7771efb67031aade42022b1ec6e9392b65d07e0180b82cb4e68f8709c6f4e03d

Analysis

max time kernel
474s
max time network
515s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
28-08-2023 02:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

adusetupipg_googleadw-adu_gads_usa_ext.exe
Size

8.8MB
MD5

2335a750096cb245737b423794866a82
SHA1

29c676cf08535b01889a94bd181bc22f5d70459e
SHA256

7771efb67031aade42022b1ec6e9392b65d07e0180b82cb4e68f8709c6f4e03d
SHA512

6f43936fb086c9e2da62fe29f76f4206bf33e17fd8d853371808873dfe536f8c0978c4db3e79f55f533c11cbeaba65f9841b5175e8d3a1d32c98f6d0c20fc7f9
SSDEEP

196608:lDDbq7CsUmsR1V085lc6oLMmoOHImE459rmO3fXNDcfMvXi:lDDO7C31R1Vp36xzzjDaO3fW0vy

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Drops file in Drivers directory 2 IoCs

Processes:

DrvInst.exeDrvInst.exe

description	ioc	process
File opened for modification	C:\Windows\System32\drivers\storahci.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\drivers\storahci.sys	DrvInst.exe

Drops desktop.ini file(s) 2 IoCs

Processes:

ADU.exe

description ioc process

File created C:\Windows\assembly\Desktop.ini ADU.exe
File opened for modification C:\Windows\assembly\Desktop.ini ADU.exe

description	ioc	process
File created	C:\Windows\assembly\Desktop.ini	ADU.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	ADU.exe

Drops file in System32 directory 14 IoCs

Processes:

DrvInst.exeDrvInst.exeDriverUpdateHelper64.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\Temp\{96656783-7940-6740-a877-2f19a23a3d63}\SETADB4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{96656783-7940-6740-a877-2f19a23a3d63}\ibexahci.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{96656783-7940-6740-a877-2f19a23a3d63}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{96656783-7940-6740-a877-2f19a23a3d63}\SETADB3.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ibexahci.inf_amd64_4c0df243c49c912f\ibexahci.PNF	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{96656783-7940-6740-a877-2f19a23a3d63}\SETADB3.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ibexahci.inf_amd64_4c0df243c49c912f\ibexahci.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ibexahci.inf_amd64_4c0df243c49c912f\ibexahci.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{96656783-7940-6740-a877-2f19a23a3d63}\ibexahci.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{96656783-7940-6740-a877-2f19a23a3d63}\SETADB4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ibexahci.inf_amd64_4c0df243c49c912f\ibexahci.PNF	DriverUpdateHelper64.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_74965e869fab271a\mshdc.PNF	DriverUpdateHelper64.exe

Drops file in Program Files directory 64 IoCs

Processes:

adusetupipg_googleadw-adu_gads_usa_ext.tmpadunotifier.exe

description	ioc	process
File created	C:\Program Files (x86)\Advanced Driver Updater\updater\extract\is-DMMPA.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\updater\extract\is-CS07K.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\unins000.dat	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\updater\amd64Helper\difxapi.dll	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\adunotifier.exe	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-446CI.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-40EB7.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\ADUNotifier_log.txt	adunotifier.exe
File created	C:\Program Files (x86)\Advanced Driver Updater\is-9EBT1.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-08T3U.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-9UKTQ.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-QTJLB.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\updater\x86Helper\DriverUpdateHelperx86.exe	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-FSKMR.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\ADUNotifier_OutOfMemorylog.txt	adunotifier.exe
File created	C:\Program Files (x86)\Advanced Driver Updater\is-0BUOG.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\unins000.msg	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\unins000.dat	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-A8E05.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-F65GF.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-5EQ1N.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\updater\amd64Helper\is-LMIE4.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-14U7U.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-UR2FF.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\unrar.dll	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\notifierlib.dll	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\ADU.exe	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\Delimon.Win32.IO.dll	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\Interop.Shell32.dll	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\ADUNotifier_log.txt	adunotifier.exe
File created	C:\Program Files (x86)\Advanced Driver Updater\is-N09VM.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\Xceed.Wpf.Toolkit.dll	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\WpfAnimatedGif.dll	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\updater\extract\7z.exe	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-6D3GJ.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-KBDOL.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-687OK.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-K1KL3.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-IMIL6.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-PM5NR.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\updater\x86Helper\is-TC34H.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-VKG8K.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-54957.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\updater\extract\is-OPM3O.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\ADUNotifier_Corruptlog.txt	adunotifier.exe
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\AWSSDK.dll	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-S7D0L.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\updater\extract\is-1FHKH.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\difxapi64.dll	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-8RO20.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-GB043.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\updater\x86Helper\is-2O6MS.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\updater\x86Helper\is-69CLK.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\updater\extract\is-EPQSR.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\difxapi.dll	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\updater\amd64Helper\is-E2RUC.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\Interop.IWshRuntimeLibrary.dll	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\updater\x86Helper\difxapi.dll	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\updater\extract\7z.dll	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-RDCI2.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\updater\amd64Helper\is-9ISQH.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\WPFToolkit.dll	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File opened for modification	C:\Program Files (x86)\Advanced Driver Updater\Microsoft.Win32.TaskScheduler.dll	adusetupipg_googleadw-adu_gads_usa_ext.tmp
File created	C:\Program Files (x86)\Advanced Driver Updater\is-TMP9A.tmp	adusetupipg_googleadw-adu_gads_usa_ext.tmp

Drops file in Windows directory 21 IoCs

Processes:

ADU.exeDrvInst.exeDrvInst.exedw20.exeMicrosoftEdgeCP.exeDriverUpdateHelper64.exeDrvInst.exesvchost.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeADU.exe

description	ioc	process
File opened for modification	C:\Windows\assembly	ADU.exe
File created	C:\Windows\assembly\Desktop.ini	ADU.exe
File created	C:\Windows\INF\c_processor.PNF	ADU.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\AppCompat\Programs\Amcache.hve.tmp	dw20.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\c_monitor.PNF	ADU.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DriverUpdateHelper64.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File created	C:\Windows\INF\oem3.PNF	DrvInst.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\c_diskdrive.PNF	ADU.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.new	ADU.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File opened for modification	C:\Windows\assembly\Desktop.ini	ADU.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.new	ADU.exe

Executes dropped EXE 10 IoCs

Processes:

adusetupipg_googleadw-adu_gads_usa_ext.tmpADU.exeADU.exeadunotifier.exeADU.exeADU.exeADU.exe7z.exe7z.exeDriverUpdateHelper64.exe

pid	process
1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp
2000	ADU.exe
1236	ADU.exe
4912	adunotifier.exe
2772	ADU.exe
4404	ADU.exe
3860	ADU.exe
4116	7z.exe
336	7z.exe
864	DriverUpdateHelper64.exe

Loads dropped DLL 64 IoCs

Processes:

adusetupipg_googleadw-adu_gads_usa_ext.tmpADU.exeadunotifier.exeADU.exeADU.exe

pid	process
1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp
2000	ADU.exe
2000	ADU.exe
2000	ADU.exe
2000	ADU.exe
2000	ADU.exe
2000	ADU.exe
2000	ADU.exe
2000	ADU.exe
2000	ADU.exe
2000	ADU.exe
2000	ADU.exe
2000	ADU.exe
2000	ADU.exe
2000	ADU.exe
2000	ADU.exe
2000	ADU.exe
2000	ADU.exe
2000	ADU.exe
2000	ADU.exe
2000	ADU.exe
4912	adunotifier.exe
4912	adunotifier.exe
4912	adunotifier.exe
4912	adunotifier.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
2772	ADU.exe
2772	ADU.exe
2772	ADU.exe
2772	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
2772	ADU.exe
2772	ADU.exe
2772	ADU.exe
2772	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
2772	ADU.exe
2772	ADU.exe
2772	ADU.exe
2772	ADU.exe
2772	ADU.exe
2772	ADU.exe
2772	ADU.exe
2772	ADU.exe
2772	ADU.exe
2772	ADU.exe
2772	ADU.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2572 4912 WerFault.exe adunotifier.exe
Kills process with taskkill 8 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exe

pid process

4516 taskkill.exe
204 taskkill.exe
384 taskkill.exe
4140 taskkill.exe
3064 taskkill.exe
1272 taskkill.exe
392 taskkill.exe
5092 taskkill.exe

pid	pid_target	process	target process
2572	4912	WerFault.exe	adunotifier.exe

pid	process
4516	taskkill.exe
204	taskkill.exe
384	taskkill.exe
4140	taskkill.exe
3064	taskkill.exe
1272	taskkill.exe
392	taskkill.exe
5092	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 44 IoCs

Processes:

DrvInst.exesvchost.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\advanceddriverupdater.com\Nu = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.advanceddriverupdater.co = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.advanceddriverupdater.co	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = b864ad6d56d9d901	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "162"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = e015377c56d9d901	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates\AA549154B737EF29C	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates\83DA05A9886F7658	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "400002866"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\advanceddriverupdater.com\To = "158"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2393848421-2120571652-2495149697-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.advanceddriverupdater.co = "158"	MicrosoftEdgeCP.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

