Overview

overview

10

Static

static

DriverUpda...45.exe

windows7_x64

1

DriverUpda...45.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    19-01-2021 05:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DriverUpdate-setup-787b5068-7237-4eb5-af86-4038ded17345.exe

  • Size

    690KB

  • MD5

    9b57d8f7ebf2e307a02430be0a1cdab1

  • SHA1

    15aa078a2e52d95702a35a9d7cff2ec352c73913

  • SHA256

    92dd3781f16d24879509cc96d5a8d3a648ba0249e7da7b1f829e0d4bc455528a

  • SHA512

    387f35d43d2c8e6c1de420e6e3a4b73dc5822901761a2ca4d6e58a0579545ef441dfe3d86dbd1bc0b088f3fa302d13d98c544d6e4491fee9e88c8c0609cecb42

Score
10/10
persistenceupx

Malware Config

Signatures

  • Registers COM server for autorun 1 TTPs
    persistence
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Executes dropped EXE 8 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 18 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • JavaScript code in executable 8 IoCs
  • Drops file in Program Files directory 63 IoCs
  • Drops file in Windows directory 25 IoCs
  • Checks SCSI registry key(s) 3 TTPs 42 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 3 IoCs
    evasion
  • Modifies Control Panel 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 57 IoCs
  • Modifies registry class 564 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 161 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 208 IoCs
  • Suspicious use of WriteProcessMemory 35 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DriverUpdate-setup-787b5068-7237-4eb5-af86-4038ded17345.exe
    "C:\Users\Admin\AppData\Local\Temp\DriverUpdate-setup-787b5068-7237-4eb5-af86-4038ded17345.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:508
    • C:\Program Files\DriverUpdate\DriverUpdate.exe
      "C:\Program Files\DriverUpdate\DriverUpdate.exe" -installscan
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2748
      • C:\Windows\system32\LaunchWinApp.exe
        "C:\Windows\system32\LaunchWinApp.exe" "https://slimware.com/register/driverupdate?&guid=43efa00f-9f1d-423f-af16-cff0cca544a7&lang=en&installer_data=ewogICAidXBsIiA6ICJZVG94TVRwN2N6bzVPaUoxYkY5emRIVmlhV1FpTzNNNk16WTZJamhsTXpS%0D%0AaE9UVmhMVEZtWXpFdE5ERTVNQzFpT1RFNUxUUmxaV0ZpT1Rjek4yRTJNU0k3Y3pveE1Eb2lkV3hm%0D%0AWTI5aWNtRnVaQ0k3Y3pvek9pSlRWeklpTzNNNk1URTZJblZzWDJOaGJYQmhhV2R1SWp0ek9qWTZJ%0D%0Abmh3ZERBeE5DSTdjem80T2lKMWJGOXpkV0pwWkNJN2N6bzFOVG9pUlVGSllVbFJiMkpEYUUxSk1r%0D%0AOVBhalpaYVZnM1owbFdkRUZPT1VOb01IcEJVVEJKUlVGRldVRlRRVUZGWjB3NGIxQkVYMEozUlNJ%0D%0AN2N6bzNPaUp3Y205a2RXTjBJanR6T2pNNklsTlhNaUk3Y3pveE1qb2lkWE5sY2xObFoyMWxiblJ6%0D%0ASWp0UE9qZzZJbk4wWkVOc1lYTnpJam94T250ek9qUTZJbE5wZEdVaU8wODZPRG9pYzNSa1EyeGhj%0D%0AM01pT2pJNmUzTTZOam9pUkc5dFlXbHVJanR6T2pFeU9pSnpiR2x0ZDJGeVpTNWpiMjBpTzNNNk5E%0D%0Ab2lVR0ZuWlNJN2N6b3lNam9pTDJSdmQyNXNiMkZrTDJSeWFYWmxjblZ3WkdGMFpTSTdmWDF6T2pF%0D%0AeE9pSmljbTkzYzJWeVZIbHdaU0k3WWpvd08zTTZNVFE2SW1KeWIzZHpaWEpXWlhKemFXOXVJanRp%0D%0AT2pBN2N6b3hOVG9pWW5KdmQzTmxja3hoYm1kMVlXZGxJanR6T2pBNklpSTdjem94TURvaWNHeGhk%0D%0AR1p2Y20xUFV5STdZam93TzNNNk1UYzZJbkJzWVhSbWIzSnRUMU5XWlhKemFXOXVJanRpT2pBN2ZR%0D%0APT0iCn0K&config=YTo1OntzOjY6Im1lbW9yeSI7czo2OiI0LjAgR0IiO3M6NToibW9kZWwiO3M6NDoiODBURyI7czo4%0D%0AOiJncmFwaGljcyI7czozMToiTWljcm9zb2Z0IEJhc2ljIERpc3BsYXkgQWRhcHRlciI7czo5OiJw%0D%0Acm9jZXNzb3IiO3M6MjM6IlBlcnNvY29uIFByb2Nlc3NvciAyLjUrIjtzOjEyOiJtYW51ZmFjdHVy%0D%0AZXIiO3M6NjoiTEVOT1ZPIjt9&machineId=6D24CB0C-480B-44E8-8014-FF690C952658&installId=820FD095-BA26-44D6-9E0C-136AF83A384D&productVersion=5.8.16.54"
        3⤵
          PID:488
      • C:\Users\Admin\AppData\Local\Temp\scp4F3B.tmp.exe
        "C:\Users\Admin\AppData\Local\Temp\scp4F3B.tmp.exe" --silent SI_LAUNCH=onreboot SI_MODE=toaster SI_DELAY=5 @P2_ORIGIN=^SW1^xdm111 @P2=^SW2^xpt014^^ @UL_STUBID=8e34a95a-1fc1-4190-b919-4eeab9737a61
        2⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:3908
