011d634221dc4de0498600568f37e27de35cfe60fc2c2b22c2aa87871fb10c0a

Analysis

max time kernel
144s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 20:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Driver_Updater_setup.exe
Size

6.5MB
MD5

cb055d7ddb5b500c5fcb0051428fc3cc
SHA1

c98493f9809c8fd95fd8067a2f1cadf2ee4cead3
SHA256

011d634221dc4de0498600568f37e27de35cfe60fc2c2b22c2aa87871fb10c0a
SHA512

56e5a5c005fb25515971016251fbd6f0d6e2de674085c53491d0ab7e4fde8b0ca4ed9b41c4c835c43931bb74e62dd97be2d4f7d1897ef27c3a091c0a01a6bc1a
SSDEEP

98304:NSi6xhRkehvxxdcVdCHTY5yed8G34okb36Ls5UKYA26NMYMRLeYEWkARq6N6T:AvRDVhcHCmTd7fkb36HrtFYUqC6T

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

PCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Control Panel\International\Geo\Nation	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Control Panel\International\Geo\Nation	PCHelpSoftDriverUpdater.exe

Executes dropped EXE 6 IoCs

Processes:

Driver_Updater_setup.tmpPCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exeDriverPro.exePCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exe

pid	process
2168	Driver_Updater_setup.tmp
2240	PCHelpSoftDriverUpdater.exe
1668	PCHelpSoftDriverUpdater.exe
1392	DriverPro.exe
1372	PCHelpSoftDriverUpdater.exe
2812	PCHelpSoftDriverUpdater.exe

Loads dropped DLL 17 IoCs

Processes:

Driver_Updater_setup.exeDriver_Updater_setup.tmpPCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exeDriverPro.exePCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exe

pid	process
2052	Driver_Updater_setup.exe
2168	Driver_Updater_setup.tmp
2168	Driver_Updater_setup.tmp
2168	Driver_Updater_setup.tmp
2168	Driver_Updater_setup.tmp
2240	PCHelpSoftDriverUpdater.exe
2168	Driver_Updater_setup.tmp
1668	PCHelpSoftDriverUpdater.exe
2168	Driver_Updater_setup.tmp
1392	DriverPro.exe
1392	DriverPro.exe
1668	PCHelpSoftDriverUpdater.exe
1668	PCHelpSoftDriverUpdater.exe
1372	PCHelpSoftDriverUpdater.exe
1668	PCHelpSoftDriverUpdater.exe
1668	PCHelpSoftDriverUpdater.exe
2812	PCHelpSoftDriverUpdater.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

Driver_Updater_setup.tmpDriverPro.exe

description	ioc	process
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-JI27B.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-L7O2E.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-O3FCN.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\unins000.dat	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Norwegian.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-KGLHH.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-82S7N.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-8L99N.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-CV698.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-55JEO.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-D2INJ.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\sqlite3.dll	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\unins000.dat	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-N8S8C.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-PNG2U.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-7G8C0.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\French.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Japanese.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-8LOOC.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-M478L.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\unins000.msg	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Portuguese.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Korean.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Spanish.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-UCOCA.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-2SETB.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-O5HAI.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-UKU3D.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-6Q7OK.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\7z.dll	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-EUL5S.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-RPKPE.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-5LO15.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-R1TRE.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Swedish.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\English.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-24TRF.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-GN55K.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-D0PE5.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-TSNVB.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-S5136.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-FUPR7.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-GJJDD.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Polish.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\stub64.exe	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\sqlite3.dll	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-0DLE4.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-IQDUC.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Russian.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\HDMSchedule.exe	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-S4I55.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-2CVHR.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-57GE1.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-68ACR.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Italian.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-5AF5G.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-D5KF2.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Brazilian.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Finnish.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-0PVDO.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Danish.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\PlayaSDK.dll	Driver_Updater_setup.tmp

Drops file in Windows directory 1 IoCs

Processes:

PCHelpSoftDriverUpdater.exe

description ioc process

File opened for modification C:\Windows\INF\setupapi.app.log PCHelpSoftDriverUpdater.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Windows\INF\setupapi.app.log	PCHelpSoftDriverUpdater.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

PCHelpSoftDriverUpdater.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	PCHelpSoftDriverUpdater.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd76917334189000000000200000000001066000000010000200000003ff28e0dbc189d30e01838a1794daa4227462692f4dc35e5c578d19d00930c23000000000e80000000020000200000005f65c85a4dfcf46d16c8eb78b55a2e988443a275b03391fb2fce8a4ec227f35820000000322ae30a9e058f6df057aed2a644a1a6ae7cb7f647157e812f07c28ac1f5e40440000000f086112763a9b790f2db998e22be256df2af1cb860accd7f71c9543073ae3cde5d441924d73d2c273f782ea5593b2eb653ab61ed516760696678fab475b3317d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B604EA71-C9E4-11EE-BCA6-6A53A263E8F2} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000429d3af34477a14f8b2dd7691733418900000000020000000000106600000001000020000000eaf55694244a81cd424267f6f85bf55be9a7f135281b787822a764c48f830c0a000000000e80000000020000200000009f75420828dbe88a667df90a6d2b822cbf978439693156ec1a9102756ca414b99000000077d8109f0bc4abe64a3dd654a6db78e5f797e573ab140ccad209136357b69bfc116e765427fc98a27a55116d64feedf6857be505df2eeb010ca7d8f7faf1cbd15f01314834002959adbc23d5760f177887ab3243dc555681ce0cae1d9dc2e124dd78363a29bdc41591a6a503b77d508bee9231ac497f2be0ac6b92e1cecac5e09fefdf26be0e70028d3638f0d52312ef400000000851eecbc9563f2a91c6cdd866fa859ee3941324c958bc4ae0e61e905cc0d9d8b26d60855ee8b99c9faf4452a716691c00a999944d644542016acff603b68a04	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 703b5c8bf15dda01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "413931332"	iexplore.exe

