - source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1215 (Show technique in the MITRE ATT&CK™ matrix)
-
Creates or modifies windows services
File Details
FaronicsDeployAgent_Semi-Automatic (1).exe
- Filename
- FaronicsDeployAgent_Semi-Automatic (1).exe
- Size
- 33MiB (34162704 bytes)
- Type
- peexe executable
- Description
- PE32 executable (GUI) Intel 80386, for MS Windows
- Architecture
- WINDOWS
- SHA256
- 259499016e93ddb3a785c34187f0bf0df5a5f808cf1b94ac851f38e019ed10bd
- MD5
- 31d918d5305714095927b0b57f08d5a5
- SHA1
- 10f1c27d4f60a8332464fcfb9df1d6a723ca5acf
Classification (TrID)
- 48.6% (.OCX) Windows ActiveX control
- 17.9% (.EXE) InstallShield setup
- 17.3% (.EXE) Win32 EXE PECompact compressed (generic)
- 11.5% (.EXE) Win64 Executable (generic)
- 1.8% (.EXE) Win32 Executable (generic)
File Certificates
Certificate chain was successfully validated.
Download Certificate File (15KiB)Owner | Issuer | Validity | Hashes (MD5, SHA1) |
---|---|---|---|
C=CA, S=British Columbia, L=Vancouver, O=Faronics Corporation, CN=Faronics Corporation | C=CA, S=British Columbia, L=Vancouver, O=Faronics Corporation, CN=Faronics Corporation Serial: 08bc3bd9e3c32540f0d06d94fc52dfbd |
10/02/2017 01:00:00 12/02/2020 13:00:00 |
F1:0A:D7:90:78:CD:8C:B9:8C:71:D9:76:3B:C2:F8:FB:5F:F8:5C:E0: (1.2.840.113549.1.1.11) |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured ID Code Signing CA | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Assured ID Code Signing CA Serial: 0409181b5fd5bb66755343b56f955008 |
10/22/2013 13:00:00 10/22/2028 13:00:00 |
92:C1:58:8E:85:AF:22:01:CE:79:15:E8:53:8B:49:2F:60:5B:80:C6: (1.2.840.113549.1.1.11) |
C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA Serial: 0ce7e0e517d846fe8fe560fc1bf03039 |
11/10/2006 01:00:00 11/10/2031 01:00:00 |
05:63:B8:63:0D:62:D7:5A:BB:C8:AB:1E:4B:DF:B5:A8:99:B2:4D:43: (sha1RSA(RSA)) |
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 18 processes in total.
-
FaronicsDeployAgent_Semi-Automatic_1_.exe
(PID: 3340)
- msiexec.exe Msiexec /i "%TEMP%\ProductInstaller\Cloud Agent_C64.msi" /q REBOOT="ReallySuppress" (PID: 3432)
- msiexec.exe Msiexec /i "%TEMP%\ProductInstaller\Software Updater_C64.msi" /q REBOOT="ReallySuppress" (PID: 2064)
- msiexec.exe Msiexec /i "%TEMP%\ProductInstaller\Usage Stats_C64.msi" /q REBOOT="ReallySuppress" (PID: 1856)
- msiexec.exe Msiexec /i "%TEMP%\ProductInstaller\Imaging Client_C64.msi" /q REBOOT="ReallySuppress" (PID: 3872)
-
FWAInstallMonitor.exe
/StartMonitor /CreateStartUpMonitorTask /MsiPath "%TEMP%\ProductInstaller\Cloud Agent_C64.msi" /Pid 3760
(PID: 1244)
-
cmd.exe
%WINDIR%\system32\cmd.exe /c %ALLUSERSPROFILE%\FWACleanupScheduler.bat
(PID: 1520)
- schtasks.exe schtasks /Delete /tn LaunchStartUpFWAInstallHelper /f (PID: 2396)
- schtasks.exe schtasks /Create /RU System /tn LaunchStartUpFWAInstallHelper /tr "\"%ALLUSERSPROFILE%\FWAInstallMonitor.exe\" /StartMonitorAtStartUp 5 /MsiPath %TEMP%\FaronicsCloudAgent.msi" /sc onstart (PID: 1468)
-
cmd.exe
%WINDIR%\system32\cmd.exe /c %ALLUSERSPROFILE%\FWACleanupScheduler.bat
(PID: 2396)
- schtasks.exe schtasks /Delete /tn LaunchFWACleanupHelper /f (PID: 2792)