        • C:\Users\Admin\AppData\Local\Temp\SlimCleaner-setup.exe
          "C:\Users\Admin\AppData\Local\Temp\SlimCleaner-setup.exe" --silent SI_LAUNCH=onreboot SI_MODE=toaster SI_DELAY=5
          3⤵
          • Executes dropped EXE
          PID:2336
    • C:\Windows\system32\msiexec.exe
      C:\Windows\system32\msiexec.exe /V
      1⤵
      • Enumerates connected drives
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2684
      • C:\Windows\System32\MsiExec.exe
        C:\Windows\System32\MsiExec.exe -Embedding FE9880CD03DA41B6423A0668CC5B5B09
        2⤵
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:648
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 179BBFA03C29DEA8FC601E652DDF1AE0
        2⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2656
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\SysWOW64\cmd.exe" /c "taskkill /F /IM "SlimCleanerPlus.exe" & taskkill /f /im slimservice.exe & taskkill /f /im slimservicefactory.exe"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3060
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill /F /IM "SlimCleanerPlus.exe"
            4⤵
            • Kills process with taskkill
            PID:4060
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill /f /im slimservice.exe
            4⤵
            • Kills process with taskkill
            PID:2584
          • C:\Windows\SysWOW64\taskkill.exe
            taskkill /f /im slimservicefactory.exe
            4⤵
            • Kills process with taskkill
            PID:4140
      • C:\Program Files\SlimServices\SlimService.exe
        "C:\Program Files\SlimServices\SlimService.exe" /regserver
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Modifies registry class
        PID:4464
      • C:\Program Files\SlimServices\SlimServiceFactory.exe
        "C:\Program Files\SlimServices\SlimServiceFactory.exe" /regserver
        2⤵
        • Executes dropped EXE
        • Modifies registry class
        PID:4532
    • \??\c:\windows\system32\svchost.exe
      c:\windows\system32\svchost.exe -k netsvcs -s seclogon
      1⤵
      • Suspicious use of NtCreateUserProcessOtherParentProcess
      • Suspicious use of WriteProcessMemory
      PID:2364
    • C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe
      "C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe"
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies data under HKEY_USERS
      PID:2024
    • C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.exe
      "C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.exe" -Embedding
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks SCSI registry key(s)
      • Modifies data under HKEY_USERS
      PID:2816
    • C:\Windows\system32\wbem\unsecapp.exe
      C:\Windows\system32\wbem\unsecapp.exe -Embedding
      1⤵
        PID:3676
      • C:\Program Files\DriverUpdate\DriverUpdate.exe
        "C:\Program Files\DriverUpdate\DriverUpdate.exe" "C:\Program Files\DriverUpdate\DriverUpdate.exe" -installresults
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:416
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
        1⤵
        • Drops file in Windows directory
        • Modifies Control Panel
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:4200
      • C:\Windows\system32\browser_broker.exe
        C:\Windows\system32\browser_broker.exe -Embedding
        1⤵
        • Modifies Internet Explorer settings
        PID:4240
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of WriteProcessMemory
        PID:4504
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:4656
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        PID:5116
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
          PID:4500
        • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
          "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
          1⤵
          • Modifies registry class
          PID:5032