ADU.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD	ADU.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0280f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b1400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba953030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f2000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	ADU.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D69B561148F01C77C54578C10926DF5B856976AD\Blob = 5c000000010000000400000000080000190000000100000010000000d0fd3c9c380d7b65e26b9a3fedd39b8f030000000100000014000000d69b561148f01c77c54578c10926df5b856976ad1d000000010000001000000001728e1ecf7a9d86fb3cec8948aba9531400000001000000140000008ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc620000000100000020000000cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b0b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520033000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000200000005229ba15b31b0c6f4cca89c2985177974327d1b689a3b935a0bd975532af22ab040000000100000010000000c5dfb849ca051355ee2dba1ac33eb0282000000001000000630300003082035f30820247a003020102020b04000000000121585308a2300d06092a864886f70d01010b0500304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e301e170d3039303331383130303030305a170d3239303331383130303030305a304c3120301e060355040b1317476c6f62616c5369676e20526f6f74204341202d20523331133011060355040a130a476c6f62616c5369676e311330110603550403130a476c6f62616c5369676e30820122300d06092a864886f70d01010105000382010f003082010a0282010100cc2576907906782216f5c083b684ca289efd057611c5ad8872fc460243c7b28a9d045f24cb2e4be1608246e152ab0c8147706cdd64d1ebf52ca30f823d0c2bae97d7b614861079bb3b1380778c08e149d26a622f1f5efa9668df892795389f06d73ec9cb26590d73deb0c8e9260e8315c6ef5b8bd20460ca49a628f6693bf6cbc82891e59d8a615737ac7414dc74e03aee722f2e9cfbd0bbbff53d00e10633e8822bae53a63a16738cdd410e203ac0b4a7a1e9b24f902e3260e957cbb904926868e538266075b29f77ff9114efae2049fcad401548d1023161195eb897efad77b7649a7abf5fc113ef9b62fb0d6ce0546916a903da6ee983937176c6698582170203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604148ff04b7fa82e4524ae4d50fa639a8bdee2dd1bbc300d06092a864886f70d01010b050003820101004b40dbc050aafec80ceff796544549bb96000941acb3138686280733ca6be674b9ba002daea40ad3f5f1f10f8abf73674a83c7447b78e0af6e6c6f03298e333945c38ee4b9576caafc1296ec53c62de4246cb99463fbdc536867563e83b8cf3521c3c968fecedac253aacc908ae9f05d468c95dd7a58281a2f1ddecd0037418fed446dd75328977ef367041e15d78a96b4d3de4c27a44c1b737376f41799c21f7a0ee32d08ad0a1c2cff3cab550e0f917e36ebc35749bee12e2d7c608bc3415113239dcef7326b9401a899e72c331f3a3b25d28640ce3b2c8678c9612f14baeedb556fdf84ee05094dbd28d872ced36250651eeb92978331d9b3b5ca47583f5f	ADU.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	ADU.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	ADU.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	ADU.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	ADU.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	ADU.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

adusetupipg_googleadw-adu_gads_usa_ext.tmpdw20.exe

pid process

1004 adusetupipg_googleadw-adu_gads_usa_ext.tmp
1004 adusetupipg_googleadw-adu_gads_usa_ext.tmp
4464 dw20.exe
4464 dw20.exe
Suspicious behavior: MapViewOfSection 4 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

4964 MicrosoftEdgeCP.exe
4964 MicrosoftEdgeCP.exe
4964 MicrosoftEdgeCP.exe
4964 MicrosoftEdgeCP.exe

pid	process
4964	MicrosoftEdgeCP.exe
4964	MicrosoftEdgeCP.exe
4964	MicrosoftEdgeCP.exe
4964	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

Processes:

taskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exetaskkill.exeADU.exeadunotifier.exeADU.exeADU.exeADU.exeADU.exedw20.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exevssvc.exe7z.exesrtasks.exe7z.exesvchost.exeDriverUpdateHelper64.exeDrvInst.exeDrvInst.exe

description	pid	process
Token: SeDebugPrivilege	392	taskkill.exe
Token: SeDebugPrivilege	5092	taskkill.exe
Token: SeDebugPrivilege	4516	taskkill.exe
Token: SeDebugPrivilege	204	taskkill.exe
Token: SeDebugPrivilege	384	taskkill.exe
Token: SeDebugPrivilege	4140	taskkill.exe
Token: SeDebugPrivilege	3064	taskkill.exe
Token: SeDebugPrivilege	1272	taskkill.exe
Token: SeDebugPrivilege	2000	ADU.exe
Token: SeDebugPrivilege	4912	adunotifier.exe
Token: SeDebugPrivilege	1236	ADU.exe
Token: SeDebugPrivilege	2772	ADU.exe
Token: SeDebugPrivilege	4404	ADU.exe
Token: SeDebugPrivilege	3860	ADU.exe
Token: SeRestorePrivilege	4464	dw20.exe
Token: SeBackupPrivilege	4464	dw20.exe
Token: SeBackupPrivilege	4464	dw20.exe
Token: SeDebugPrivilege	2704	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2704	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2704	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2704	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4128	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4128	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	3212	MicrosoftEdge.exe
Token: SeDebugPrivilege	3212	MicrosoftEdge.exe
Token: SeBackupPrivilege	3376	vssvc.exe
Token: SeRestorePrivilege	3376	vssvc.exe
Token: SeAuditPrivilege	3376	vssvc.exe
Token: SeRestorePrivilege	4116	7z.exe
Token: 35	4116	7z.exe
Token: SeSecurityPrivilege	4116	7z.exe
Token: SeSecurityPrivilege	4116	7z.exe
Token: SeBackupPrivilege	2912	srtasks.exe
Token: SeRestorePrivilege	2912	srtasks.exe
Token: SeSecurityPrivilege	2912	srtasks.exe
Token: SeTakeOwnershipPrivilege	2912	srtasks.exe
Token: SeBackupPrivilege	2912	srtasks.exe
Token: SeRestorePrivilege	2912	srtasks.exe
Token: SeSecurityPrivilege	2912	srtasks.exe
Token: SeTakeOwnershipPrivilege	2912	srtasks.exe
Token: SeRestorePrivilege	336	7z.exe
Token: 35	336	7z.exe
Token: SeSecurityPrivilege	336	7z.exe
Token: SeSecurityPrivilege	336	7z.exe
Token: SeAuditPrivilege	2176	svchost.exe
Token: SeSecurityPrivilege	2176	svchost.exe
Token: SeLoadDriverPrivilege	864	DriverUpdateHelper64.exe
Token: SeRestorePrivilege	4728	DrvInst.exe
Token: SeBackupPrivilege	4728	DrvInst.exe
Token: SeLoadDriverPrivilege	4728	DrvInst.exe
Token: SeLoadDriverPrivilege	4728	DrvInst.exe
Token: SeLoadDriverPrivilege	4728	DrvInst.exe
Token: SeLoadDriverPrivilege	4728	DrvInst.exe
Token: SeLoadDriverPrivilege	864	DriverUpdateHelper64.exe
Token: SeRestorePrivilege	3992	DrvInst.exe
Token: SeBackupPrivilege	3992	DrvInst.exe
Token: SeLoadDriverPrivilege	3992	DrvInst.exe
Token: SeLoadDriverPrivilege	3992	DrvInst.exe
Token: SeLoadDriverPrivilege	3992	DrvInst.exe
Token: SeLoadDriverPrivilege	3992	DrvInst.exe

Suspicious use of FindShellTrayWindow 9 IoCs

Processes:

adusetupipg_googleadw-adu_gads_usa_ext.tmpADU.exe

pid process

1004 adusetupipg_googleadw-adu_gads_usa_ext.tmp
1236 ADU.exe
1236 ADU.exe
1236 ADU.exe
1236 ADU.exe
1236 ADU.exe
1236 ADU.exe
1236 ADU.exe
1236 ADU.exe
Suspicious use of SendNotifyMessage 7 IoCs

Processes:

ADU.exe

pid process

1236 ADU.exe
1236 ADU.exe
1236 ADU.exe
1236 ADU.exe
1236 ADU.exe
1236 ADU.exe
1236 ADU.exe

pid	process
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe

Suspicious use of SetWindowsHookEx 37 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeADU.exeDriverUpdateHelper64.exe

pid	process
3212	MicrosoftEdge.exe
4964	MicrosoftEdgeCP.exe
2704	MicrosoftEdgeCP.exe
4964	MicrosoftEdgeCP.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
864	DriverUpdateHelper64.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe
1236	ADU.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

adusetupipg_googleadw-adu_gads_usa_ext.exeadusetupipg_googleadw-adu_gads_usa_ext.tmp

description	pid	process	target process
PID 4116 wrote to memory of 1004	4116	adusetupipg_googleadw-adu_gads_usa_ext.exe	adusetupipg_googleadw-adu_gads_usa_ext.tmp
PID 4116 wrote to memory of 1004	4116	adusetupipg_googleadw-adu_gads_usa_ext.exe	adusetupipg_googleadw-adu_gads_usa_ext.tmp
PID 4116 wrote to memory of 1004	4116	adusetupipg_googleadw-adu_gads_usa_ext.exe	adusetupipg_googleadw-adu_gads_usa_ext.tmp
PID 1004 wrote to memory of 392	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 392	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 392	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 5092	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 5092	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 5092	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 4516	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 4516	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 4516	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 204	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 204	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 204	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 384	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 384	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 384	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 4140	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 4140	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 4140	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 3064	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 3064	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 3064	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 1272	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 1272	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 1272	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	taskkill.exe
PID 1004 wrote to memory of 2000	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	ADU.exe
PID 1004 wrote to memory of 2000	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	ADU.exe
PID 1004 wrote to memory of 2000	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	ADU.exe
PID 1004 wrote to memory of 2560	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 2560	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 2560	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 2592	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 2592	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 2592	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 3048	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 3048	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 3048	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 4972	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 4972	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 4972	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 2604	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 2604	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 2604	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 1812	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 1812	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 1812	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 4268	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 4268	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 4268	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 3432	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 3432	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 3432	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 2708	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 2708	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 2708	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 1644	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 1644	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 1644	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 4024	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 4024	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 4024	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe
PID 1004 wrote to memory of 5112	1004	adusetupipg_googleadw-adu_gads_usa_ext.tmp	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\adusetupipg_googleadw-adu_gads_usa_ext.exe
"C:\Users\Admin\AppData\Local\Temp\adusetupipg_googleadw-adu_gads_usa_ext.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4116

C:\Users\Admin\AppData\Local\Temp\is-1IAA5.tmp\adusetupipg_googleadw-adu_gads_usa_ext.tmp
"C:\Users\Admin\AppData\Local\Temp\is-1IAA5.tmp\adusetupipg_googleadw-adu_gads_usa_ext.tmp" /SL5="$5020C,8637066,199680,C:\Users\Admin\AppData\Local\Temp\adusetupipg_googleadw-adu_gads_usa_ext.exe"
2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1004

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "ADU.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:392

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "ADU.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5092

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "ADU.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4516

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "adunotifier.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:204

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "ADU.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:384

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "adunotifier.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4140

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "ADU.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3064

C:\Windows\SysWOW64\taskkill.exe
"C:\Windows\System32\taskkill.exe" /f /im "adunotifier.exe"
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1272

C:\Program Files (x86)\Advanced Driver Updater\ADU.exe
"C:\Program Files (x86)\Advanced Driver Updater\ADU.exe" loadvalues
3⤵
- Drops file in Windows directory
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
PID:2000

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /tn "Advanced Driver Updater_DEFAULT" /f
3⤵
PID:2560

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /tn "Advanced Driver Updater_UPDATES" /f
3⤵
PID:2592

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /tn "Advanced Driver Updater" /f
3⤵
PID:3048

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /tn "AdvancedDriverUpdaterRunAtStartup" /f
3⤵
PID:4268

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /tn "Advanced Driver UpdaterNotifier_trigger" /f
3⤵
PID:2856

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /tn "Advanced Driver UpdaterNotifier_startup" /f
3⤵
PID:5112

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /tn "Advanced Driver UpdaterNotifier" /f
3⤵
PID:4024