Modifies registry class 26 IoCs

Processes:

Driver_Updater_setup.tmpPCHelpSoftDriverUpdater.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.HDM_encrypted	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.HDM_encrypted\OpenWithProgids	Driver_Updater_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.HDM_encrypted\OpenWithProgids\PCHelpSoftDriverUpdater.HDM_encrypted	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell	Driver_Updater_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\ = "PC HelpSoft Driver Updater Protected File"	Driver_Updater_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open\command\ = "\"C:\\Program Files (x86)\\PC HelpSoft Driver Updater\\Extra\\DriverPro.exe\" \"%1\""	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PCHelpSoftDriverUpdater.exe	Driver_Updater_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\pchsdriver	PCHelpSoftDriverUpdater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\DefaultIcon\ = "C:\\Program Files (x86)\\PC HelpSoft Driver Updater\\PCHelpSoftDriverUpdater.exe,0"	Driver_Updater_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\pchsdriver\shell	PCHelpSoftDriverUpdater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.HDM_encrypted\OpenWithProgids	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open\command	Driver_Updater_setup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\pchsdriver\shell\open\command\ = "\"C:\\Program Files (x86)\\PC HelpSoft Driver Updater\\PCHelpSoftDriverUpdater.exe\" \"%1\""	PCHelpSoftDriverUpdater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\PCHelpSoftDriverUpdater.HDM_encrypted	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\DefaultIcon	Driver_Updater_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PCHelpSoftDriverUpdater.exe\SupportedTypes\.HDM_encrypted	Driver_Updater_setup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\pchsdriver\ = "URL: Driver Updater Protocol"	PCHelpSoftDriverUpdater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open\command	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PCHelpSoftDriverUpdater.exe\SupportedTypes	Driver_Updater_setup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\pchsdriver\URL Protocol	PCHelpSoftDriverUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\pchsdriver\shell\open\command	PCHelpSoftDriverUpdater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\PCHelpSoftDriverUpdater.exe\SupportedTypes	Driver_Updater_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000_CLASSES\pchsdriver\shell\open	PCHelpSoftDriverUpdater.exe

Modifies system certificate store 2 TTPs 7 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

PCHelpSoftDriverUpdater.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	PCHelpSoftDriverUpdater.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	PCHelpSoftDriverUpdater.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	PCHelpSoftDriverUpdater.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	PCHelpSoftDriverUpdater.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	PCHelpSoftDriverUpdater.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	PCHelpSoftDriverUpdater.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	PCHelpSoftDriverUpdater.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

Driver_Updater_setup.tmpPCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exeDriverPro.exePCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exe

pid	process
2168	Driver_Updater_setup.tmp
2168	Driver_Updater_setup.tmp
2240	PCHelpSoftDriverUpdater.exe
2240	PCHelpSoftDriverUpdater.exe
2240	PCHelpSoftDriverUpdater.exe
2240	PCHelpSoftDriverUpdater.exe
1668	PCHelpSoftDriverUpdater.exe
1668	PCHelpSoftDriverUpdater.exe
1392	DriverPro.exe
1392	DriverPro.exe
1668	PCHelpSoftDriverUpdater.exe
1668	PCHelpSoftDriverUpdater.exe
1372	PCHelpSoftDriverUpdater.exe
1372	PCHelpSoftDriverUpdater.exe
2812	PCHelpSoftDriverUpdater.exe
2812	PCHelpSoftDriverUpdater.exe
2812	PCHelpSoftDriverUpdater.exe
2812	PCHelpSoftDriverUpdater.exe

Suspicious use of AdjustPrivilegeToken 47 IoCs

Processes:

PCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exe

description	pid	process
Token: SeDebugPrivilege	2240	PCHelpSoftDriverUpdater.exe
Token: SeIncreaseQuotaPrivilege	2240	PCHelpSoftDriverUpdater.exe
Token: SeImpersonatePrivilege	2240	PCHelpSoftDriverUpdater.exe
Token: SeLoadDriverPrivilege	2240	PCHelpSoftDriverUpdater.exe
Token: SeDebugPrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeIncreaseQuotaPrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeImpersonatePrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeLoadDriverPrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeDebugPrivilege	1372	PCHelpSoftDriverUpdater.exe
Token: SeIncreaseQuotaPrivilege	1372	PCHelpSoftDriverUpdater.exe
Token: SeImpersonatePrivilege	1372	PCHelpSoftDriverUpdater.exe
Token: SeLoadDriverPrivilege	1372	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	1668	PCHelpSoftDriverUpdater.exe
Token: SeDebugPrivilege	2812	PCHelpSoftDriverUpdater.exe
Token: SeIncreaseQuotaPrivilege	2812	PCHelpSoftDriverUpdater.exe
Token: SeImpersonatePrivilege	2812	PCHelpSoftDriverUpdater.exe
Token: SeLoadDriverPrivilege	2812	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	2812	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	2812	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	2812	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	2812	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	2812	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	2812	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	2812	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	2812	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	2812	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	2812	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	2812	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	2812	PCHelpSoftDriverUpdater.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

Driver_Updater_setup.tmpPCHelpSoftDriverUpdater.exeiexplore.exe

pid process

2168 Driver_Updater_setup.tmp
1372 PCHelpSoftDriverUpdater.exe
1372 PCHelpSoftDriverUpdater.exe
1372 PCHelpSoftDriverUpdater.exe
1688 iexplore.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