        Network

        MITRE ATT&CK Matrix ATT&CK v6

        Initial Access

        Execution

        Persistence

        Registry Run Keys / Startup Folder

        2
        T1060

        Privilege Escalation

        Defense Evasion

        Modify Registry

        2
        T1112

        Credential Access

        Discovery

        Query Registry

        2
        T1012

        Peripheral Device Discovery

        2
        T1120

        System Information Discovery

        2
        T1082

        Lateral Movement

        Collection

        Exfiltration

        Command and Control

        Impact

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\DriverUpdate\BugSplat.dll
          MD5

          e294d13f8b64989a2b15b558f567d7ba

          SHA1

          e10626ae59f1c888ed48c7be51e9e8b491259599

          SHA256

          6fd184e4e2b1d4ca2314f4d16b0e86a0e398054038a2235086d588f02bf39c67

          SHA512

          5292aaae51e82daf55e6dbe68182b253f238e5cbd50fd342bc51cb82ff13b64c2fba4fa97ddd07bbf6283301c0f84f5f6b5a3a762e995fc54f6d4ed9807fd407

          Download Submit
        • C:\Program Files\DriverUpdate\DriverUpdate.exe
          MD5

          8a70193b4d03c2225199f106ed25be0a

          SHA1

          9038ec8ff8a977d2f003b819f10d1bcfe0c88d38

          SHA256

          e7321eb4fe557003ab89958e50123a92e41361dbe814267dd5dc2ff08c6b1b30

          SHA512

          99624961333af324c6af66df4445f50371a18156635a81cc55b9dd3869ead99cf3a140833de15e515ebe5eb706a7ef13242801b20a59d749ede0632283f572b5

          Download Submit
        • C:\Program Files\DriverUpdate\DriverUpdate.exe
          MD5

          8a70193b4d03c2225199f106ed25be0a

          SHA1

          9038ec8ff8a977d2f003b819f10d1bcfe0c88d38

          SHA256

          e7321eb4fe557003ab89958e50123a92e41361dbe814267dd5dc2ff08c6b1b30

          SHA512

          99624961333af324c6af66df4445f50371a18156635a81cc55b9dd3869ead99cf3a140833de15e515ebe5eb706a7ef13242801b20a59d749ede0632283f572b5

          Download Submit
        • C:\Program Files\DriverUpdate\DriverUpdate.exe
          MD5

          8a70193b4d03c2225199f106ed25be0a

          SHA1

          9038ec8ff8a977d2f003b819f10d1bcfe0c88d38

          SHA256

          e7321eb4fe557003ab89958e50123a92e41361dbe814267dd5dc2ff08c6b1b30

          SHA512

          99624961333af324c6af66df4445f50371a18156635a81cc55b9dd3869ead99cf3a140833de15e515ebe5eb706a7ef13242801b20a59d749ede0632283f572b5

          Download Submit
        • C:\Program Files\DriverUpdate\SlimWare.DriverUpdate.Services.dll
          MD5

          adc75ffb94d21a320a46dc3b2a5fa456

          SHA1

          71232a4e2805dc6d86a1c4c46e92013babb3c6c8

          SHA256

          5d79fc11d717b88fd34c09d025279125773e01cb8401f81bbbe3170ad3dc2e3c

          SHA512

          151ae707569c20eaddb883ecf011b1bc256f7510e1a7bd9de94be1bf02ad371344ecdf3932ed8546341ef04e310ad0aeac69cac3713eddddaa6c64aadf1312e6

          Download Submit
        • C:\Program Files\DriverUpdate\SlimWare.Messaging.dll
          MD5

          f0e2ae32444a39c0980563362f133465

          SHA1

          266e9dc35f4667149953407101fa6bec2c649ad9

          SHA256

          52c2cf7eaad4d5a3e040f027594806188c0b14c277676cb2f4a4f2379cacadb4

          SHA512

          0c074b15d369155d2bff0069a3ac6d2880555ae2808e5e2de5a4e46dfd6af800eba5529a5fd5f6fdd8e46afa7defa45a42eeeba32c2b130e742d082b494c7370

          Download Submit
        • C:\Program Files\DriverUpdate\SlimWare.PushNotification.Services.dll
          MD5

          48c40a43e01250f8d0b6bb9f4c624def

          SHA1

          5b6440dbea4e39da6390abfa1c916b99bd4ab275

          SHA256

          25e8b1e43219ade22c5ed8a98af6f2027e31c56e3744cbb99ec619acf1c16819

          SHA512

          120ddbe552d1920271a749be9c2d2843af82682238f842f49fb66b3fe8fa34488bb808e720ab07141736deaa33115177cde570d346678ba530999c58545cb562

          Download Submit
        • C:\Program Files\DriverUpdate\UnifiedLogger.dll
          MD5

          1e991b7b74f0dfcc6da3fb1e0a7c893f

          SHA1

          aff20ae9b8cd1a8dc9f24edd7073e211a5d753b2

          SHA256

          efc3770a6460084788cce9b151c033b278c73a9e269c09145f01887819b9361c

          SHA512

          1fe99a40bfaaf7eae93b9632e463b1752700b22547f8873f575a87fd91b3aa24d5da599de9b07f132013313d28f5e9c375146d005c828fdcd8f3025c14bb2ba9

          Download Submit
        • C:\Program Files\SlimServices\SlimService.exe
          MD5

          2e54de29cc012bd960f028f8b67cb78f

          SHA1

          2a9e2a180533798b784e7f1f40a6010ff27f7725

          SHA256

          c5dc356d255c1d563bb5a513832265681f2391010625aee5d2be5be20c083c2e

          SHA512

          4109281bb53db56853c54acdfbffa810ca242639c3a7a3f5d8612806165124b5ac32d703394b97c46a0f310737369663515d2ce6bc7869c48f3286767c294009

          Download Submit
        • C:\Program Files\SlimServices\SlimService.exe
          MD5

          2e54de29cc012bd960f028f8b67cb78f

          SHA1

          2a9e2a180533798b784e7f1f40a6010ff27f7725

          SHA256

          c5dc356d255c1d563bb5a513832265681f2391010625aee5d2be5be20c083c2e

          SHA512

          4109281bb53db56853c54acdfbffa810ca242639c3a7a3f5d8612806165124b5ac32d703394b97c46a0f310737369663515d2ce6bc7869c48f3286767c294009