-
cmd.exe
%WINDIR%\system32\cmd.exe /c %ALLUSERSPROFILE%\FWACleanupScheduler.bat
(PID: 3684)
- schtasks.exe schtasks /Delete /tn LaunchStartUpFWAInstallHelper /f (PID: 3176)
-
cmd.exe
%WINDIR%\system32\cmd.exe /c %ALLUSERSPROFILE%\FWACleanupScheduler.bat
(PID: 1520)
-
regsvr32.exe
/s "%PROGRAMFILES%\(x86)\Faronics\Faronics Deploy Agent\FWAWmiProvider.dll"
(PID: 1828)
- wacD162.tmp {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{E247AEDB-16BD-4EEC-BBA9-E2BE9719F295} (PID: 4048)
- wacD162.tmp {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0B7995D5-BD14-4ACD-9F5B-F58DC0F1B817} (PID: 3752)
- ModulesUpgradeMgr.exe 1.10.8110.95 "%PROGRAMFILES%\(x86)\Faronics\Faronics Deploy Agent\\" LaunchFromInstaller (PID: 3568)
- Imaging.exe --addinstalldate (PID: 1144)
Network Analysis
DNS Requests
Domain | Address | Registrar | Country |
---|---|---|---|
deploy.faronics.com
OSINT |
52.41.91.1
TTL: 3328 |
GoDaddy.com, LLC
Organization: Faronics Corporation Name Server: NS31.DOMAINCONTROL.COM Creation Date: Tue, 18 Jun 1996 04:00:00 GMT |
United States |
nv0mddxkh7.execute-api.us-west-2.amazonaws.com
OSINT |
54.213.32.138
TTL: 59 |
MarkMonitor, Inc. | United States |
Contacted Hosts
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
52.41.91.1 |
443
TCP |
faronicsdeployagent_semi-automatic_1_.exe PID: 3340 modulesupgrademgr.exe PID: 3568 fwaservice.exe PID: 3848 |
United States |
Contacted Countries
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
-
Informative Selection 5
-
-
FWACleanupScheduler.bat
- Size
- 272B (272 bytes)
- Type
- text
- Description
- ASCII text, with CRLF line terminators
- Runtime Process
- cmd.exe (PID: 2396)
- MD5
- dd22c9a5640b8669e26e9a98e424987e
- SHA1
- 71c8a9c668a9715c04f8240b9767c84a4081548d
- SHA256
- e7a4542684306edbfb3913905f9d695eb9524480ec6bb8dfc900c83b35ed8305
-
Cloud Agent_C64.msi
- Size
- 5MiB (5238784 bytes)
- Type
- rtf
- Description
- Composite Document File V2 Document, Can't read SAT
- Runtime Process
- msiexec.exe (PID: 3432)
- MD5
- 0353ef4ba421333efdae8cd9cbf296c1
- SHA1
- 91199a335da9a339758e24c8b80c16c683023b1d
- SHA256
- 11e7fbf67a6e4fbb4b0f2fca40aa1cf9cb23bb30667e9676048327a1c52b4505
-
Imaging Client_C64.msi
- Size
- 2.4MiB (2528256 bytes)
- Type
- msi data
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: Faronics Imaging, Author: Faronics Corporation, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2012 - Premier Edition 18, Last Saved Time/Date: Fri Jan 10 16:01:36 2020, Create Time/Date: Fri Jan 10 16:01:36 2020, Last Printed: Fri Jan 10 16:01:36 2020, Revision Number: {F5DE7ACB-AF57-407D-9F58-260F98ACE29F}, Code page: 1252, Template: Intel;1033
- Runtime Process
- msiexec.exe (PID: 3872)
- MD5
- d37e084306c23308875c0d1fcf99c17a
- SHA1
- bf0aed450a991484333432999c2310e7ea640128
- SHA256
- 9421aa49456e94022953a1d75659e077ff59e2986f21d67b2dfc78c0f5dbb5d0
-
Software Updater_C64.msi
- Size
- 5MiB (5238784 bytes)
- Type
- rtf
- Description
- Composite Document File V2 Document, Can't read SAT
- Runtime Process
- msiexec.exe (PID: 2064)
- MD5
- ffe1ac148a06630a8be2bae0589258c9
- SHA1
- 300d57846e1d8083a304109a34bf9660fb97f07f