PCHelpSoftDriverUpdater.exe

pid process

1372 PCHelpSoftDriverUpdater.exe
1372 PCHelpSoftDriverUpdater.exe
1372 PCHelpSoftDriverUpdater.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1688 iexplore.exe
1688 iexplore.exe
1576 IEXPLORE.EXE
1576 IEXPLORE.EXE
1576 IEXPLORE.EXE
1576 IEXPLORE.EXE

pid	process
1372	PCHelpSoftDriverUpdater.exe
1372	PCHelpSoftDriverUpdater.exe
1372	PCHelpSoftDriverUpdater.exe

pid	process
1688	iexplore.exe
1688	iexplore.exe
1576	IEXPLORE.EXE
1576	IEXPLORE.EXE
1576	IEXPLORE.EXE
1576	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 58 IoCs

Processes:

Driver_Updater_setup.exeDriver_Updater_setup.tmpPCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exeiexplore.exe

description	pid	process	target process
PID 2052 wrote to memory of 2168	2052	Driver_Updater_setup.exe	Driver_Updater_setup.tmp
PID 2052 wrote to memory of 2168	2052	Driver_Updater_setup.exe	Driver_Updater_setup.tmp
PID 2052 wrote to memory of 2168	2052	Driver_Updater_setup.exe	Driver_Updater_setup.tmp
PID 2052 wrote to memory of 2168	2052	Driver_Updater_setup.exe	Driver_Updater_setup.tmp
PID 2052 wrote to memory of 2168	2052	Driver_Updater_setup.exe	Driver_Updater_setup.tmp
PID 2052 wrote to memory of 2168	2052	Driver_Updater_setup.exe	Driver_Updater_setup.tmp
PID 2052 wrote to memory of 2168	2052	Driver_Updater_setup.exe	Driver_Updater_setup.tmp
PID 2168 wrote to memory of 2240	2168	Driver_Updater_setup.tmp	PCHelpSoftDriverUpdater.exe
PID 2168 wrote to memory of 2240	2168	Driver_Updater_setup.tmp	PCHelpSoftDriverUpdater.exe
PID 2168 wrote to memory of 2240	2168	Driver_Updater_setup.tmp	PCHelpSoftDriverUpdater.exe
PID 2168 wrote to memory of 2240	2168	Driver_Updater_setup.tmp	PCHelpSoftDriverUpdater.exe
PID 2168 wrote to memory of 2240	2168	Driver_Updater_setup.tmp	PCHelpSoftDriverUpdater.exe
PID 2168 wrote to memory of 2240	2168	Driver_Updater_setup.tmp	PCHelpSoftDriverUpdater.exe
PID 2168 wrote to memory of 2240	2168	Driver_Updater_setup.tmp	PCHelpSoftDriverUpdater.exe
PID 2240 wrote to memory of 1868	2240	PCHelpSoftDriverUpdater.exe	schtasks.exe
PID 2240 wrote to memory of 1868	2240	PCHelpSoftDriverUpdater.exe	schtasks.exe
PID 2240 wrote to memory of 1868	2240	PCHelpSoftDriverUpdater.exe	schtasks.exe
PID 2240 wrote to memory of 1868	2240	PCHelpSoftDriverUpdater.exe	schtasks.exe
PID 2240 wrote to memory of 768	2240	PCHelpSoftDriverUpdater.exe	schtasks.exe
PID 2240 wrote to memory of 768	2240	PCHelpSoftDriverUpdater.exe	schtasks.exe
PID 2240 wrote to memory of 768	2240	PCHelpSoftDriverUpdater.exe	schtasks.exe
PID 2240 wrote to memory of 768	2240	PCHelpSoftDriverUpdater.exe	schtasks.exe
PID 2168 wrote to memory of 1668	2168	Driver_Updater_setup.tmp	PCHelpSoftDriverUpdater.exe
PID 2168 wrote to memory of 1668	2168	Driver_Updater_setup.tmp	PCHelpSoftDriverUpdater.exe
PID 2168 wrote to memory of 1668	2168	Driver_Updater_setup.tmp	PCHelpSoftDriverUpdater.exe
PID 2168 wrote to memory of 1668	2168	Driver_Updater_setup.tmp	PCHelpSoftDriverUpdater.exe
PID 2168 wrote to memory of 1668	2168	Driver_Updater_setup.tmp	PCHelpSoftDriverUpdater.exe
PID 2168 wrote to memory of 1668	2168	Driver_Updater_setup.tmp	PCHelpSoftDriverUpdater.exe
PID 2168 wrote to memory of 1668	2168	Driver_Updater_setup.tmp	PCHelpSoftDriverUpdater.exe
PID 2168 wrote to memory of 1392	2168	Driver_Updater_setup.tmp	DriverPro.exe
PID 2168 wrote to memory of 1392	2168	Driver_Updater_setup.tmp	DriverPro.exe
PID 2168 wrote to memory of 1392	2168	Driver_Updater_setup.tmp	DriverPro.exe
PID 2168 wrote to memory of 1392	2168	Driver_Updater_setup.tmp	DriverPro.exe
PID 2168 wrote to memory of 1392	2168	Driver_Updater_setup.tmp	DriverPro.exe
PID 2168 wrote to memory of 1392	2168	Driver_Updater_setup.tmp	DriverPro.exe
PID 2168 wrote to memory of 1392	2168	Driver_Updater_setup.tmp	DriverPro.exe
PID 1668 wrote to memory of 1372	1668	PCHelpSoftDriverUpdater.exe	PCHelpSoftDriverUpdater.exe
PID 1668 wrote to memory of 1372	1668	PCHelpSoftDriverUpdater.exe	PCHelpSoftDriverUpdater.exe
PID 1668 wrote to memory of 1372	1668	PCHelpSoftDriverUpdater.exe	PCHelpSoftDriverUpdater.exe
PID 1668 wrote to memory of 1372	1668	PCHelpSoftDriverUpdater.exe	PCHelpSoftDriverUpdater.exe
PID 1668 wrote to memory of 1372	1668	PCHelpSoftDriverUpdater.exe	PCHelpSoftDriverUpdater.exe
PID 1668 wrote to memory of 1372	1668	PCHelpSoftDriverUpdater.exe	PCHelpSoftDriverUpdater.exe
PID 1668 wrote to memory of 1372	1668	PCHelpSoftDriverUpdater.exe	PCHelpSoftDriverUpdater.exe
PID 1668 wrote to memory of 2812	1668	PCHelpSoftDriverUpdater.exe	PCHelpSoftDriverUpdater.exe
PID 1668 wrote to memory of 2812	1668	PCHelpSoftDriverUpdater.exe	PCHelpSoftDriverUpdater.exe
PID 1668 wrote to memory of 2812	1668	PCHelpSoftDriverUpdater.exe	PCHelpSoftDriverUpdater.exe
PID 1668 wrote to memory of 2812	1668	PCHelpSoftDriverUpdater.exe	PCHelpSoftDriverUpdater.exe
PID 1668 wrote to memory of 2812	1668	PCHelpSoftDriverUpdater.exe	PCHelpSoftDriverUpdater.exe
PID 1668 wrote to memory of 2812	1668	PCHelpSoftDriverUpdater.exe	PCHelpSoftDriverUpdater.exe
PID 1668 wrote to memory of 2812	1668	PCHelpSoftDriverUpdater.exe	PCHelpSoftDriverUpdater.exe
PID 1668 wrote to memory of 1688	1668	PCHelpSoftDriverUpdater.exe	iexplore.exe
PID 1668 wrote to memory of 1688	1668	PCHelpSoftDriverUpdater.exe	iexplore.exe
PID 1668 wrote to memory of 1688	1668	PCHelpSoftDriverUpdater.exe	iexplore.exe
PID 1668 wrote to memory of 1688	1668	PCHelpSoftDriverUpdater.exe	iexplore.exe
PID 1688 wrote to memory of 1576	1688	iexplore.exe	IEXPLORE.EXE
PID 1688 wrote to memory of 1576	1688	iexplore.exe	IEXPLORE.EXE
PID 1688 wrote to memory of 1576	1688	iexplore.exe	IEXPLORE.EXE
PID 1688 wrote to memory of 1576	1688	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\Driver_Updater_setup.exe
"C:\Users\Admin\AppData\Local\Temp\Driver_Updater_setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2052