          Download Submit
        • C:\Program Files\SlimServices\SlimServiceFactory.exe
          MD5

          fb04c6cec8cc05755704d555e18c8f1a

          SHA1

          456d99ee4fdd85e4bb5086136b62294b4d9022d8

          SHA256

          6bd3a958d4159853017c2bb1e823f76897dbd559dca66a495f3b2d54e3d21f99

          SHA512

          e30b46d880cc1db3f2a20593139c75085d3d49870dbb43fde9547d8811875414cdfbb51f9aaa7a9aba47e9ce63a0037804a62e01905755ea3c59c4e46070a4fa

          Download Submit
        • C:\Program Files\SlimServices\SlimServiceFactory.exe
          MD5

          fb04c6cec8cc05755704d555e18c8f1a

          SHA1

          456d99ee4fdd85e4bb5086136b62294b4d9022d8

          SHA256

          6bd3a958d4159853017c2bb1e823f76897dbd559dca66a495f3b2d54e3d21f99

          SHA512

          e30b46d880cc1db3f2a20593139c75085d3d49870dbb43fde9547d8811875414cdfbb51f9aaa7a9aba47e9ce63a0037804a62e01905755ea3c59c4e46070a4fa

          Download Submit
        • C:\Program Files\SlimServices\icudt46l.dat
          MD5

          2845ceefc13dac427dfac8e0a5769ce2

          SHA1

          9e49f1b7a2513a5d37d434e38f9984fdd1e7c5ed

          SHA256

          3b4db6bec8e28a7bb0358ab827aa5f45d8e6b0df71f982ce9bb39ef1c71151d5

          SHA512

          0dbcc147ca93d097cfa93404845701de8c10f278770b450f6efab0d132e012d01ba77183575cc99b6330303ceda8ce2eec581e7df762052adee1a23d7726437b

          Download Submit
        • C:\Program Files\SlimServices\winrt.dll
          MD5

          3bba6f6705085cd26fef183fdd1807ad

          SHA1

          eb1355c4d2777444c3e4788122119b2e60b28aa8

          SHA256

          1076117986e27e0bca3c6396b0593f1bab3b2edef76053f0144e3835f76a2112

          SHA512

          807bcb32bd037f4bc3719d075e54dbf57854109d4cc144ce7f67fa126fdda0f5865d3d3d204a65b432b9ed1debd80cdb07feb82ca03f6f39aa10a1676b28df6a

          Download Submit
        • C:\Program Files\SlimWare Utilities\Services\BugSplat64.dll
          MD5

          f1a2d92bb8738eab02b92c741a9c5299

          SHA1

          ac22734c386e3e2dabe9ac9767a23e8f01755d4f

          SHA256

          6859c336dc4f42dc70a542db8185948931907734978eeb7088d47256bd4199cd

          SHA512

          344ad89725e98636bae65b219f479a59c98e0131e2dbbab80c3c35443b776499d5c2a4e218ce62c0752cc67eb595c75b83775c54065a13986265885675b0cd99

          Download Submit
        • C:\Program Files\SlimWare Utilities\Services\SlimWare.Core.dll
          MD5

          8cc32b432ee34f64a3d6a11661a8c735

          SHA1

          7a3a19528d9428e53595a1c38f2f660ecf27ca43

          SHA256

          79cc5a60a7d8b4649b78e890bdcfe06e110b9fd23ff854ca1a7bf2cc5caf8561

          SHA512

          f03810c962608d3a8d2546946019665c010eda19e7797a178943069111ca38675592b4ab62e8749e56c91616a6ff4ba8d00a5cdc9586113309a096812c0c899f

          Download Submit
        • C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe
          MD5

          cafa201c22f96d57102147b403c5dc47

          SHA1

          d311f72b61dce4ac963f01e708cb7bc216d19aa2

          SHA256

          e0f1740a80b80472ed0c00cf8fd1f5221305ab3ef61ee1ae0f4db832923f8211

          SHA512

          db5ac7794b278742a2b7f38547f000bd38be8d89a6599133981aeec784157264222c14cb9a9c577e2ac52a1dfab1db067d8c0e46eafd942dcd4941fe034ef677

          Download Submit
        • C:\Program Files\SlimWare Utilities\Services\SlimWare.Services.exe
          MD5

          cafa201c22f96d57102147b403c5dc47

          SHA1

          d311f72b61dce4ac963f01e708cb7bc216d19aa2

          SHA256

          e0f1740a80b80472ed0c00cf8fd1f5221305ab3ef61ee1ae0f4db832923f8211

          SHA512

          db5ac7794b278742a2b7f38547f000bd38be8d89a6599133981aeec784157264222c14cb9a9c577e2ac52a1dfab1db067d8c0e46eafd942dcd4941fe034ef677

          Download Submit
        • C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.ProxyStub.dll
          MD5

          06a8b08f6b9e99ad1e51c8f485f3db8a

          SHA1

          0e42414d2e74e51ac327add86e94941b2b997a17

          SHA256

          926ae2a36046e1fb671d8bca132b0d6e34df945d6b37b43d8ae955c73efe6912

          SHA512

          cf997fa0ba01528e8e0454716de96c88eb3c650f412d2dd2c84ee79c494a35bb3204092296e7008cae546e45de7986c99521307a1cd7c7e027ec7bed4ba86a7d