- SHA256
- a14e561ea04008dfc0b77c2b314eee8e1f79083c07ea3ae176c9edfd53d2a675
-
Usage Stats_C64.msi
- Size
- 4.3MiB (4462080 bytes)
- Type
- msi data
- Description
- Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, MSI Installer, Number of Characters: 0, Last Saved By: InstallShield, Number of Words: 0, Title: Installation Database, Comments: Contact: Your local administrator, Keywords: Installer,MSI,Database, Subject: Faronics UsageStats, Author: Faronics Corporation, Security: 1, Number of Pages: 200, Name of Creating Application: InstallShield 2012 Spring - Premier Edition 19, Last Saved Time/Date: Tue Sep 17 12:55:21 2019, Create Time/Date: Tue Sep 17 12:55:21 2019, Last Printed: Tue Sep 17 12:55:21 2019, Revision Number: {448BCF4E-9BD0-45F0-AD19-CB6DBA69D054}, Code page: 1252, Template: x64;1033
- Runtime Process
- msiexec.exe (PID: 1856)
- MD5
- 5eb479c2fda625c2cf9fd39a27eb920e
- SHA1
- 731074699bad4dad163b820431f5a35fda9d20bb
- SHA256
- 9c65262ef3217ad9aadb0058f13a60c3ba8c4bedb77c120b9cc128a2b21ff4c2
-
-
Informative 13
-
-
CloudAgentCleanupHelper.LOG
- Size
- 187KiB (191550 bytes)
- Type
- text
- Description
- UTF-8 Unicode (with BOM) text, with CRLF line terminators
- Runtime Process
- FWAInstallMonitor.exe (PID: 1244)
- MD5
- d82b61b744b6835dc9c68683a7bcc227
- SHA1
- 4df4e81768c6e642f2fe63bb4dad504467c3624e
- SHA256
- bd6a34b36c3eff17e6fc1383cd5073302a9070d600d8992f4a9fa838afbc5081
-
ModulesMgrLogs.log
- Size
- 373B (373 bytes)
- Type
- text
- Description
- UTF-8 Unicode (with BOM) text, with CRLF line terminators
- Runtime Process
- ModulesUpgradeMgr.exe (PID: 3568)
- MD5
- 24ad56070774d487234a8da0b63c71ef
- SHA1
- ce88636fa9f8006c503005e695f289fb735fbed2
- SHA256
- 070959ce0df5efeeb164f6c22a2fafe08639051dff7282c8563afe20889e4dfc
-
Imaging.log
- Size
- 2B (2 bytes)
- Type
- text
- Description
- Little-endian UTF-16 Unicode text, with no line terminators
- Runtime Process
- Imaging.exe (PID: 1144)
- MD5
- f3b25701fe362ec84616a93a45ce9998
- SHA1
- d62636d8caec13f04e28442a0a6fa1afeb024bbb
- SHA256
- b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
-
Products.ini
- Size
- 388B (388 bytes)
- Type
- data
- Runtime Process
- FaronicsDeployAgent_Semi-Automatic_1_.exe (PID: 3340)
- MD5
- f5694dd901cb6ff989250e33ee53a266
- SHA1
- af94d8cb6b04ca8adbb0b8551e0c61e065b7eb7f
- SHA256
- 35423ef00263dcb1bfe288553a709436cd9b61780417021c57d8cefb631b674f
-
WindowsUpdate.log
- Size
- 1.5MiB (1560299 bytes)
- Type
- text
- Description
- ASCII text, with very long lines, with CRLF line terminators
- Runtime Process
- FaronicsDeployAgent_Semi-Automatic_1_.exe (PID: 3340)
- MD5
- 249ea3bb6a0b80c5e79541c6158b5b50
- SHA1
- 75fc1f677ab1c2f3008e546ef7becb8a7db272ef
- SHA256
- cb15e4386858ad51ef71922a26c8460588c7f7aa5ccac5f9adf07e9641e6783d
-
tmp59B0.tmp
- Size
- 8.7KiB (8862 bytes)
- Type
- data
- MD5
- 669e31228aa80afa0316255e7845e8d7
- SHA1
- ae597ba8eed2c39702fbde6bb3bb5bfdae9c7630
- SHA256
- 0ed2aa9bf5012b982f0ca47b7793068378af58e06a758306b3f6ee7cacfa24fb
-
tmp8544.tmp
- Size
- 6.3KiB (6438 bytes)
- Type
- data
- MD5
- 0ebe25fb88f62f4e00c51755c8f83556
- SHA1
- e1a3275e12c9a75578504e4447c924e36747bf08