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /tn "AdvancedDriverUpdaterNotifier_trigger" /f
3⤵
PID:1644

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /tn "AdvancedDriverUpdaterNotifier_startup" /f
3⤵
PID:2708

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /tn "AdvancedDriverUpdaterNotifier" /f
3⤵
PID:3432

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /tn "AdvancedDriverUpdater" /f
3⤵
PID:1812

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /tn "AdvancedDriverUpdater_UPDATES" /f
3⤵
PID:2604

C:\Program Files (x86)\Advanced Driver Updater\ADU.exe
"C:\Program Files (x86)\Advanced Driver Updater\ADU.exe" firstinstall autoscan
3⤵
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1236

C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\432klyff.cmdline"
4⤵
PID:4228

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8153.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC8152.tmp"
5⤵
PID:4060

C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\fdpcnmlg.cmdline"
4⤵
PID:4148

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9681.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC9680.tmp"
5⤵
PID:3968

C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\m08djkr7.cmdline"
4⤵
PID:4328

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES99FB.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC99FA.tmp"
5⤵
PID:1480

C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ldqmg1tp.cmdline"
4⤵
PID:2536

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESA3B0.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCA39F.tmp"
5⤵
PID:4696

C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\4vklikoe.cmdline"
4⤵
PID:2636

C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF437.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCF427.tmp"
5⤵
PID:2656

C:\Program Files (x86)\Advanced Driver Updater\updater\extract\7z.exe
"C:\Program Files (x86)\Advanced Driver Updater\updater\extract\7z.exe" a "C:\Users\Admin\AppData\Roaming\Systweak\adu\Advanced Driver Updater\Backup\AdvancedDriverUpdaterBackup-Monday,28-Aug-2023_H02-M27-S59.zip" "C:\Users\Admin\AppData\Local\Temp\Advanced Driver Updater\*"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4116

C:\Program Files (x86)\Advanced Driver Updater\updater\extract\7z.exe
7z.exe x -y "C:\drivertemp\2005117399\pciven_8086&dev_2922.exe" -o"C:\drivertemp\2005117399\pciven_8086&dev_2922\" -r
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:336

C:\Program Files (x86)\Advanced Driver Updater\updater\amd64Helper\DriverUpdateHelper64.exe
"C:\Program Files (x86)\Advanced Driver Updater\updater\amd64Helper\DriverUpdateHelper64.exe" updatesystemdrivers="1" hwdid="pci\ven_8086&dev_2922" inf="C:\drivertemp\2005117399\pciven_8086&dev_2922\all\ibexahci.inf" hkey="HKEY_CURRENT_USER" regpath="Software\Systweak\adu" regval="IsUpdateSuccessFull" regvalupnp="UpdatePnPErrorCode" regvaldifx="DifxErrorCode"
4⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:864

C:\Program Files (x86)\Advanced Driver Updater\adunotifier.exe
"C:\Program Files (x86)\Advanced Driver Updater\adunotifier.exe" createschedule
3⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:4912

C:\Program Files (x86)\Advanced Driver Updater\ADU.exe
"C:\Program Files (x86)\Advanced Driver Updater\ADU.exe" loadvalues
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2772

C:\Program Files (x86)\Advanced Driver Updater\ADU.exe
"C:\Program Files (x86)\Advanced Driver Updater\ADU.exe" loadvalues
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4404

C:\Program Files (x86)\Advanced Driver Updater\ADU.exe
"C:\Program Files (x86)\Advanced Driver Updater\ADU.exe" loadvalues
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3860

C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
dw20.exe -x -s 2052
4⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 2060
4⤵
- Program crash
PID:2572

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /delete /tn "AdvancedDriverUpdater_DEFAULT" /f
3⤵
PID:4972

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
1⤵
PID:4440

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3212

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4456

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:4964

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4512

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4128

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3376

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Modifies data under HKEY_USERS
PID:4872

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2912

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2176

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{010cdc1a-7e23-c243-a625-8e502e41b271}\ibexahci.inf" "9" "4105f081f" "0000000000000178" "WinSta0\Default" "000000000000017C" "208" "c:\drivertemp\2005117399\pciven_8086&dev_2922\all"
2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
PID:796

C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "11" "PCI\VEN_8086&DEV_2922&SUBSYS_11001AF4&REV_02\3&11583659&0&10" "C:\Windows\INF\oem3.inf" "ibexahci.inf:5f63e534097746e6:Intel_msahci_Inst:9.1.9.1005:pci\ven_8086&dev_2922," "4105f081f" "0000000000000178"
2⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4728

C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "11" "PCI\VEN_8086&DEV_2922&SUBSYS_11001AF4&REV_02\3&11583659&0&FA" "C:\Windows\INF\oem3.inf" "ibexahci.inf:5f63e534097746e6:Intel_msahci_Inst:9.1.9.1005:pci\ven_8086&dev_2922," "4105f081f" "0000000000000178"
2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Advanced Driver Updater\ADU.exe

Filesize
5.6MB

MD5
ad18e34f99d668739a70b3d67aa74299

SHA1
c751efef973542ca24b73b707cad00bcb3539931

SHA256
be83eff23b3a4e56af6e26931d061bc8a306cef7c38eb71bcda76d16736b2cf1

SHA512
b0dd9e453962d1c11c9ce57b94605e86bea22631dbddcf0c0dd5a8af1432e6c6683bd6559b715abb9882e8b64dea5ee7257d3e3e46a3e2f4c96648b62a9bc992

Download Submit
C:\Program Files (x86)\Advanced Driver Updater\ADU.exe

Filesize
5.6MB

MD5
ad18e34f99d668739a70b3d67aa74299

SHA1
c751efef973542ca24b73b707cad00bcb3539931

SHA256
be83eff23b3a4e56af6e26931d061bc8a306cef7c38eb71bcda76d16736b2cf1

SHA512
b0dd9e453962d1c11c9ce57b94605e86bea22631dbddcf0c0dd5a8af1432e6c6683bd6559b715abb9882e8b64dea5ee7257d3e3e46a3e2f4c96648b62a9bc992

Download Submit
C:\Program Files (x86)\Advanced Driver Updater\ADU.exe

Filesize
5.6MB

MD5
ad18e34f99d668739a70b3d67aa74299

SHA1
c751efef973542ca24b73b707cad00bcb3539931

SHA256
be83eff23b3a4e56af6e26931d061bc8a306cef7c38eb71bcda76d16736b2cf1

SHA512
b0dd9e453962d1c11c9ce57b94605e86bea22631dbddcf0c0dd5a8af1432e6c6683bd6559b715abb9882e8b64dea5ee7257d3e3e46a3e2f4c96648b62a9bc992

Download Submit
C:\Program Files (x86)\Advanced Driver Updater\ADU.exe

Filesize
5.6MB

MD5
ad18e34f99d668739a70b3d67aa74299

SHA1
c751efef973542ca24b73b707cad00bcb3539931

SHA256
be83eff23b3a4e56af6e26931d061bc8a306cef7c38eb71bcda76d16736b2cf1

SHA512
b0dd9e453962d1c11c9ce57b94605e86bea22631dbddcf0c0dd5a8af1432e6c6683bd6559b715abb9882e8b64dea5ee7257d3e3e46a3e2f4c96648b62a9bc992

Download Submit
C:\Program Files (x86)\Advanced Driver Updater\ADU.exe

Filesize
5.6MB

MD5
ad18e34f99d668739a70b3d67aa74299

SHA1
c751efef973542ca24b73b707cad00bcb3539931

SHA256
be83eff23b3a4e56af6e26931d061bc8a306cef7c38eb71bcda76d16736b2cf1

SHA512
b0dd9e453962d1c11c9ce57b94605e86bea22631dbddcf0c0dd5a8af1432e6c6683bd6559b715abb9882e8b64dea5ee7257d3e3e46a3e2f4c96648b62a9bc992

Download Submit
C:\Program Files (x86)\Advanced Driver Updater\ADU.exe.config

Filesize
3KB

MD5
d0f9bfb42550bec4daaa52b338b4d645

SHA1
0a740ec3ddaaad716e75151ca24a9c5f4c034a11

SHA256
cc5929913f9de9a5e65c17d9ec5ea25d0ae0fa3e077324b8e111f87718431974

SHA512
75fb3edc19c7561dbdefec95762ea7b287661b3eb04392752f8f18d3a22e473efb030f37cbf1e20d0e303bb3c480c08f50a50610e4d1849beee013c0171a4616

Download Submit
C:\Program Files (x86)\Advanced Driver Updater\AWSSDK.dll

Filesize
4.6MB

MD5
04b442900df821e94e84330656db4168

SHA1
d98aba75ed82b80183fdf0c37c79c7b7988ae682

SHA256
d2134cb5073114f81da905b0089a8b9c9f4e911f69a37f946a6a23b84ba44b74

SHA512
d13fe51f478b28da46c99526fe8ad5780213c7ec9fc0ad019d94ce32a3ed36a7d108924ce6e1eff1826669f0536a4dd137c81b91583cdd036541fdd5ab6628a9

Download Submit
C:\Program Files (x86)\Advanced Driver Updater\Delimon.Win32.IO.dll

Filesize
928KB

MD5
35717652a830419d1179e8c0acf04736

SHA1
cfcb2601e9b5ed6960cac9d2fc70673064b131ea

SHA256
7fe1e6207f99d35de9470f8ce999346dcebad1ad4e16147adf7327c3e3f77204

SHA512
be9c7632ccdd90082f541dd84dec616d0edaa9ab99274d1f7ea761db73577671f50ca3ec97f81f25dbc4d8c5cc0404884f9c9eb7d5b56b4ab19e9625b9236785

Download Submit
C:\Program Files (x86)\Advanced Driver Updater\Interop.Shell32.dll

Filesize
60KB

MD5
08411c797ccc325eb2c0161e7ea91c11

SHA1
51a0a51bc4277bc822badfb8c3ddc26a4bc8a112

SHA256
0c43be1d15f1efcc7b9d62b46d03496ea45cd9cac709dc7e08e50f4ccde704a4

SHA512
ca3e708194640ea3ac005d527e829dd1d83351584c717f661369fb39568575a6df826d416707fb35c947668ed197a5743032d3bc65862ace5d1dd9e38c7bb9be

Download Submit
C:\Program Files (x86)\Advanced Driver Updater\Microsoft.Win32.TaskScheduler.dll

Filesize
112KB

MD5
c757150e058428e2a0757701930c223c

SHA1
aa162301c63621214581792b8fde77adf42e124c

SHA256
e3d4a237487e2dcd925c84559957473692bf04cd59b5f95748594345a047231e

SHA512
c7763f4558460092989dd393c4febc220e3fb5b9b13eb4ad4041623bfb527f887c09e39b5aa6c529412f6c9fa837155ae3d5d8d959211cb1452d4b4ed3966f06