          Download Submit
        • C:\Program Files\SlimWare Utilities\Services\SlimWare.Session.exe
          MD5

          e80a2c170843a3492bddba4048d36101

          SHA1

          512f5fbdab22d5b15bf6ef5e9af4bc1d19270565

          SHA256

          d54151b0a1ee409b3f82cc093dce453fa1fd5c275b5b015c1674b55f9cc385ba

          SHA512

          bee760fca6ab3bd41f72d48a6beeebeea8decc0cacdb61f799144f5f9cb95c3f5a21b9a6114097a66b126f472fa358b9858a5f821ecfe9051bbb00ccdf5fe6be

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
          MD5

          8df2bb48ca13f719b36a2df89d743191

          SHA1

          803d54f7f6894c2cbf1c8e3d5e903439d9f05728

          SHA256

          6e77f95c9a8462ee3902b9798e9733154f3f5740ccfc0b92b0882ef5eb2c537d

          SHA512

          898f70b72b80e2f122e953a55a4bc1652d2dbab9dba2f6cf86a74f8b2946c0c7c99394c93e6a53f13e5eae407273b76f93448a7a35c4753c42a78c635049c649

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_2280A2210A1DD6666EC3A552D924ABF6
          MD5

          4e6a623f1d0b5aa0296a02b61f3df369

          SHA1

          a5797a957a92aee4ea3883b22484fac9c6cfe741

          SHA256

          aa44a5f1ed62aba84b2283d2465a64a3531b5fcef005d3be03c45a9eebf0bb8c

          SHA512

          2df1dce32bf5525d518d26730c661b756b8829abb7173643a81d4324017d3fc627484699917b6992e4ccb03005d9114cb01ad937d5576a3795e1e3a6f2e0bdf1

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
          MD5

          eedebbbf810fa3d4cb7cf2bcca135682

          SHA1

          0c1a206b5e71162bf1a627b5b092addc4331c5eb

          SHA256

          08d19199013cf464498a3ceeed9727a5d534c3e8cfa8254bbcef7d1c81230284

          SHA512

          5085fc2d8b2e04cb1a24d3cbc95b26ee27c480ec8d6346d36fad089465d6ff954b999a312a9fe7362472c2bf589a7915ae6d35b0d7d0a08b8e6e1b33c02e1c5a

          Download Submit
        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_2280A2210A1DD6666EC3A552D924ABF6
          MD5

          4dd2770c00519ec6390712d851b3a6d0

          SHA1

          6c47916784a85eadb2e5823c38991fa7dedcd998

          SHA256

          67bb01abbd76c0abdb8172ec964b3c2d518ca68597dc38d543262886432df837

          SHA512

          270c40b77778b046cf13e21e8cc78476c614db1b8fa6d067b093dac4e0061380ef4eb073df9294f87d97ee14cb1d285c418ebd32f7307119f49163ed10de205d

          Download Submit
        • C:\Users\Admin\AppData\Local\Downloaded Installers\{65EFE74B-C710-4203-9B17-458D38584DED}\setup.msi
          MD5

          d2f751dab4b41916a19eeffdc5169682

          SHA1

          eb84833bced6582a85c1059b981f3d1ffc1992c7

          SHA256

          0fc72fcae3fa3a60b27babf857ec33f527a83f02fafedd2f52ea74444d5a78b2

          SHA512

          7923b2bc8eab0c2fc70909f26adb4c44a309b1900ac280042be8507a81e876087b008bdbf4c2e4b0574af71466322e0711154ed025855bd2d59e4c814c931f0e

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\SW2-install.log
          MD5

          d70119e4926a20ac3805893cc140a864

          SHA1

          ed6eedc3ccf5c2f37f385b75d74c151505ad12cb

          SHA256

          9b8e0e689693bbecd56212070206aacbfe18c374976d7f521d40b1c0840f2a57

          SHA512

          d4020edde9ad88681dffffe2472be22473d724e3b801b1826661735ec74c45e21e112f085a3f8a7365f929dcce7f770110bd793b8d35fb469f053b3570418ca3

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\SlimCleaner-setup.exe
          MD5

          7270f8c1a1024c194f092d98ad1b0f9d

          SHA1

          4f174acebdcbb4db4ff5af060229e2220fc27cfe

          SHA256

          d1e756241a818db02ca3381ac65d6d4f1060f80d6118131686a00554d96b126e

          SHA512

          cdf24d1eaf92b3b4e9691bea4a025fd09ea1807f0c5cc3beed6825079bc9baf33a4e00d955216fdad7f38b6c4b852c574963f916ed1ca171f1711878853b4f15

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\SlimCleaner-setup.exe
          MD5

          7270f8c1a1024c194f092d98ad1b0f9d

          SHA1

          4f174acebdcbb4db4ff5af060229e2220fc27cfe

          SHA256

          d1e756241a818db02ca3381ac65d6d4f1060f80d6118131686a00554d96b126e

          SHA512

          cdf24d1eaf92b3b4e9691bea4a025fd09ea1807f0c5cc3beed6825079bc9baf33a4e00d955216fdad7f38b6c4b852c574963f916ed1ca171f1711878853b4f15