C:\Users\Admin\AppData\Local\Temp\is-HFD6T.tmp\Driver_Updater_setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-HFD6T.tmp\Driver_Updater_setup.tmp" /SL5="$70120,5837648,810496,C:\Users\Admin\AppData\Local\Temp\Driver_Updater_setup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2168

C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe
"C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /INSTALL
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2240

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Delete /TN "PC HelpSoft Driver Updater Schedule" /F
4⤵
PID:1868

C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Delete /TN "PC HelpSoft Driver Updater Monitoring" /F
4⤵
PID:768

C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe
"C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /START /INSTALLED
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1668

C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe
"C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /TRAY
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1372

C:\Users\Admin\AppData\Local\Temp\tmpB519.tmp_collect\PCHelpSoftDriverUpdater.exe
"C:\Users\Admin\AppData\Local\Temp\tmpB519.tmp_collect\PCHelpSoftDriverUpdater.exe" /COLLECT
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2812

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://store.pchelpsoft.com/clickgate/join.aspx?ref=pchelpsoft.com&ujid=n4l4AdUDqyE%3D&mkey3=win_cta1&mkey4=0&mkey5=3&mkey6=0&mkey7=NO_TRIAL
4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:2
5⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe
"C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:1392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\PC HelpSoft Driver Updater\English.ini

Filesize
50KB

MD5
62b54950511f95d047312e81181c9b03

SHA1
7f7f17cc93bfac4730fc43981be3bc99246d71a3

SHA256
7472f84c630e3d743845a4c5187da48c28da4a45ca05d35652684ed6cfee7b67

SHA512
fa76c8cd62c514e726181e829fcbccbc4068e15745e11a86a0ca9ea4be95cc2016f2997948fbb713e97aeb6eeb3035a724f38990c2b2905dbbe66b63a99db7f6

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Brazilian.ini

Filesize
17KB

MD5
59fdee32d3f9b78f5584b0f41b0fd6f7

SHA1
cd29d4fd4868027203e05aaac7540e3b56b76ae3

SHA256
030e0280563f4e6cc76dc47fa8143fe2cae26684bf657e836fa250d6a44f8710

SHA512
f94e38fe71227f055830124baa9b2aa5707ff4680f527bd10a71a73f43e5888056ec83ce77bc3097ed945d89861efdf44d2450fb905388bc09c4fb00c341e2ea

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Danish.ini

Filesize
16KB

MD5
e105e39bd46b29fc3d9c8a45cc93b1a8

SHA1
e8d29b02e57e223feea62b0bae930df9af064dd1

SHA256
338afdb73932bfbd15c2627df805c5838efc1a0e624e84e7311389bdfb1fd54e

SHA512
873f1cb99e02885a9f85b8ced3c0dd404f652b974f421bef77e223fe590488cf1202a55f48f784793cb34f68565a31e06d52496ba3aad8b52ff1287816c1ee09