- SHA256
- e6de60fc6648469ae3d19e7ec7d67e7eebf472cc9dddfdfc671c57d19bb72f19
-
1814E26C1E25849B8396DBC50D93D010.mof
- Size
- 1.6KiB (1624 bytes)
- Type
- text
- Description
- C++ source, Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
- MD5
- 99b8542ce6fd7ff9ca8f9ac9ef3e6d7e
- SHA1
- 110743048b687f882012b3f9da408cb6b2b1bbb3
- SHA256
- 6ce500f64ec8331115568462cbd0b8eee12a208c2ebd512132219abc08d44d62
-
tmp5701.tmp
- Size
- 1.6KiB (1622 bytes)
- Type
- data
- MD5
- 7a982b091551a647770c41c070d5fb15
- SHA1
- 60c1022c98f682ab8150f52cc97eeda3de46d762
- SHA256
- bb4e3b5f01aaf0ea208f6c5ab3385b824b01a549ebc63ce3715d05df26dc195a
-
AAF97DF8955A0A044709078E6305D4FE.mof
- Size
- 8.7KiB (8864 bytes)
- Type
- text
- Description
- C++ source, Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
- MD5
- 6ebc27f8c7f9fd98f25ff5bd54c897a7
- SHA1
- 1be2a871252597750e402424d022c849b0332e20
- SHA256
- 8469b81c9f900956c4d5022c30c2c2eed00d19be4f4c9716dedd41e5d6f61ac7
-
48CEEC55102547DB8D2945999C51BC92.mof
- Size
- 15KiB (15316 bytes)
- Type
- text
- Description
- C++ source, Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
- MD5
- 43d147bdcc68b1074921248ee098ae2e
- SHA1
- d6a67c8ad83cd1498a3beed0de4f11878d0100c0
- SHA256
- 84d8b4e9b103c6f462044cb01173eccff8cdf7f9796ea9c97105972342c0f676
-
tmp5C21.tmp
- Size
- 15KiB (15314 bytes)
- Type
- data
- MD5
- 824258160e45f703b8fa590f036bfe04
- SHA1
- 6517ca4f79898d75827440b9760e548928402afe
- SHA256
- fad607ac87d30209fda0f4237439cadffacf3251d6490bcf66e5b6b8a58090d2
-
1C29FC8FA2CF87E04D41BFB25C6A2483.mof
- Size
- 6.3KiB (6440 bytes)
- Type
- text
- Description
- C++ source, Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
- MD5
- 5a12d01be2df967f244a6db1951df889
- SHA1
- 4b0a5e5f5f9da5472a463948b4f3f268531465e4
- SHA256
- b71eb41c2d49e6b4aa0aa2e545b7435dcd59f9d9bfa42191cf41910cedded3d1
-
Notifications
-
Runtime
- Network whitenoise filtering (Process) was applied
- No static analysis parsing on sample was performed
- Not all Falcon MalQuery lookups completed in time
- Not all IP/URL string resources were checked online
- Not all sources for indicator ID "api-12" are available in the report
- Not all sources for indicator ID "api-31" are available in the report
- Not all sources for indicator ID "api-4" are available in the report
- Not all sources for indicator ID "api-55" are available in the report
- Not all sources for indicator ID "hooks-8" are available in the report
- Not all sources for indicator ID "mutant-0" are available in the report
- Not all sources for indicator ID "registry-1" are available in the report
- Not all sources for indicator ID "registry-17" are available in the report
- Not all sources for indicator ID "registry-18" are available in the report
- Not all sources for indicator ID "registry-19" are available in the report
- Not all sources for indicator ID "registry-55" are available in the report
- Not all sources for indicator ID "string-64" are available in the report
- Not all strings are visible in the report, because the maximum number of strings was reached (5000)
- Some low-level data is hidden, as this is only a slim report