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\scp4F3B.tmp.exe
          MD5

          d4522da4772683c9ff12e86a173f5457

          SHA1

          f1e5bc8f8ebd6bb2566a4ff31d8e1fbe152b521e

          SHA256

          48a333f00e2f13664e77e58b324a8ee131b46806aa326dfe6808d84faa53ffe6

          SHA512

          f010939ff227f8847ac6c0788fdaf9df6c5ed83caba46998c1d1d4a3adefb98b7b4025fec46a4e57f59ace9e095c1802f1ae94b4cbd8b5d7e55a9626e28f1dcc

          Download Submit
        • C:\Users\Admin\AppData\Local\Temp\scp4F3B.tmp.exe
          MD5

          d4522da4772683c9ff12e86a173f5457

          SHA1

          f1e5bc8f8ebd6bb2566a4ff31d8e1fbe152b521e

          SHA256

          48a333f00e2f13664e77e58b324a8ee131b46806aa326dfe6808d84faa53ffe6

          SHA512

          f010939ff227f8847ac6c0788fdaf9df6c5ed83caba46998c1d1d4a3adefb98b7b4025fec46a4e57f59ace9e095c1802f1ae94b4cbd8b5d7e55a9626e28f1dcc

          Download Submit
        • C:\Users\Public\Documents\Downloaded Installers\{836CC232-FC4F-427A-8944-425D623EAB45}\setup.msi
          MD5

          5ecb968f55f9c1841f82a4e930ee3c24

          SHA1

          465af397d6fcff13a08a56141d96bc32acf829a1

          SHA256

          b89865f15344b76778ab09865ea7c4f7119189d2aa775eb6a74567ceac398ea0

          SHA512

          72c86217fe05819f4892ef606a9c233e8959fd6ef77037a246aec5857b0bbd5ab37230af3ec54c35bedd6f48a2ed029cfbd7e4e44493487ff26a4a0ddb730336

          Download Submit
        • C:\Windows\Installer\MSI6041.tmp
          MD5

          fb6cdb0cddd0f384701022b0d1e8d833

          SHA1

          6477ad19453f4935e9a72682eff59590fa8c6ffd

          SHA256

          24556d9695f166c495c738f265e1ad82de8883acb44ab78f882867f52339ee0a

          SHA512

          aba895fd39a6648a548a433fb6db72c2127573fc6f5e905a92b885e41fd3b118d454dc92ca8a88df84d92d11e762986dc14a11b5b7f0d739ef6d2d9187796143

          Download Submit
        • C:\Windows\Installer\MSI69F8.tmp
          MD5

          fb6cdb0cddd0f384701022b0d1e8d833

          SHA1

          6477ad19453f4935e9a72682eff59590fa8c6ffd

          SHA256

          24556d9695f166c495c738f265e1ad82de8883acb44ab78f882867f52339ee0a

          SHA512

          aba895fd39a6648a548a433fb6db72c2127573fc6f5e905a92b885e41fd3b118d454dc92ca8a88df84d92d11e762986dc14a11b5b7f0d739ef6d2d9187796143

          Download Submit
        • C:\Windows\Installer\MSIAE57.tmp
          MD5

          d773d9bd091e712df7560f576da53de8

          SHA1

          165cfbdce1811883360112441f7237b287cf0691

          SHA256

          e0db1804cf53ed4819ed70cb35c67680ce1a77573efded86e6dac81010ce55e7

          SHA512

          15a956090f8756a6bfdbe191fda36739b1107eada62c6cd3058218beb417bdbd2ea82be9b055f7f6eb8017394b330daff2e9824dbc9c4f137bead8e2ac0574cd

          Download Submit
        • \Program Files\DriverUpdate\BugSplat.dll
          MD5

          e294d13f8b64989a2b15b558f567d7ba

          SHA1

          e10626ae59f1c888ed48c7be51e9e8b491259599

          SHA256

          6fd184e4e2b1d4ca2314f4d16b0e86a0e398054038a2235086d588f02bf39c67

          SHA512

          5292aaae51e82daf55e6dbe68182b253f238e5cbd50fd342bc51cb82ff13b64c2fba4fa97ddd07bbf6283301c0f84f5f6b5a3a762e995fc54f6d4ed9807fd407

          Download Submit
        • \Program Files\DriverUpdate\BugSplat.dll
          MD5

          e294d13f8b64989a2b15b558f567d7ba

          SHA1

          e10626ae59f1c888ed48c7be51e9e8b491259599

          SHA256

          6fd184e4e2b1d4ca2314f4d16b0e86a0e398054038a2235086d588f02bf39c67

          SHA512

          5292aaae51e82daf55e6dbe68182b253f238e5cbd50fd342bc51cb82ff13b64c2fba4fa97ddd07bbf6283301c0f84f5f6b5a3a762e995fc54f6d4ed9807fd407