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe

Filesize
512KB

MD5
42271501be6049d007c098c11db4d168

SHA1
48bc35355566762da7562d32234bfa187a67e0de

SHA256
d87ec5ce0cf4a7cde8f3484a1ce07ebeb82a27a5afbbfbaa8f32f6ca92e7f6bd

SHA512
0d1884dfc07ea5e82c5bf781f6a2ee381fbdaf979a5edd95ace00527884766bd4b5da878f1c3408a8d02fa2588bf0bf536b793a86d38974b0c099e3a8e0e3934

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Dutch.ini

Filesize
17KB

MD5
094069998ccb29d5a56a4e605394a639

SHA1
440b4ecbff42c32d1ea1f299001f38675ac0190e

SHA256
c2b9ef60261365303b536258831c93fc1804e09e1bb01a02b010fa7878cbd22e

SHA512
6e6f443e6b744e2b62989cb92e8bb7561e5ef8aaef46dea35529107bdbce028894d0e8a150fd66f7ff1b287dce086fcf3b9f8defe3b985e73ae74bfb2431d21f

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\English.ini

Filesize
15KB

MD5
1b2ffa92f211d9d0b7cdb536e99ce4b3

SHA1
ec5b4885556194540bdb4a0166adbd081b591fae

SHA256
10d7845b4f5ce17da1115eb60b054adaa32f424e349b21d8a46682eecc1b835e

SHA512
86ac865a88a438bb4035b0b5473354b8aecd9963a79c67f5725813a585a0b94eb1ed049903fc5e8d8495d274fd23b88bdc7ac7c263e4c18e1c2492066873fa79

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Finnish.ini

Filesize
17KB

MD5
07ace8db776a5db0a639fa6be292a277

SHA1
11b8003a8a5382b8e3dcd3b002b9de254f4c83d4

SHA256
e6524a50756ca57f607acba31184b493d04030b31455ecd7d9ecdd9f875a6805

SHA512
345071223110b19bb0b06e261929be7fd9c9249e7960296ad471bd86c28c605c5f9b9c3d3bd0123e4fb6d59badf80f077882b06cd78f0d6a4a47ecc035d2a348

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\French.ini

Filesize
18KB

MD5
d0d011e52fb74218b602003c376d94b3

SHA1
3024e6bd626d6dc3a684295e733eac740d2c53fe

SHA256
0895c6e68dd04cdc888e93a82b60d59d807eb24b8002c2bdc8998bacc6246bee

SHA512
8ebd6f8e6dc9b987c161d44b505e29b1840442cc2b46e67239a3aa33e1fa2257b9726c36a9527e0e9f17001ca02272f7ddf5676b36ec27472936a5c8f30c8eb1

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\German.ini

Filesize
18KB

MD5
9f25fbf2d9d6db03a387895b9ad147b4

SHA1
42ffa865b058e4dbe41059c5c03b09ebe41cb7a6

SHA256
67d2a2452dd77fa8deda9e1d5cf5710eeadc5ef29a85b7aac690420db2cbb62d

SHA512
3b935261a4180e58464886355123193edf446512ecb61b941e3cffc2062ea51399802a4873760e35696e35afedfb9e647a904927f2cf4171e64b040bc29230a5

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Italian.ini

Filesize
17KB

MD5
123b66fc5bdda63a8bba1b580511f6ac

SHA1
abba14dfa8c91c0c98a2659a9e6751cb98383921

SHA256
f809d4ea37d7c1d42c5d8ffe55b1bdeaa9065b2313b53810400297f70efecd44

SHA512
2a942d9cbf31b3e6a30f66c6445ffe1c18582826c0a9f1d35268e99193b590762adc9f6aa14498b39285da873ea3b6ec87a3c48a79eafe7c4c2bfdc8634910f3

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Japanese.ini

Filesize
21KB

MD5
daba71201d5e8859ff518008a23bf1fe

SHA1
f583f65604c1793d90c5b4ba72145f45af0894d7

SHA256
cb73b7514d23b9958735a8bfdecbd5d77571be9cc23da9bb9724b01b9116e602

SHA512
d187f38e7ab632656bb5fc3baae5bbbcf521a9f612e09dd03c536bd0c03482eb7a42116380aec1bfbf2b462f88c86cd7c29cc02e4f0030f2153edabf1e031dd4

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Korean.ini

Filesize
18KB

MD5
a1aaaf95ea726ad6d5bb5e3ec030be59

SHA1
f1b2341983c7d2a0a81b7f5786865219aeb22ca4

SHA256
52bac3272f720b51fad93ac34cb9f244522752e82c833c7eb6edebb960d32369

SHA512
c3db2fb4378733d7cca8d7dee651cb096fc6cf01dca8203643aa8cd9a6db0f411b222321ea51aac8361e2bd732c546a6cf7eb5f7cfca5f1e34692fd1e5dfd48e

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Norwegian.ini

Filesize
16KB

MD5
1f35efcde6db4dec93c94bba45be4542

SHA1
359a683c1c959c0ad5cf7f7ead2a463fe4747842

SHA256
1902747d9c60329c5752b869c1adf85c701b533471cf3c6c980f736d7551c4c4

SHA512
d243d4ecaee6ad2ef06a73291db82ca9763b1d8f7a93c0f07b2b0f7b71a85b5773cfd99962aed6b2c600d86a228a5dfdbf17aee12106e5dd6dc9fedf6505a4c3