Download Submit
C:\Program Files (x86)\Advanced Driver Updater\WPFToolkit.dll

Filesize
456KB

MD5
195ed09e0b4f3b09ea4a3b67a0d3f396

SHA1
01a250631397c93c4aab9a777a86e39fd8d84f09

SHA256
aef9fcbb874fc82e151e32279330061f8f22a77c05f583a0cb5e5696654ac456

SHA512
b801c03efa3e8079366a7782d2634a3686d88f64c3c31a03aa5ce71b7bf472766724d209290c231d55da89dd4f03bd1c0153ffeb514e1d5d408cc2c713cd4098

Download Submit
C:\Program Files (x86)\Advanced Driver Updater\adunotifier.exe

Filesize
278KB

MD5
ef6cd5d9ab825cf06f57c3cb539cc7f4

SHA1
37c854bffe974107f17a9b13790e3c3fefba89ca

SHA256
bee66ca1594a89c296c4f5780d33be4c83b9eddb45d6cd247b0eb144866564af

SHA512
dfd1335a4f0b990436ecb634b5af032f18d3615823dae77b262fe3df1027e984da186051467ace47a2109084922f06f78989facc291289b99b1bc4727a95c49d

Download Submit
C:\Program Files (x86)\Advanced Driver Updater\adunotifier.exe

Filesize
278KB

MD5
ef6cd5d9ab825cf06f57c3cb539cc7f4

SHA1
37c854bffe974107f17a9b13790e3c3fefba89ca

SHA256
bee66ca1594a89c296c4f5780d33be4c83b9eddb45d6cd247b0eb144866564af

SHA512
dfd1335a4f0b990436ecb634b5af032f18d3615823dae77b262fe3df1027e984da186051467ace47a2109084922f06f78989facc291289b99b1bc4727a95c49d

Download Submit
C:\Program Files (x86)\Advanced Driver Updater\eng_adu_en.ini

Filesize
95KB

MD5
886418430a6a55b06b5a56a5695cf3ed

SHA1
4580e1402fb8da939ce5363648ff1aa6b9fee73f

SHA256
8e1430a4e61cba76e17bf31d37b8439a2f25252ac2da709dbe4f0706d0633602

SHA512
b2cc919728eb7116f2c3d3f4761a9addebba0edc7930b4f4c41a415ff1f7854217930000a66dc0b706aa559d73fe34974de9a5836c104ecb80f1615bc1e517ea

Download Submit
C:\Program Files (x86)\Advanced Driver Updater\notifier.ini

Filesize
539B

MD5
411922a6822fd2d56c665e60a0caeb3c

SHA1
89430ef454f37528ad8ab95a90fae97b43e07d30

SHA256
1b7ec4dfe9eac142b9b3dd778c97340e7609742dc45af0f4e21488fcc8769545

SHA512
c3a251e854aeb88cf98650ca8af7781f7f0c4dbac05f3f298de8324cb65ca33b173970b9fbae8b4830eb075240fcbc55d43b3e2f6e639ee181289ec83b4a9754

Download Submit
C:\Program Files (x86)\Advanced Driver Updater\notifierlib.dll

Filesize
617KB

MD5
c9aa5d2839ae27e0bd00f4f1e61a5c70

SHA1
0901185ef0511a132d8221bc7a54a01fe5e778a7

SHA256
5cc855b81b91c8db4ecc3fa6f15b99d5cec8bbbbaf37f8f2c62d992af39ea9e4

SHA512
ae59e2f7c6fc456a92b712a79d47d55304d29b7031b9f2fb9cce14fa7db499563f7398d819cb253284ba2a5ab16bf1245d85be6ad62f26768204aeb561a80483

Download Submit
C:\Program Files (x86)\Advanced Driver Updater\unins000.exe

Filesize
1.2MB

MD5
cd31650b1825f94d40916975931def27

SHA1
797184e1856305b590ea138f6fa4139499c1f60b

SHA256
04449628d1ca801282bc98f975fee8e6bab850a6bcf23afc5a4d925dcaffc38f

SHA512
13d5bcfd76286791ca170c456cea57ffbce3729ae2ecd5c5a86bcc2defb84fca2b1dfeef02cfeef1a7f4f06d9e978c08a1e0eee25290f509d79fa8ac34c3964e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\769F85394FB15C375FF89A7488274D5B_16081462003A3BD452A73D2EDA95C21C

Filesize
1KB

MD5
aad525ebc349b73a82f977d9f893b759

SHA1
bd3aeafe0c86727e5e2204cc90ae99bb487b5a18

SHA256
5180cd180651464087c7df0901c1465a167b952675154bb9c956c069e9b7a4bf

SHA512
9847c183c6881b238512566a3ec9f14303dd558ab34c49a60b131a0fcf5397b2b9eb08dc23e680e6bbe38428cd53336708a3dcec70f692a45d7af545595c3931

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_4BB72A60CF9C652B353353202101C0E4

Filesize
1KB

MD5
dde786a847bad0bbf2c9b7da17029aa1

SHA1
7e69348dd1377c0d8b72d7569f94e6fff6666119

SHA256
0a84d8c2fffce5492879f4d0df563e6ced79db437d759a2fec4f9a586f8f9b26

SHA512
3adbe4fd1ab98f08619227380e22fafe41ca30af14cbad9ebcc446e91fbfbffa309fe91d2789b601b1fd8e9a6266eed3ae1dd503ede750866297efb6f1881b6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\769F85394FB15C375FF89A7488274D5B_16081462003A3BD452A73D2EDA95C21C

Filesize
526B

MD5
2653fab83ceb752c8d1fd63344e1cd17

SHA1
1dcb40692ef7b0aebb7237004d3468b225440926

SHA256
58d6bd91f9470a1b42dda52cb6bbc6e9fcb2793d33e8dddfadcb3bda2ebb96ed

SHA512
f98501d7d09c16de521fe553e80fd229e0a0955dbdd7e7e739d69929cc38337b902df8723b505a54563f9e319814bd52c570f5453746e0f44df04e19f51bf5ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_4BB72A60CF9C652B353353202101C0E4

Filesize
502B

MD5
09348d6fb876b88a655378b5663d00cd

SHA1
0caebb95a4e91da8223537cc0ee70160a1a5b311

SHA256
828c3bcc7092fc72623aa6400ce310f95096a1f84e308d1f5e7e553230939d9b

SHA512
102926f9ed7842a4c2f97205d8fd9109fe93ee27a7c797f4cac68ec04c0348edb5762694ed33709d5c43c152c24643e44711d34c91468eb336bf542a87802baf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\ADU.exe.log

Filesize
1KB

MD5
f7488de066118852051c1bf6f131f3e3

SHA1
c4e6e9d73d4d57cfc5a5f114f93249fe2e665e1d

SHA256
04682a0676eaefaad301a6bb5c225985000222807148bccc448423b18b3597d1

SHA512
128f480b5d4c01b3d6b753a032e44b2bcb77731f2b7fb497ffea8ad2ede4025530543a3b4424de8e5ad17443c162ab46fa6c1e887cbfe0c37aa475fe49b52073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\3W1APFWJ\NagTracking[2].htm

Filesize
178B

MD5
bd2695f4b079c71dbddde3436286fb9c

SHA1
733c05da132193d6cf1d8e242d12e2525c03bab4

SHA256
2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b

SHA512
5b73af24d095f7593026d3f211da6775d91c2efb5cdb0e0258ccca8edd3f8645cdf80d8338c863794d260f4bca08637233be3548d83e7225518dee2f47560798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KFR0RUGG\NagTracking[2].htm

Filesize
18B

MD5
1cd1dc789788b67cd136ddbd18913f82

SHA1
75690fd485035a41089a41b542401ff5b19a0917

SHA256
d1d57fabd7b4ff7f98aa747fffa3c4f0f44f12d7e41f8d11e2394c5300f7de3c

SHA512
f5f95af3dd26a72db49c232358eb125ef84e78e9def6c6000fb3c92a9efa4b65641a9c7b2600e643dd83b0f2fd010fbb4ab663690f52d7661e66a757153ccc08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KFR0RUGG\ScanTracking[1].htm

Filesize
19B

MD5
ca3c3fc3aa957760128bc1f0229a1878

SHA1
24123ec11a99ea79465c0bdbca3eac04819c720b

SHA256
c3b647eec7563384c588db1025a845408e2aaba55e4fedf625c5c14b2235d3c0

SHA512
b46770df9f818f775374c01ce9c20107f71c956f9ddb3c8ceb5a0370547f30e2ba069bd44089cccf22d5733913455b23c80deccd900dcc664be6e1d8470f6aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\KFR0RUGG\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\FPN7ODVO\www.advanceddriverupdater[1].xml

Filesize
415B

MD5
f6f7311793c36d6a5769ee3e0cb28d60

SHA1
489b3c2d414e9aecf7171ce08cd321ad834cbdc8

SHA256
c1d1693e8cccbd0837d822ae0be6474808f8698fccbabe2b31ae9e6726fd51a8

SHA512
c1534b9f7ebb8b8647b03894eda5fb2911c7c77b64cc01843807a987b905d41d5d2ae1431aad0531f89ff6247d888b70c88b3050e9f2ebae01113449cab2163c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\CP1YRML2\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\NUO18GQI\favicon[1].ico

Filesize
1KB

MD5
f14c0485b69769386b6aa3dd96282670

SHA1
07600d0250bcef474aceb0b0d5903034b830151f

SHA256
98fbb95d53da252355342fe20cd9a618cb501b5d1c6f992126e4a4ac7088a4d5

SHA512
605ddbbd76b607b6690a6f0ffbafd73ab8399cca16804e03e467ad7423811d9ac75d3e63f754144c3fea8c013e4130a86e40915bf8ec7bcee44a279eaea0b797

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF10343E64F1F73EA2.TMP

Filesize
20KB

MD5
2c18979dec5714967f1f2137c8c8c8f4

SHA1
b695a1e9701df6613a54d67cf8b548e2ef452643

SHA256
35f0434252d904d36f42fbe4c6e520a2374670de6b38e1e1e251bd101e8b608a

SHA512
dd7c5b11fa38b2451707df2e9bbac3656204d5826240d90f068400315c468d3596b1154e8dbbee32bebb050bf59cd326e10c586b26c0cc398fcf4c9b9f5e6ca1

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1IAA5.tmp\adusetupipg_googleadw-adu_gads_usa_ext.tmp