          Download Submit
        • \Program Files\DriverUpdate\SlimWare.DriverUpdate.Services.dll
          MD5

          adc75ffb94d21a320a46dc3b2a5fa456

          SHA1

          71232a4e2805dc6d86a1c4c46e92013babb3c6c8

          SHA256

          5d79fc11d717b88fd34c09d025279125773e01cb8401f81bbbe3170ad3dc2e3c

          SHA512

          151ae707569c20eaddb883ecf011b1bc256f7510e1a7bd9de94be1bf02ad371344ecdf3932ed8546341ef04e310ad0aeac69cac3713eddddaa6c64aadf1312e6

          Download Submit
        • \Program Files\DriverUpdate\SlimWare.Messaging.dll
          MD5

          f0e2ae32444a39c0980563362f133465

          SHA1

          266e9dc35f4667149953407101fa6bec2c649ad9

          SHA256

          52c2cf7eaad4d5a3e040f027594806188c0b14c277676cb2f4a4f2379cacadb4

          SHA512

          0c074b15d369155d2bff0069a3ac6d2880555ae2808e5e2de5a4e46dfd6af800eba5529a5fd5f6fdd8e46afa7defa45a42eeeba32c2b130e742d082b494c7370

          Download Submit
        • \Program Files\DriverUpdate\SlimWare.PushNotification.Services.dll
          MD5

          48c40a43e01250f8d0b6bb9f4c624def

          SHA1

          5b6440dbea4e39da6390abfa1c916b99bd4ab275

          SHA256

          25e8b1e43219ade22c5ed8a98af6f2027e31c56e3744cbb99ec619acf1c16819

          SHA512

          120ddbe552d1920271a749be9c2d2843af82682238f842f49fb66b3fe8fa34488bb808e720ab07141736deaa33115177cde570d346678ba530999c58545cb562

          Download Submit
        • \Program Files\DriverUpdate\UnifiedLogger.dll
          MD5

          1e991b7b74f0dfcc6da3fb1e0a7c893f

          SHA1

          aff20ae9b8cd1a8dc9f24edd7073e211a5d753b2

          SHA256

          efc3770a6460084788cce9b151c033b278c73a9e269c09145f01887819b9361c

          SHA512

          1fe99a40bfaaf7eae93b9632e463b1752700b22547f8873f575a87fd91b3aa24d5da599de9b07f132013313d28f5e9c375146d005c828fdcd8f3025c14bb2ba9

          Download Submit
        • \Program Files\SlimServices\WinRT.dll
          MD5

          3bba6f6705085cd26fef183fdd1807ad

          SHA1

          eb1355c4d2777444c3e4788122119b2e60b28aa8

          SHA256

          1076117986e27e0bca3c6396b0593f1bab3b2edef76053f0144e3835f76a2112

          SHA512

          807bcb32bd037f4bc3719d075e54dbf57854109d4cc144ce7f67fa126fdda0f5865d3d3d204a65b432b9ed1debd80cdb07feb82ca03f6f39aa10a1676b28df6a

          Download Submit
        • \Program Files\SlimWare Utilities\Services\BugSplat64.dll
          MD5

          f1a2d92bb8738eab02b92c741a9c5299

          SHA1

          ac22734c386e3e2dabe9ac9767a23e8f01755d4f

          SHA256

          6859c336dc4f42dc70a542db8185948931907734978eeb7088d47256bd4199cd

          SHA512

          344ad89725e98636bae65b219f479a59c98e0131e2dbbab80c3c35443b776499d5c2a4e218ce62c0752cc67eb595c75b83775c54065a13986265885675b0cd99

          Download Submit
        • \Program Files\SlimWare Utilities\Services\BugSplat64.dll
          MD5

          f1a2d92bb8738eab02b92c741a9c5299

          SHA1

          ac22734c386e3e2dabe9ac9767a23e8f01755d4f

          SHA256

          6859c336dc4f42dc70a542db8185948931907734978eeb7088d47256bd4199cd

          SHA512

          344ad89725e98636bae65b219f479a59c98e0131e2dbbab80c3c35443b776499d5c2a4e218ce62c0752cc67eb595c75b83775c54065a13986265885675b0cd99

          Download Submit
        • \Program Files\SlimWare Utilities\Services\SlimWare.Core.dll
          MD5

          8cc32b432ee34f64a3d6a11661a8c735

          SHA1

          7a3a19528d9428e53595a1c38f2f660ecf27ca43

          SHA256

          79cc5a60a7d8b4649b78e890bdcfe06e110b9fd23ff854ca1a7bf2cc5caf8561

          SHA512

          f03810c962608d3a8d2546946019665c010eda19e7797a178943069111ca38675592b4ab62e8749e56c91616a6ff4ba8d00a5cdc9586113309a096812c0c899f

          Download Submit
        • \Program Files\SlimWare Utilities\Services\SlimWare.Core.dll
          MD5

          8cc32b432ee34f64a3d6a11661a8c735

          SHA1

          7a3a19528d9428e53595a1c38f2f660ecf27ca43

          SHA256

          79cc5a60a7d8b4649b78e890bdcfe06e110b9fd23ff854ca1a7bf2cc5caf8561

          SHA512

          f03810c962608d3a8d2546946019665c010eda19e7797a178943069111ca38675592b4ab62e8749e56c91616a6ff4ba8d00a5cdc9586113309a096812c0c899f