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Polish.ini

Filesize
17KB

MD5
85a03f193e27125d605b19804b43e0bb

SHA1
70d28931c8f5f19b59b1e719f1183a79f69efa62

SHA256
4805389183887f3636646cb5897371bccf7d683b4e7cbd50e35d2675e1d7fac2

SHA512
591c555a75ef380048583a4cda16888b2005dd103edfa2b4aea0b8aed459102f3a6781d34e4a2f533b25faaabefa980aafb546bdf743a55febf03c72c6000fb0

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Portuguese.ini

Filesize
17KB

MD5
b95d52afe2aa053c0096a2567bd3e381

SHA1
9fd928fb9af44e30fc8bddcba4f42a319b567666

SHA256
0e1c55e1acffc117656b552e9dc9fcab1bb5d4c8d15fdfaadedafe21222c0aea

SHA512
5d6fefdab72dc5edae981a52a809eb840bdfb6f834f7881a7ac95d99fb4692e8ee1b66709696020564cd3f3c4bf13b1b2d01228f924272c8097dee7e02a3add1

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Russian.ini

Filesize
25KB

MD5
f1e275534fe7d59ad3bebfda230d7370

SHA1
cc11725efe67239f62e0d3ae063a27576ef67db3

SHA256
c9e0b64103422fdc3f6a31ec2300b58e9540cc21346a0620c9f0901d16bdc405

SHA512
b6045f90ee2e16d15a321c149beab0d91f6e4603a9582d1efabcccdaff53bb0aca8a7ca34219b19511f9a649b11fe35cc41ecb41989c29702470d1decf5496c1

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Settings.ini

Filesize
126B

MD5
77d8771a751ba0d495200f339872ef85

SHA1
533acd0f129881feaa756fb79dde5d023f6bcede

SHA256
0166b6cd9fa3a3b030681c23b3d2399148a9ae0fa945ea5c39ff0b87f18098a9

SHA512
9bdd6655e27b36954fd6127a75bfee92d49ae7d1d553c44f6f67592ebfd147a4c0791b2bdabaa2657916c4621212b20bbb913499fbe3653584de099fd5cd01d7

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Spanish.ini

Filesize
17KB

MD5
839235142fedcf6eaacda727ab05dcb5

SHA1
99d860c34452d31d3c69f37bdb826bb9b45ab478

SHA256
802b866f10646fef8facf3b5b45b714f800aa03a582c76c06d4b9cfe7e164c82

SHA512
c145a8386e41aa9427d7a896aba5c6024daa3d9c2f2041325dc72b5c991aa43c24db0cb29138f0c91833c00528912ec787a5295fb832a8764c1e5f11b71a2dae

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Swedish.ini

Filesize
16KB

MD5
1aab81548ef8bfb11b1e81bebee4f19f

SHA1
073a5e57c51153da9454f3097f35f4213fc15d18

SHA256
0b5578d884c760c2d1e4c2d4fb16459f15bc3871a55320e58e1d9d3bfe5a4bbd

SHA512
f84cca8cc024a2c4427f9479aa719a1d0534053aa2dca7d4abd9fe759b32dea3cb91cbdad44d7e0b45f6c04515e3025d4a198704d826071d174e0fec92b71865

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

Filesize
7.7MB

MD5
ff10face54b6a9bb55517555f00b0e2c

SHA1
6895f9f89eab31dbba462839c974f03d8ddbd548

SHA256
2fe3615d909dbf926e0b5073605f99bfe938da803b99696151956188bb7c5b48

SHA512
5098a827487ecdb154fe90ab08092b0fdcca80ad2af4781b0cd682256cc0220072614be466caea27bcf85026b9b8f58e798bb29bccf5463aa0e10cb4f823a6f9

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

Filesize
2.8MB

MD5
ac9af72c9c1401e0fce47f02b8b5e629

SHA1
870a5e9e6b33e4b01d5ea879dab128b45453dfbe

SHA256
a7cb6b58e5f16b0ceb518dc8d6de1c426c135321e6a036a8ff5101ab602b2f1d

SHA512
31635dd5c5f644b5f7f9cabf11c10831af18bc60966de83bebcacce8bfafe07997534b6ddcb34575963483603659e6bc816d388fc6f7eec2bcf716eb6cad1313

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

Filesize
2.1MB

MD5
e4c6453e0f63d39385e7c48c8b1f7b9a

SHA1
cb43d634d064334c6a793bfc3218d93f84e00a38

SHA256
77a67872494a02ffd78af72292a2c5578fbbc70b85cb83051d5ab2b0d870b8b5

SHA512
a8cc009c62f81c60ca67d560340f994ae4ec534d3598c8fb7110a240601fbb22c33a39d4cba6819d7ebe3034aca0426c7216533f49a908a8b5d512e81d22f037

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

Filesize
6.4MB

MD5
0d58ccdfed7c308634aab547ba96344d

SHA1
1b1972c0170077195c8b2cbe629f992679a9e34a

SHA256
57a34da496348a63008c87d93fc91695fe0b29ea8508b54fa2d8cf9aa7c480b7

SHA512
be3da10c45e78b60a926e9f3c0bc9ff4265c3c244c43e781c9a611d95b6aad874d16ade7935cc13cbf691550edfe41d2bcd5bf329fc9807e37508545bcad3a5e