Filesize
1.2MB

MD5
cd31650b1825f94d40916975931def27

SHA1
797184e1856305b590ea138f6fa4139499c1f60b

SHA256
04449628d1ca801282bc98f975fee8e6bab850a6bcf23afc5a4d925dcaffc38f

SHA512
13d5bcfd76286791ca170c456cea57ffbce3729ae2ecd5c5a86bcc2defb84fca2b1dfeef02cfeef1a7f4f06d9e978c08a1e0eee25290f509d79fa8ac34c3964e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-1IAA5.tmp\adusetupipg_googleadw-adu_gads_usa_ext.tmp

Filesize
1.2MB

MD5
cd31650b1825f94d40916975931def27

SHA1
797184e1856305b590ea138f6fa4139499c1f60b

SHA256
04449628d1ca801282bc98f975fee8e6bab850a6bcf23afc5a4d925dcaffc38f

SHA512
13d5bcfd76286791ca170c456cea57ffbce3729ae2ecd5c5a86bcc2defb84fca2b1dfeef02cfeef1a7f4f06d9e978c08a1e0eee25290f509d79fa8ac34c3964e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{010cdc1a-7e23-c243-a625-8e502e41b271}\SETAD16.tmp

Filesize
144KB

MD5
327fdbd3697e5a5d176a71ee2455e77e

SHA1
a4f3a40fe48adcb11bdd4f34d9a75cf952314bd9

SHA256
7076911a9e290c5e3e3740e34cdf854c12a31013b956a1c6268abec714ddaed2

SHA512
6ed92a1c8e3e28962832e79533a183ef2e659b85154dbad0ae4b51f4eeef17a0f3617fab46b86a0e900c9e3668cdc84411f646884f508e2ce2c2b56321522aa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{010cdc1a-7e23-c243-a625-8e502e41b271}\SETAD17.tmp

Filesize
12KB

MD5
2f7051d08dea2b20510426c0c4c40115

SHA1
63c66badd37425c98a079d841b81d15ce760d3a6

SHA256
fa3b1f98fc7c1cdc8230921d9e5939b13c609aca5f57744111ee47103cec43db

SHA512
bc1dee06af46a17941b95281aecea9fcdc7b9eb6d726443a242cf483967bbf0a6513cfcb81e72cc8bc8dcbec1aa497b58223e5b133e6169bef502bdd156ab743

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.new

Filesize
432B

MD5
56336cec2a66357b128eb25ffe304e41

SHA1
84b36d3c3272e5e1dccd979eccbafb3ee9603f70

SHA256
a925dcb23a52b2f63ae950fdcaeaee6215ea4285fd6044646a90ab2ea84d1e48

SHA512
54a4de42328350d0044fc607f0111078136c9d11296939cda441ff9af52876c486fb1ae479d02aaa208550a977ef77cfd644c3d9ba1f956cd60ab9b7873112a0

Download Submit
C:\Users\Admin\AppData\Roaming\Systweak\adu\Advanced Driver Updater\Download\pciven_8086&dev_2922.exe

Filesize
5.9MB

MD5
5c9ee120d09e8ae24a63220006b42a98

SHA1
1cf68331711413fba304475512817830200a30da

SHA256
43c74d41ca8a4f1368f17566985d0887448b917b145051ac389c68bdeda71b68

SHA512
816ebf1c32058a2cc3c0ee1485816ca3b6c8607fac671012839b84d9fca6c4943706181d4023baf22dbab839127bda562f2040618beb69d1c2e36d5be7fd75e8

Download Submit
C:\Users\Admin\AppData\Roaming\Systweak\adu\Advanced Driver Updater\Logs\adu.txt

Filesize
5KB

MD5
023356bf504d9a523c7fe25c876213df

SHA1
6f80ddda2a14b440980530d26e8170efb3f07ba7

SHA256
374bd0d69a224167baf4fd5cdb07ce1a3997a8b0f44bfc80f69889d234ae9d08

SHA512
36de586f9b1dee0b0444cdcb599ea45a444ab8270a8c7fcd39926d931268c084041dd01ac57bc90eb7656a1ecf4941049acff848b908f9fde5a89c584ac1ada4

Download Submit
C:\Users\Admin\AppData\Roaming\Systweak\adu\Advanced Driver Updater\Utility_kit.ini

Filesize
46KB

MD5
6c67dea772f4fc9e37fa99a5675d5c81

SHA1
878df67a3ef61f8696d2254527f6068351f16d0d

SHA256
acb8174f954f99f45a8ffcc86c3ce16bee3897154705ae1086dea199344403a7

SHA512
2dd480c95f0c30949ed41561f2043a8e01f7616ea2888a2761450f352e838f6f348254168ee5371aefbef3db7f021c02cb63ea78612313b7563f8ffef2ad6fab

Download Submit
C:\Users\Admin\AppData\Roaming\Systweak\adu\Advanced Driver Updater\dbupdate.ini

Filesize
1KB

MD5
7bfa81878b916c60edb364804234f2c1

SHA1
274dce23739600e6596e7a9cab5116a1adf4dc5d

SHA256
ab96b334e0e5c592d79d2895e2852c647c9df5f8c362009b352beb7096f3c6f3

SHA512
dc73211a57179467ca98155520f78b46b1c20186bef2f43746258b674de28740a1d3e5da33e9e79e92982feaff9cb6865b119545c05195dc0fe69128ffa1c310

Download Submit
C:\Users\Admin\AppData\Roaming\Systweak\adu\ipini.ini

Filesize
12B

MD5
0146b97f1bf748301734071d33706ba1

SHA1
4fe8ed756a2e7d09499d962cb3ffd9a7d3e20495

SHA256
c3af235b5b9c8f8c0657cab7c8c85f85d97100c7d13cb4fb6626c667e06b697f

SHA512
34e2df58d22ddbc3b5d4355394232e71b8ec68c389d2a21d99981200ba80e3f90e4af3c56aef2d50b5042796d658e6ac9007450d4e32f0d8db43d167a59f0cfb

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch

Filesize
432B

MD5
56336cec2a66357b128eb25ffe304e41

SHA1
84b36d3c3272e5e1dccd979eccbafb3ee9603f70

SHA256
a925dcb23a52b2f63ae950fdcaeaee6215ea4285fd6044646a90ab2ea84d1e48

SHA512
54a4de42328350d0044fc607f0111078136c9d11296939cda441ff9af52876c486fb1ae479d02aaa208550a977ef77cfd644c3d9ba1f956cd60ab9b7873112a0

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch

Filesize
432B

MD5
56336cec2a66357b128eb25ffe304e41

SHA1
84b36d3c3272e5e1dccd979eccbafb3ee9603f70

SHA256
a925dcb23a52b2f63ae950fdcaeaee6215ea4285fd6044646a90ab2ea84d1e48

SHA512
54a4de42328350d0044fc607f0111078136c9d11296939cda441ff9af52876c486fb1ae479d02aaa208550a977ef77cfd644c3d9ba1f956cd60ab9b7873112a0

Download Submit
C:\Windows\Temp\OLDB331.tmp

Filesize
140KB

MD5
63f1c499672a1049f0814f243798f35f

SHA1
10f54925ba32754136b846382df2b1f2d9d32049

SHA256
65b39e2afc48e8f5754296dc72183ee505677d7fcd8909d4975629d6aa849dc0

SHA512
108ca8f691a377f019259367f98add923d4dc562b64f5d6ca36086c934c48854f474f8cfa902853731cf5fd52ce6a0fa5a33069c3b27c01f72ce99af61ec5b3a

Download Submit
C:\drivertemp\2005117399\pciven_8086&dev_2922\difxapi.dll

Filesize
315KB

MD5
cf73c3a03582408d422d4f7a01190d00

SHA1
4582875874d066e8975b8a04488422419137fce4

SHA256
dd12d00ca9c9b1013091e733eae021347ba52dcd69173a7e5e4fd80b45ee60f6

SHA512
c3d82121c0535fc819329b8c6e29078f7e71245528658093ed98dd72af8af1200eede951388d938e9b27c049a0874f5cf686a42aa880da34390a72bc1112c8aa

Download Submit
C:\drivertemp\2005117399\pciven_8086&dev_2922\x64\difxapi.dll

Filesize
506KB

MD5
1a2e5109c2bb5c68d499e17b83acb73a

SHA1
efa15cfa23606dfc355d11580b509e768a50ddbb

SHA256
e70bbcee0d01658ccd201ebe0f0e547b9daff01b7c593a0fdd0c64e5f45d6f11

SHA512
47317d24d02c4122fe175bcd7f5b3dd8823063e7ea63f83961e40f10872642d2d6f6e6abaf5fb7630cf0e9d8cec0d112889600b14ecb8698b81597f52d54815b

Download Submit
\Program Files (x86)\Advanced Driver Updater\AWSSDK.dll

Filesize
4.6MB

MD5
04b442900df821e94e84330656db4168

SHA1
d98aba75ed82b80183fdf0c37c79c7b7988ae682

SHA256
d2134cb5073114f81da905b0089a8b9c9f4e911f69a37f946a6a23b84ba44b74

SHA512
d13fe51f478b28da46c99526fe8ad5780213c7ec9fc0ad019d94ce32a3ed36a7d108924ce6e1eff1826669f0536a4dd137c81b91583cdd036541fdd5ab6628a9

Download Submit
\Program Files (x86)\Advanced Driver Updater\AWSSDK.dll

Filesize
4.6MB

MD5
04b442900df821e94e84330656db4168

SHA1
d98aba75ed82b80183fdf0c37c79c7b7988ae682

SHA256
d2134cb5073114f81da905b0089a8b9c9f4e911f69a37f946a6a23b84ba44b74

SHA512
d13fe51f478b28da46c99526fe8ad5780213c7ec9fc0ad019d94ce32a3ed36a7d108924ce6e1eff1826669f0536a4dd137c81b91583cdd036541fdd5ab6628a9

Download Submit
\Program Files (x86)\Advanced Driver Updater\AWSSDK.dll

Filesize
4.6MB

MD5
04b442900df821e94e84330656db4168

SHA1
d98aba75ed82b80183fdf0c37c79c7b7988ae682

SHA256
d2134cb5073114f81da905b0089a8b9c9f4e911f69a37f946a6a23b84ba44b74

SHA512
d13fe51f478b28da46c99526fe8ad5780213c7ec9fc0ad019d94ce32a3ed36a7d108924ce6e1eff1826669f0536a4dd137c81b91583cdd036541fdd5ab6628a9