          Download Submit
        • \Program Files\SlimWare Utilities\Services\SlimWare.Session.ProxyStub.dll
          MD5

          06a8b08f6b9e99ad1e51c8f485f3db8a

          SHA1

          0e42414d2e74e51ac327add86e94941b2b997a17

          SHA256

          926ae2a36046e1fb671d8bca132b0d6e34df945d6b37b43d8ae955c73efe6912

          SHA512

          cf997fa0ba01528e8e0454716de96c88eb3c650f412d2dd2c84ee79c494a35bb3204092296e7008cae546e45de7986c99521307a1cd7c7e027ec7bed4ba86a7d

          Download Submit
        • \Program Files\SlimWare Utilities\Services\SlimWare.Session.ProxyStub.dll
          MD5

          06a8b08f6b9e99ad1e51c8f485f3db8a

          SHA1

          0e42414d2e74e51ac327add86e94941b2b997a17

          SHA256

          926ae2a36046e1fb671d8bca132b0d6e34df945d6b37b43d8ae955c73efe6912

          SHA512

          cf997fa0ba01528e8e0454716de96c88eb3c650f412d2dd2c84ee79c494a35bb3204092296e7008cae546e45de7986c99521307a1cd7c7e027ec7bed4ba86a7d

          Download Submit
        • \Users\Admin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\htmlayout.dll
          MD5

          ee2540c23fc04dd39a17cc466ff3c946

          SHA1

          d61d77d4def107fc63350f457c32d06ac675ef19

          SHA256

          5c43198ee7e9e4c94f4700a8032d368d3854c6b7e2f04a930d23b373f55ee003

          SHA512

          00ec2be28622b295b7ecf34a02d48085c4f4d399e6ed94df13d6c79b076e05cafb3d3c702bca612b51c6773726776797677b2642555718f3512db2b9bc2845df

          Download Submit
        • \Users\Admin\AppData\Local\SlimWare Utilities Inc\DriverUpdate\htmlayout.dll
          MD5

          ee2540c23fc04dd39a17cc466ff3c946

          SHA1

          d61d77d4def107fc63350f457c32d06ac675ef19

          SHA256

          5c43198ee7e9e4c94f4700a8032d368d3854c6b7e2f04a930d23b373f55ee003

          SHA512

          00ec2be28622b295b7ecf34a02d48085c4f4d399e6ed94df13d6c79b076e05cafb3d3c702bca612b51c6773726776797677b2642555718f3512db2b9bc2845df

          Download Submit
        • \Windows\Installer\MSI6041.tmp
          MD5

          fb6cdb0cddd0f384701022b0d1e8d833

          SHA1

          6477ad19453f4935e9a72682eff59590fa8c6ffd

          SHA256

          24556d9695f166c495c738f265e1ad82de8883acb44ab78f882867f52339ee0a

          SHA512

          aba895fd39a6648a548a433fb6db72c2127573fc6f5e905a92b885e41fd3b118d454dc92ca8a88df84d92d11e762986dc14a11b5b7f0d739ef6d2d9187796143

          Download Submit
        • \Windows\Installer\MSI69F8.tmp
          MD5

          fb6cdb0cddd0f384701022b0d1e8d833

          SHA1

          6477ad19453f4935e9a72682eff59590fa8c6ffd

          SHA256

          24556d9695f166c495c738f265e1ad82de8883acb44ab78f882867f52339ee0a

          SHA512

          aba895fd39a6648a548a433fb6db72c2127573fc6f5e905a92b885e41fd3b118d454dc92ca8a88df84d92d11e762986dc14a11b5b7f0d739ef6d2d9187796143

          Download Submit
        • \Windows\Installer\MSIAE57.tmp
          MD5

          d773d9bd091e712df7560f576da53de8

          SHA1

          165cfbdce1811883360112441f7237b287cf0691

          SHA256

          e0db1804cf53ed4819ed70cb35c67680ce1a77573efded86e6dac81010ce55e7

          SHA512

          15a956090f8756a6bfdbe191fda36739b1107eada62c6cd3058218beb417bdbd2ea82be9b055f7f6eb8017394b330daff2e9824dbc9c4f137bead8e2ac0574cd

          Download Submit
        • memory/488-49-0x0000000000000000-mapping.dmp
          Download
        • memory/648-8-0x0000000000000000-mapping.dmp
          Download
        • memory/2336-43-0x0000000000000000-mapping.dmp
          Download
        • memory/2584-55-0x0000000000000000-mapping.dmp
          Download
        • memory/2656-50-0x0000000000000000-mapping.dmp
          Download
        • memory/2748-14-0x0000000000000000-mapping.dmp
          Download
        • memory/3060-53-0x0000000000000000-mapping.dmp
          Download
        • memory/3908-40-0x0000000000000000-mapping.dmp
          Download
        • memory/4060-54-0x0000000000000000-mapping.dmp
          Download
        • memory/4140-56-0x0000000000000000-mapping.dmp
          Download
        • memory/4464-57-0x0000000000000000-mapping.dmp
          Download
        • memory/4532-63-0x0000000000000000-mapping.dmp
          Download