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

Filesize
4.1MB

MD5
1e54a563853460dbd1c7df7ac21aa55f

SHA1
15962b9c0afd380c9a57a7ff24e9b8a56137b46e

SHA256
ea430ccca116b9101084af84f7e9667d3ebed8657e128e8572878a69add3639d

SHA512
3716da23040e665a3494c5f1576857a22ae5679d38fdca7fd23eb937e7017420eb839e3ccb7041f3becc0fa657ce606d875449097b187875edbcfc0d0c77c61e

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\PlayaSDK.dll

Filesize
960KB

MD5
11a813c0972b740937d3a7e2daf9ffcb

SHA1
4245b5a3c97f725c56a29d745767edebb5e3f15d

SHA256
3f933bced2d9f65d48f7c48715bf286fd431341a74e1ce15d39b7c4c96603cf9

SHA512
9a590dcab0cf7051d04743736ea7a6b74fa0f87539580cc41a58ad33a76574201e7b6d54d5100cbcd262266bc55b053243edd4860a2d43deeb1c164395e4a941

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\sqlite3.dll

Filesize
640KB

MD5
842e8edbfbeffb9ef234a2da6d5980fe

SHA1
f76e944e5ac3c489d987a11a313b41dee3e813f3

SHA256
ec30f1214fa645b8e436142acab6cc9a07f5c4e3414b5e539a832df9237a7bb3

SHA512
1ca9449dffa72b274b842b3a1f2008d3f13c6f423e7ac466e2efb97fe2103e1aea052a5e8a9839083061154fb61ec870fbe8e35164b386a3aa0aaaf8064a0ed4

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\stub64.exe

Filesize
397KB

MD5
ee4e2b9f265cc0c65e4ff3d247da42e7

SHA1
81d72adaf41d3170fd03186d541d107a73a3eaa7

SHA256
abf6a5d889eba3b78e48200ab14617af7cbd81a51d601e0e5194702a0d3438cd

SHA512
38ad26ecea7d3830d39d8a587cbbd915d4f4021a89fbb6fde5e42369a0d68e41afdc27bd7511e732eea9feef603b4bf0ad96e295e164e2abe7f95a596b61135a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
ec88889fc61ab7fe7273a4a9fe459b62

SHA1
7e20061c8e54d60ae9ef0dbc2b99b59ff414d5de

SHA256
b92620f5b886889d2b8bb98bbae1ef0ba9d17f648dd469a85e03a062f6638eab

SHA512
a63444f81a73d2967c324295c71c2815975583eae4eba57a43238f758aa760eef5c5f9f7fcfe9e6f0e7125248166d7f0f47ca3345d54d5843dcb35fc37b62b12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f71826a1ec3f9e9e04cde9102fd5a3e

SHA1
132e2027cb65c3643390b7568b691e1ae12acbe7

SHA256
98e09b032b45caa09cdde7ae559efb43101e47575193a5f527f9a8056928f089

SHA512
3d7b7da33398d01c506d186f44de7d959260306a5433c6e5ac4fea1c994a69f591b611b0b8a5c877b3d843666ee44676f1a2497dfc99674d57f6b91258ed98c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
efd959f3acbf2173ebc7ea02e1d707d5

SHA1
5b014e78e15bc31e07c3385cb9d35f2c559fe2b3

SHA256
493f65ebf6123303c835a4a910c8bf4bd43ff467511e9f2b4747d3cc0bf75328

SHA512
d736ab8af30b4284dbe91bdfcb708ddba82721b6f038bca5203bdf35b262ba3ac285cf51a98ef29e6a01867baddd570cd8d910bac083885680b83eb29403422e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32c41a04f069d30ce19a9bd133387859

SHA1
672d08f4339ad9e68c84f78a67930750127475c4

SHA256
f6d37011a6c6f0aca1777600abcb0f86a17068622091808f06b29f7a9490b4e7

SHA512
d409608055f3f0b61dd34cc04b956b6ddf10f60eee5cf4112c93300f78c3f9bbe75fb9540da629635c619e219f1d314b6669a617092ece77a2c8dccd5a983a32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b2cf3eed31895dc8336924bd3f987e95

SHA1
f8527ce58c75ce69672e7e601301643c83a3745c

SHA256
da14971f3dc38126db272251bc53a3f26744bef3592785d997e820bc678edffc

SHA512
b4c569c0e24d4b6dc1e453f1a5d8c257ccf17e8b31ebb791ea85e419b1ed3738844ad52ae5d2a70385a7c66e50cc414d222646db7134ae653bc6884b022ea262

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d86be61450221958eebf7c766ddafe4

SHA1
904d893c27238b09d47b44dc257fc8bbf71bf064

SHA256
e664bdd09d297e85f7a17433c523fc868f3aeaece5ae2fcda582c222a393731c

SHA512
216a6ebf41d9f81ecff2322a9637681b945fd8d36fe0ff96c72abae00d44758195b66f8912e44df66e3c012bc52e494550f9ea338aa46bd5a4d08cee864830e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1077c644393cc95355771e3112c6ba2a

SHA1
5726b00d2f4d43c35712a9eb598bbf43c2ec549b

SHA256
f00f942cfe13f55d5defefb12d2914402639df036003c01ef38cc5b203a11890

SHA512
30543fa38747d05d2b65c27f7314c1a1560e4792b40d53931415508712014d7aaf6eaf7a2426f4580efc932f805b27061ea28c4cc831213b0d09c6d38765afcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c43a1d82bc3ca12c56e17bbe524c7cb0

SHA1
4e50bff0f349981f476c9f0567188fb5d4752588

SHA256
ae75513849a68309ed71037b76820ae50a50c5cf0cabe4d7cf5a357fc7b1bcfb

SHA512
c77f6a64c92d9c278809105b686a88d4ea1c5a34ad72ccd6645fff98deab5b6c728174c2e8b226933f1cbc4a2d7d9f6ff178e80e2356c6231816818a6edb3125