Download Submit
\Program Files (x86)\Advanced Driver Updater\AWSSDK.dll

Filesize
4.6MB

MD5
04b442900df821e94e84330656db4168

SHA1
d98aba75ed82b80183fdf0c37c79c7b7988ae682

SHA256
d2134cb5073114f81da905b0089a8b9c9f4e911f69a37f946a6a23b84ba44b74

SHA512
d13fe51f478b28da46c99526fe8ad5780213c7ec9fc0ad019d94ce32a3ed36a7d108924ce6e1eff1826669f0536a4dd137c81b91583cdd036541fdd5ab6628a9

Download Submit
\Program Files (x86)\Advanced Driver Updater\AWSSDK.dll

Filesize
4.6MB

MD5
04b442900df821e94e84330656db4168

SHA1
d98aba75ed82b80183fdf0c37c79c7b7988ae682

SHA256
d2134cb5073114f81da905b0089a8b9c9f4e911f69a37f946a6a23b84ba44b74

SHA512
d13fe51f478b28da46c99526fe8ad5780213c7ec9fc0ad019d94ce32a3ed36a7d108924ce6e1eff1826669f0536a4dd137c81b91583cdd036541fdd5ab6628a9

Download Submit
\Program Files (x86)\Advanced Driver Updater\AWSSDK.dll

Filesize
4.6MB

MD5
04b442900df821e94e84330656db4168

SHA1
d98aba75ed82b80183fdf0c37c79c7b7988ae682

SHA256
d2134cb5073114f81da905b0089a8b9c9f4e911f69a37f946a6a23b84ba44b74

SHA512
d13fe51f478b28da46c99526fe8ad5780213c7ec9fc0ad019d94ce32a3ed36a7d108924ce6e1eff1826669f0536a4dd137c81b91583cdd036541fdd5ab6628a9

Download Submit
\Program Files (x86)\Advanced Driver Updater\AWSSDK.dll

Filesize
4.6MB

MD5
04b442900df821e94e84330656db4168

SHA1
d98aba75ed82b80183fdf0c37c79c7b7988ae682

SHA256
d2134cb5073114f81da905b0089a8b9c9f4e911f69a37f946a6a23b84ba44b74

SHA512
d13fe51f478b28da46c99526fe8ad5780213c7ec9fc0ad019d94ce32a3ed36a7d108924ce6e1eff1826669f0536a4dd137c81b91583cdd036541fdd5ab6628a9

Download Submit
\Program Files (x86)\Advanced Driver Updater\Delimon.Win32.IO.dll

Filesize
928KB

MD5
35717652a830419d1179e8c0acf04736

SHA1
cfcb2601e9b5ed6960cac9d2fc70673064b131ea

SHA256
7fe1e6207f99d35de9470f8ce999346dcebad1ad4e16147adf7327c3e3f77204

SHA512
be9c7632ccdd90082f541dd84dec616d0edaa9ab99274d1f7ea761db73577671f50ca3ec97f81f25dbc4d8c5cc0404884f9c9eb7d5b56b4ab19e9625b9236785

Download Submit
\Program Files (x86)\Advanced Driver Updater\Delimon.Win32.IO.dll

Filesize
928KB

MD5
35717652a830419d1179e8c0acf04736

SHA1
cfcb2601e9b5ed6960cac9d2fc70673064b131ea

SHA256
7fe1e6207f99d35de9470f8ce999346dcebad1ad4e16147adf7327c3e3f77204

SHA512
be9c7632ccdd90082f541dd84dec616d0edaa9ab99274d1f7ea761db73577671f50ca3ec97f81f25dbc4d8c5cc0404884f9c9eb7d5b56b4ab19e9625b9236785

Download Submit
\Program Files (x86)\Advanced Driver Updater\Delimon.Win32.IO.dll

Filesize
928KB

MD5
35717652a830419d1179e8c0acf04736

SHA1
cfcb2601e9b5ed6960cac9d2fc70673064b131ea

SHA256
7fe1e6207f99d35de9470f8ce999346dcebad1ad4e16147adf7327c3e3f77204

SHA512
be9c7632ccdd90082f541dd84dec616d0edaa9ab99274d1f7ea761db73577671f50ca3ec97f81f25dbc4d8c5cc0404884f9c9eb7d5b56b4ab19e9625b9236785

Download Submit
\Program Files (x86)\Advanced Driver Updater\Delimon.Win32.IO.dll

Filesize
928KB

MD5
35717652a830419d1179e8c0acf04736

SHA1
cfcb2601e9b5ed6960cac9d2fc70673064b131ea

SHA256
7fe1e6207f99d35de9470f8ce999346dcebad1ad4e16147adf7327c3e3f77204

SHA512
be9c7632ccdd90082f541dd84dec616d0edaa9ab99274d1f7ea761db73577671f50ca3ec97f81f25dbc4d8c5cc0404884f9c9eb7d5b56b4ab19e9625b9236785

Download Submit
\Program Files (x86)\Advanced Driver Updater\Delimon.Win32.IO.dll

Filesize
928KB

MD5
35717652a830419d1179e8c0acf04736

SHA1
cfcb2601e9b5ed6960cac9d2fc70673064b131ea

SHA256
7fe1e6207f99d35de9470f8ce999346dcebad1ad4e16147adf7327c3e3f77204

SHA512
be9c7632ccdd90082f541dd84dec616d0edaa9ab99274d1f7ea761db73577671f50ca3ec97f81f25dbc4d8c5cc0404884f9c9eb7d5b56b4ab19e9625b9236785

Download Submit
\Program Files (x86)\Advanced Driver Updater\Delimon.Win32.IO.dll

Filesize
928KB

MD5
35717652a830419d1179e8c0acf04736

SHA1
cfcb2601e9b5ed6960cac9d2fc70673064b131ea

SHA256
7fe1e6207f99d35de9470f8ce999346dcebad1ad4e16147adf7327c3e3f77204

SHA512
be9c7632ccdd90082f541dd84dec616d0edaa9ab99274d1f7ea761db73577671f50ca3ec97f81f25dbc4d8c5cc0404884f9c9eb7d5b56b4ab19e9625b9236785

Download Submit
\Program Files (x86)\Advanced Driver Updater\Delimon.Win32.IO.dll

Filesize
928KB

MD5
35717652a830419d1179e8c0acf04736

SHA1
cfcb2601e9b5ed6960cac9d2fc70673064b131ea

SHA256
7fe1e6207f99d35de9470f8ce999346dcebad1ad4e16147adf7327c3e3f77204

SHA512
be9c7632ccdd90082f541dd84dec616d0edaa9ab99274d1f7ea761db73577671f50ca3ec97f81f25dbc4d8c5cc0404884f9c9eb7d5b56b4ab19e9625b9236785

Download Submit
\Program Files (x86)\Advanced Driver Updater\Delimon.Win32.IO.dll

Filesize
928KB

MD5
35717652a830419d1179e8c0acf04736

SHA1
cfcb2601e9b5ed6960cac9d2fc70673064b131ea

SHA256
7fe1e6207f99d35de9470f8ce999346dcebad1ad4e16147adf7327c3e3f77204

SHA512
be9c7632ccdd90082f541dd84dec616d0edaa9ab99274d1f7ea761db73577671f50ca3ec97f81f25dbc4d8c5cc0404884f9c9eb7d5b56b4ab19e9625b9236785

Download Submit
\Program Files (x86)\Advanced Driver Updater\Interop.Shell32.dll

Filesize
60KB

MD5
08411c797ccc325eb2c0161e7ea91c11

SHA1
51a0a51bc4277bc822badfb8c3ddc26a4bc8a112

SHA256
0c43be1d15f1efcc7b9d62b46d03496ea45cd9cac709dc7e08e50f4ccde704a4

SHA512
ca3e708194640ea3ac005d527e829dd1d83351584c717f661369fb39568575a6df826d416707fb35c947668ed197a5743032d3bc65862ace5d1dd9e38c7bb9be

Download Submit
\Program Files (x86)\Advanced Driver Updater\Interop.Shell32.dll

Filesize
60KB

MD5
08411c797ccc325eb2c0161e7ea91c11

SHA1
51a0a51bc4277bc822badfb8c3ddc26a4bc8a112

SHA256
0c43be1d15f1efcc7b9d62b46d03496ea45cd9cac709dc7e08e50f4ccde704a4

SHA512
ca3e708194640ea3ac005d527e829dd1d83351584c717f661369fb39568575a6df826d416707fb35c947668ed197a5743032d3bc65862ace5d1dd9e38c7bb9be

Download Submit
\Program Files (x86)\Advanced Driver Updater\Interop.Shell32.dll

Filesize
60KB

MD5
08411c797ccc325eb2c0161e7ea91c11

SHA1
51a0a51bc4277bc822badfb8c3ddc26a4bc8a112

SHA256
0c43be1d15f1efcc7b9d62b46d03496ea45cd9cac709dc7e08e50f4ccde704a4

SHA512
ca3e708194640ea3ac005d527e829dd1d83351584c717f661369fb39568575a6df826d416707fb35c947668ed197a5743032d3bc65862ace5d1dd9e38c7bb9be

Download Submit
\Program Files (x86)\Advanced Driver Updater\Interop.Shell32.dll

Filesize
60KB

MD5
08411c797ccc325eb2c0161e7ea91c11

SHA1
51a0a51bc4277bc822badfb8c3ddc26a4bc8a112

SHA256
0c43be1d15f1efcc7b9d62b46d03496ea45cd9cac709dc7e08e50f4ccde704a4

SHA512
ca3e708194640ea3ac005d527e829dd1d83351584c717f661369fb39568575a6df826d416707fb35c947668ed197a5743032d3bc65862ace5d1dd9e38c7bb9be

Download Submit
\Program Files (x86)\Advanced Driver Updater\Interop.Shell32.dll

Filesize
60KB

MD5
08411c797ccc325eb2c0161e7ea91c11

SHA1
51a0a51bc4277bc822badfb8c3ddc26a4bc8a112

SHA256
0c43be1d15f1efcc7b9d62b46d03496ea45cd9cac709dc7e08e50f4ccde704a4

SHA512
ca3e708194640ea3ac005d527e829dd1d83351584c717f661369fb39568575a6df826d416707fb35c947668ed197a5743032d3bc65862ace5d1dd9e38c7bb9be

Download Submit
\Program Files (x86)\Advanced Driver Updater\Interop.Shell32.dll

Filesize
60KB

MD5
08411c797ccc325eb2c0161e7ea91c11

SHA1
51a0a51bc4277bc822badfb8c3ddc26a4bc8a112

SHA256
0c43be1d15f1efcc7b9d62b46d03496ea45cd9cac709dc7e08e50f4ccde704a4

SHA512
ca3e708194640ea3ac005d527e829dd1d83351584c717f661369fb39568575a6df826d416707fb35c947668ed197a5743032d3bc65862ace5d1dd9e38c7bb9be

Download Submit
\Program Files (x86)\Advanced Driver Updater\Interop.Shell32.dll

Filesize
60KB

MD5
08411c797ccc325eb2c0161e7ea91c11

SHA1
51a0a51bc4277bc822badfb8c3ddc26a4bc8a112

SHA256
0c43be1d15f1efcc7b9d62b46d03496ea45cd9cac709dc7e08e50f4ccde704a4

SHA512
ca3e708194640ea3ac005d527e829dd1d83351584c717f661369fb39568575a6df826d416707fb35c947668ed197a5743032d3bc65862ace5d1dd9e38c7bb9be

Download Submit
\Program Files (x86)\Advanced Driver Updater\Interop.Shell32.dll

Filesize
60KB

MD5
08411c797ccc325eb2c0161e7ea91c11

SHA1
51a0a51bc4277bc822badfb8c3ddc26a4bc8a112

SHA256
0c43be1d15f1efcc7b9d62b46d03496ea45cd9cac709dc7e08e50f4ccde704a4

SHA512
ca3e708194640ea3ac005d527e829dd1d83351584c717f661369fb39568575a6df826d416707fb35c947668ed197a5743032d3bc65862ace5d1dd9e38c7bb9be

Download Submit
\Program Files (x86)\Advanced Driver Updater\Interop.Shell32.dll

Filesize
60KB

MD5
08411c797ccc325eb2c0161e7ea91c11

SHA1
51a0a51bc4277bc822badfb8c3ddc26a4bc8a112

SHA256
0c43be1d15f1efcc7b9d62b46d03496ea45cd9cac709dc7e08e50f4ccde704a4

SHA512
ca3e708194640ea3ac005d527e829dd1d83351584c717f661369fb39568575a6df826d416707fb35c947668ed197a5743032d3bc65862ace5d1dd9e38c7bb9be

Download Submit
\Program Files (x86)\Advanced Driver Updater\Interop.Shell32.dll

Filesize
60KB

MD5
08411c797ccc325eb2c0161e7ea91c11

SHA1
51a0a51bc4277bc822badfb8c3ddc26a4bc8a112

SHA256
0c43be1d15f1efcc7b9d62b46d03496ea45cd9cac709dc7e08e50f4ccde704a4

SHA512
ca3e708194640ea3ac005d527e829dd1d83351584c717f661369fb39568575a6df826d416707fb35c947668ed197a5743032d3bc65862ace5d1dd9e38c7bb9be

Download Submit
\Program Files (x86)\Advanced Driver Updater\Interop.Shell32.dll

Filesize
60KB

MD5
08411c797ccc325eb2c0161e7ea91c11

SHA1
51a0a51bc4277bc822badfb8c3ddc26a4bc8a112

SHA256
0c43be1d15f1efcc7b9d62b46d03496ea45cd9cac709dc7e08e50f4ccde704a4

SHA512
ca3e708194640ea3ac005d527e829dd1d83351584c717f661369fb39568575a6df826d416707fb35c947668ed197a5743032d3bc65862ace5d1dd9e38c7bb9be

Download Submit
\Program Files (x86)\Advanced Driver Updater\Interop.Shell32.dll

Filesize
60KB

MD5
08411c797ccc325eb2c0161e7ea91c11

SHA1
51a0a51bc4277bc822badfb8c3ddc26a4bc8a112

SHA256
0c43be1d15f1efcc7b9d62b46d03496ea45cd9cac709dc7e08e50f4ccde704a4

SHA512
ca3e708194640ea3ac005d527e829dd1d83351584c717f661369fb39568575a6df826d416707fb35c947668ed197a5743032d3bc65862ace5d1dd9e38c7bb9be

Download Submit
\Program Files (x86)\Advanced Driver Updater\Microsoft.Win32.TaskScheduler.dll

Filesize
112KB

MD5
c757150e058428e2a0757701930c223c

SHA1
aa162301c63621214581792b8fde77adf42e124c

SHA256
e3d4a237487e2dcd925c84559957473692bf04cd59b5f95748594345a047231e

SHA512
c7763f4558460092989dd393c4febc220e3fb5b9b13eb4ad4041623bfb527f887c09e39b5aa6c529412f6c9fa837155ae3d5d8d959211cb1452d4b4ed3966f06

Download Submit
\Program Files (x86)\Advanced Driver Updater\Microsoft.Win32.TaskScheduler.dll

Filesize
112KB

MD5
c757150e058428e2a0757701930c223c

SHA1
aa162301c63621214581792b8fde77adf42e124c

SHA256
e3d4a237487e2dcd925c84559957473692bf04cd59b5f95748594345a047231e

SHA512
c7763f4558460092989dd393c4febc220e3fb5b9b13eb4ad4041623bfb527f887c09e39b5aa6c529412f6c9fa837155ae3d5d8d959211cb1452d4b4ed3966f06

Download Submit
\Program Files (x86)\Advanced Driver Updater\Microsoft.Win32.TaskScheduler.dll

Filesize
112KB

MD5
c757150e058428e2a0757701930c223c

SHA1
aa162301c63621214581792b8fde77adf42e124c

SHA256
e3d4a237487e2dcd925c84559957473692bf04cd59b5f95748594345a047231e

SHA512
c7763f4558460092989dd393c4febc220e3fb5b9b13eb4ad4041623bfb527f887c09e39b5aa6c529412f6c9fa837155ae3d5d8d959211cb1452d4b4ed3966f06

Download Submit
\Program Files (x86)\Advanced Driver Updater\Microsoft.Win32.TaskScheduler.dll

Filesize
112KB

MD5
c757150e058428e2a0757701930c223c

SHA1
aa162301c63621214581792b8fde77adf42e124c

SHA256
e3d4a237487e2dcd925c84559957473692bf04cd59b5f95748594345a047231e

SHA512
c7763f4558460092989dd393c4febc220e3fb5b9b13eb4ad4041623bfb527f887c09e39b5aa6c529412f6c9fa837155ae3d5d8d959211cb1452d4b4ed3966f06

Download Submit
\Program Files (x86)\Advanced Driver Updater\WPFToolkit.dll

Filesize
456KB

MD5
195ed09e0b4f3b09ea4a3b67a0d3f396

SHA1
01a250631397c93c4aab9a777a86e39fd8d84f09

SHA256
aef9fcbb874fc82e151e32279330061f8f22a77c05f583a0cb5e5696654ac456

SHA512
b801c03efa3e8079366a7782d2634a3686d88f64c3c31a03aa5ce71b7bf472766724d209290c231d55da89dd4f03bd1c0153ffeb514e1d5d408cc2c713cd4098

Download Submit
\Program Files (x86)\Advanced Driver Updater\WPFToolkit.dll

Filesize
456KB

MD5
195ed09e0b4f3b09ea4a3b67a0d3f396

SHA1
01a250631397c93c4aab9a777a86e39fd8d84f09

SHA256
aef9fcbb874fc82e151e32279330061f8f22a77c05f583a0cb5e5696654ac456

SHA512
b801c03efa3e8079366a7782d2634a3686d88f64c3c31a03aa5ce71b7bf472766724d209290c231d55da89dd4f03bd1c0153ffeb514e1d5d408cc2c713cd4098

Download Submit
\Program Files (x86)\Advanced Driver Updater\WPFToolkit.dll

Filesize
456KB

MD5
195ed09e0b4f3b09ea4a3b67a0d3f396

SHA1
01a250631397c93c4aab9a777a86e39fd8d84f09

SHA256
aef9fcbb874fc82e151e32279330061f8f22a77c05f583a0cb5e5696654ac456

SHA512
b801c03efa3e8079366a7782d2634a3686d88f64c3c31a03aa5ce71b7bf472766724d209290c231d55da89dd4f03bd1c0153ffeb514e1d5d408cc2c713cd4098

Download Submit
\Program Files (x86)\Advanced Driver Updater\WPFToolkit.dll

Filesize
456KB

MD5
195ed09e0b4f3b09ea4a3b67a0d3f396

SHA1
01a250631397c93c4aab9a777a86e39fd8d84f09

SHA256
aef9fcbb874fc82e151e32279330061f8f22a77c05f583a0cb5e5696654ac456

SHA512
b801c03efa3e8079366a7782d2634a3686d88f64c3c31a03aa5ce71b7bf472766724d209290c231d55da89dd4f03bd1c0153ffeb514e1d5d408cc2c713cd4098

Download Submit
\Program Files (x86)\Advanced Driver Updater\notifierlib.dll

Filesize
617KB

MD5
c9aa5d2839ae27e0bd00f4f1e61a5c70

SHA1
0901185ef0511a132d8221bc7a54a01fe5e778a7

SHA256
5cc855b81b91c8db4ecc3fa6f15b99d5cec8bbbbaf37f8f2c62d992af39ea9e4

SHA512
ae59e2f7c6fc456a92b712a79d47d55304d29b7031b9f2fb9cce14fa7db499563f7398d819cb253284ba2a5ab16bf1245d85be6ad62f26768204aeb561a80483

Download Submit
\Program Files (x86)\Advanced Driver Updater\notifierlib.dll

Filesize
617KB

MD5
c9aa5d2839ae27e0bd00f4f1e61a5c70

SHA1
0901185ef0511a132d8221bc7a54a01fe5e778a7

SHA256
5cc855b81b91c8db4ecc3fa6f15b99d5cec8bbbbaf37f8f2c62d992af39ea9e4

SHA512
ae59e2f7c6fc456a92b712a79d47d55304d29b7031b9f2fb9cce14fa7db499563f7398d819cb253284ba2a5ab16bf1245d85be6ad62f26768204aeb561a80483

Download Submit
\Program Files (x86)\Advanced Driver Updater\notifierlib.dll

Filesize
617KB

MD5
c9aa5d2839ae27e0bd00f4f1e61a5c70

SHA1
0901185ef0511a132d8221bc7a54a01fe5e778a7

SHA256
5cc855b81b91c8db4ecc3fa6f15b99d5cec8bbbbaf37f8f2c62d992af39ea9e4

SHA512
ae59e2f7c6fc456a92b712a79d47d55304d29b7031b9f2fb9cce14fa7db499563f7398d819cb253284ba2a5ab16bf1245d85be6ad62f26768204aeb561a80483

Download Submit
\Program Files (x86)\Advanced Driver Updater\notifierlib.dll

Filesize
617KB

MD5
c9aa5d2839ae27e0bd00f4f1e61a5c70

SHA1
0901185ef0511a132d8221bc7a54a01fe5e778a7

SHA256
5cc855b81b91c8db4ecc3fa6f15b99d5cec8bbbbaf37f8f2c62d992af39ea9e4

SHA512
ae59e2f7c6fc456a92b712a79d47d55304d29b7031b9f2fb9cce14fa7db499563f7398d819cb253284ba2a5ab16bf1245d85be6ad62f26768204aeb561a80483

Download Submit
\Users\Admin\AppData\Local\Temp\is-1GD98.tmp\isxdl.dll

Filesize
152KB

MD5
82201cd8f401f00000b7575b24b3ad0b

SHA1
fa3659e48990f2ab24f8e1bf9bb650f11641ffe0

SHA256
9d64a934a4a12c61a33342151e674100e1ec0074d106612b1e81244234d93d67

SHA512
a491696e66c64e751712c028f42cb4067339c7d2b231e7a889f006291c10bc74d6597f1a52270b979b9a63351d1e42cdf302f05cc6840c54551657bd0737ffc4

Download Submit
memory/1004-32-0x0000000000400000-0x000000000053E000-memory.dmp

Filesize
1.2MB

Download
memory/1004-397-0x0000000000400000-0x000000000053E000-memory.dmp

Filesize
1.2MB

Download
memory/1004-7-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1004-368-0x0000000000400000-0x000000000053E000-memory.dmp

Filesize
1.2MB

Download
memory/1004-169-0x0000000000400000-0x000000000053E000-memory.dmp

Filesize
1.2MB

Download
memory/1004-33-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1236-402-0x0000000071240000-0x00000000717F0000-memory.dmp

Filesize
5.7MB

Download
memory/1236-444-0x0000000071240000-0x00000000717F0000-memory.dmp

Filesize
5.7MB

Download
memory/1236-396-0x0000000002640000-0x0000000002650000-memory.dmp

Filesize
64KB

Download
memory/1236-434-0x0000000002640000-0x0000000002650000-memory.dmp

Filesize
64KB

Download
memory/1236-668-0x0000000002640000-0x0000000002650000-memory.dmp

Filesize
64KB

Download
memory/1236-1520-0x0000000002640000-0x0000000002650000-memory.dmp

Filesize
64KB

Download
memory/1236-395-0x0000000071240000-0x00000000717F0000-memory.dmp

Filesize
5.7MB

Download
memory/1236-807-0x0000000002640000-0x0000000002650000-memory.dmp

Filesize
64KB

Download
memory/1236-1562-0x0000000002640000-0x0000000002650000-memory.dmp

Filesize
64KB

Download
memory/1236-1561-0x0000000002640000-0x0000000002650000-memory.dmp

Filesize
64KB

Download
memory/1236-464-0x0000000071240000-0x00000000717F0000-memory.dmp

Filesize
5.7MB

Download
memory/1236-469-0x0000000002640000-0x0000000002650000-memory.dmp

Filesize
64KB

Download
memory/1236-806-0x0000000002640000-0x0000000002650000-memory.dmp

Filesize
64KB

Download
memory/1236-647-0x0000000002640000-0x0000000002650000-memory.dmp

Filesize
64KB

Download
memory/1236-484-0x0000000002640000-0x0000000002650000-memory.dmp

Filesize
64KB

Download
memory/1236-416-0x0000000005370000-0x0000000005371000-memory.dmp

Filesize
4KB

Download
memory/2000-171-0x0000000002C90000-0x0000000002CA0000-memory.dmp

Filesize
64KB

Download
memory/2000-170-0x0000000071240000-0x00000000717F0000-memory.dmp

Filesize
5.7MB

Download
memory/2000-195-0x0000000002C90000-0x0000000002CA0000-memory.dmp

Filesize
64KB

Download
memory/2000-360-0x0000000002C90000-0x0000000002CA0000-memory.dmp

Filesize
64KB

Download
memory/2000-184-0x0000000005D50000-0x0000000005D51000-memory.dmp

Filesize
4KB

Download
memory/2000-366-0x0000000071240000-0x00000000717F0000-memory.dmp

Filesize
5.7MB

Download
memory/2772-426-0x0000000071240000-0x00000000717F0000-memory.dmp

Filesize
5.7MB

Download
memory/2772-427-0x0000000003570000-0x0000000003580000-memory.dmp

Filesize
64KB

Download
memory/2772-636-0x0000000071240000-0x00000000717F0000-memory.dmp

Filesize
5.7MB

Download
memory/2772-586-0x0000000003570000-0x0000000003580000-memory.dmp

Filesize
64KB

Download
memory/2772-428-0x0000000071240000-0x00000000717F0000-memory.dmp

Filesize
5.7MB

Download
memory/2772-433-0x0000000006100000-0x0000000006101000-memory.dmp

Filesize
4KB

Download
memory/2772-446-0x0000000003570000-0x0000000003580000-memory.dmp

Filesize
64KB

Download
memory/3212-2148-0x00000202311E0000-0x00000202311E2000-memory.dmp

Filesize
8KB

Download
memory/3212-1560-0x00000202302C0000-0x00000202302C2000-memory.dmp

Filesize
8KB

Download
memory/3212-1831-0x00000202376E0000-0x00000202376E1000-memory.dmp

Filesize
4KB

Download
memory/3212-1537-0x0000020231800000-0x0000020231810000-memory.dmp

Filesize
64KB

Download
memory/3212-1829-0x00000202376D0000-0x00000202376D1000-memory.dmp

Filesize
4KB

Download
memory/3212-2151-0x00000202302F0000-0x00000202302F1000-memory.dmp

Filesize
4KB

Download
memory/3212-2155-0x00000202302B0000-0x00000202302B1000-memory.dmp

Filesize
4KB

Download
memory/3860-804-0x00000000033C0000-0x00000000033D0000-memory.dmp

Filesize
64KB

Download
memory/3860-1515-0x0000000071240000-0x00000000717F0000-memory.dmp

Filesize
5.7MB

Download
memory/3860-805-0x0000000071240000-0x00000000717F0000-memory.dmp

Filesize
5.7MB

Download
memory/3860-1462-0x00000000033C0000-0x00000000033D0000-memory.dmp

Filesize
64KB

Download
memory/3860-809-0x0000000005FB0000-0x0000000005FB1000-memory.dmp

Filesize
4KB

Download
memory/3860-810-0x00000000033C0000-0x00000000033D0000-memory.dmp

Filesize
64KB

Download
memory/3860-803-0x0000000071240000-0x00000000717F0000-memory.dmp

Filesize
5.7MB

Download
memory/4116-404-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4116-1-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4116-30-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/4404-640-0x00000000027E0000-0x00000000027F0000-memory.dmp

Filesize
64KB

Download
memory/4404-800-0x0000000071240000-0x00000000717F0000-memory.dmp

Filesize
5.7MB

Download
memory/4404-751-0x00000000027E0000-0x00000000027F0000-memory.dmp

Filesize
64KB

Download
memory/4404-650-0x00000000027E0000-0x00000000027F0000-memory.dmp

Filesize
64KB

Download
memory/4404-639-0x0000000071240000-0x00000000717F0000-memory.dmp

Filesize
5.7MB

Download
memory/4404-641-0x0000000071240000-0x00000000717F0000-memory.dmp

Filesize
5.7MB

Download
memory/4404-642-0x0000000005380000-0x0000000005381000-memory.dmp

Filesize
4KB

Download
memory/4440-651-0x000000001B510000-0x000000001B646000-memory.dmp

Filesize
1.2MB

Download
memory/4440-644-0x00007FFD2CE40000-0x00007FFD2D7E0000-memory.dmp

Filesize
9.6MB

Download
memory/4440-808-0x00007FFD2CE40000-0x00007FFD2D7E0000-memory.dmp

Filesize
9.6MB

Download
memory/4440-826-0x00000000014B0000-0x00000000014C0000-memory.dmp

Filesize
64KB

Download
memory/4440-648-0x000000001AE00000-0x000000001B1D4000-memory.dmp

Filesize
3.8MB

Download
memory/4440-649-0x00007FFD2CE40000-0x00007FFD2D7E0000-memory.dmp

Filesize
9.6MB

Download
memory/4440-643-0x0000000000F40000-0x0000000000F4C000-memory.dmp

Filesize
48KB

Download
memory/4440-645-0x0000000001820000-0x0000000001840000-memory.dmp

Filesize
128KB

Download
memory/4440-646-0x00000000014B0000-0x00000000014C0000-memory.dmp

Filesize
64KB

Download
memory/4512-1764-0x0000017DFD430000-0x0000017DFD432000-memory.dmp

Filesize
8KB

Download
memory/4512-1740-0x0000017DFC0B0000-0x0000017DFC0B2000-memory.dmp

Filesize
8KB

Download
memory/4512-1779-0x0000017DFD450000-0x0000017DFD452000-memory.dmp

Filesize
8KB

Download
memory/4512-1727-0x0000017DFD910000-0x0000017DFDA10000-memory.dmp

Filesize
1024KB

Download
memory/4512-1761-0x0000017DFCE90000-0x0000017DFCE92000-memory.dmp

Filesize
8KB

Download
memory/4512-1595-0x0000017DEB3E0000-0x0000017DEB3E2000-memory.dmp

Filesize
8KB

Download
memory/4512-1751-0x0000017DFCE70000-0x0000017DFCE72000-memory.dmp

Filesize
8KB

Download
memory/4512-1593-0x0000017DEB370000-0x0000017DEB372000-memory.dmp

Filesize
8KB

Download
memory/4512-1590-0x0000017DEB340000-0x0000017DEB342000-memory.dmp

Filesize
8KB

Download
memory/4512-1787-0x0000017DFD650000-0x0000017DFD670000-memory.dmp

Filesize
128KB

Download
memory/4512-1734-0x0000017DFC0A0000-0x0000017DFC0A2000-memory.dmp

Filesize
8KB

Download
memory/4512-1731-0x0000017DFBFA0000-0x0000017DFBFA2000-memory.dmp

Filesize
8KB

Download
memory/4912-483-0x0000000002850000-0x0000000002860000-memory.dmp

Filesize
64KB

Download
memory/4912-445-0x0000000071240000-0x00000000717F0000-memory.dmp

Filesize
5.7MB

Download
memory/4912-482-0x0000000071240000-0x00000000717F0000-memory.dmp

Filesize
5.7MB

Download
memory/4912-406-0x0000000071240000-0x00000000717F0000-memory.dmp

Filesize
5.7MB

Download
memory/4912-405-0x0000000071240000-0x00000000717F0000-memory.dmp

Filesize
5.7MB

Download
memory/4912-414-0x0000000005410000-0x0000000005411000-memory.dmp

Filesize
4KB

Download
memory/4912-407-0x0000000002850000-0x0000000002860000-memory.dmp

Filesize
64KB

Download
memory/4912-408-0x00000000053A0000-0x00000000053A1000-memory.dmp

Filesize
4KB

Download