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a9cdf7a1953d9a0b04bcbda9f7347731

SHA1
1df49ba0a54e1eca37960d05adbdc1c704963be1

SHA256
045a771a991315cbee6063b5d9854a7e6d0f7bc3d178630ce7f5e0340601ab57

SHA512
f050071b9ed0e527031f59f7303f5cf84cdae78b4f0e4d3d9356e2592dfcfd2cd7f4ba5ee2bca1ec047037c21a733b85458557853977e1403c140fe84e73161c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
67e85172c829a97d3cbf6262aa73b8b9

SHA1
ce53b24bd8f39c2843eafc86bbf18375d19f40e1

SHA256
901e20b4b2c457d2a978e9c35839f2198f9ec4f8779ab070e690ced8bde6f341

SHA512
7290a1baedca4b09ca3070c4f26f47a106bec05f36a0909ed9952f82ccbc1c5c82ebb7ca97dde46cab206e9fef20deedf87dcaf6da41e05689ad22ccb1d4956c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ef38c9748966c1c159a3e1e3077f2ee

SHA1
8f354ff79b4978810145df8d6c17a363dfd5c3f9

SHA256
cd4add175be12d7974904df3451afe5397a15fc607d3b5d0c9c10223d41b60c8

SHA512
95243a50a6e50c274439a231831095ec1deb05e289160af7704946a1dc703ac232e13bc6afc86eb58e98105f581155e4b5f137697992e86dbebe6cdb5dab6c92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
677c1514a7be3734b3c22830abd060d0

SHA1
5d3538b19c2827ddf51d932c6782786558863459

SHA256
aa7e52e8c0f97e71b648cb587bd662b26bdc808b11b4bb8b2d90a6723dc2b8dc

SHA512
815930428d8c96af74e1bf80be14900ddb30e6cb589cb19b22735f5461290933ef27223ca596b79510389666b18f1be0cd1022cab184a03df7df9815a989e0d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
836acf1d75293ebbc18a7d42398543bd

SHA1
7f5377a776475189ae033c7c3e9c3fb069f21040

SHA256
0411c1a8dde900e64fc92d83cd09c0559e420945aa7e3b88a51f4f0234cbedae

SHA512
c157f81317401fae5ed16c76644f499e1aa2517422d8bc849093207b57428b0d6019fda1626b4fc7e71d4b1ba0d7890332c9d05ccc728909e46ecd475891186c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69ead03ab67d02e7f1eab7389ca8b1d4

SHA1
37838b422b66b5a161e8e57b14b140e559c667f4

SHA256
3f4bcad6ad215f2bd19bb9f5900f381d4884507542f7b6d770ccc6fa5151f1a3

SHA512
1af553d99dab70c2b508e8270c13110f060c4230057de53bb4eff3ad01cd0618bbdc1ab0acf0d7f05f1c6df4e562c75ce7c1e42449343d1497fe8b2007787b6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c95b905a303ad9dce31370a87afcecd

SHA1
d5c43ac5bef53cb8f1bd9587458108c0e0fb8ee4

SHA256
1b1347eb9fc9f51eb5d30fdf4a738ea454fd87601a501a7ff262516b2a01ffb2

SHA512
bd2a1fcf5429260ebb5b27d2f515af9942d2a74d7d6eccd7cb42b2e99b6826b2b57ba9f9a3be29d9fb91a12f3ca6c9244e480d741aac1bedccf06c0897f263da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
feddcacacae0d878b24ccdd1f504cef9

SHA1
a1b41123e8705f649214390ef8cd569817f8aed4

SHA256
ce9c34b219635abde1acbf90993482b678a49b369dd84bdbe57a349489641981

SHA512
79ec16f42737c49bce59824c5d455ff1538db06c9ea482750834c4f118deb783fdc25c85d8bb73de0669252ae5a7f95f0f1f08a6756ae141ba9797e7a80c5c78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
deb80ed9d28db31fefa40b9493e736da

SHA1
10b0c91913dae4476063902b26c51e03b2325e1f

SHA256
7f1bad272cbeefd780f2cb6f3bcee097548740f81d5f07e3da53d3f55c3841a4

SHA512
6a3aee8abcf927f896b22bdac0961e7322f62a0d2b6e6a757aba360b7d0c96e093697e572afe3d31bc2e5c42752e0808854f0f48cdaee0455d6d212f4e63b2ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9f0b04918fda4a33d5529231065de255

SHA1
6452f9b8d3bf4e51fb67b365170d83097eaf3ced

SHA256
166e6fea96481b840a7617bb309795c0b85df499b8bc8b49cb8b3184ad5af620

SHA512
aea71a5a2a1b01a165fa54953b30c939b9f3a31d8485c829af8369855144cc16b68e7325d6205ad30db1c88d2d1b3587fe475831059a8e2e49b0f24e61c1bad2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
397f95ec23a98e0a8a725b6c385db072

SHA1
603ae8226061e8bd06882464550cbc07ebd6e6ee

SHA256
86aff370979c28c6fb7493cd86857379050a88e5bc3bcbc2ac880b4de1797ff9

SHA512
e535f15839aba829cd0b005c8f2de2c645477600f72bae30a57823f5277e46aec1e7fabd61c4b64a5b44720271b3da10d1af82f64545d44b5d676c39696e559e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
51b26b616c17f5bff40d058a1b2f2d18

SHA1
5ffd1f84c34bf9260d95039dcdea8ab8db2d9f5b

SHA256
efede7a3b4d7309fa7d9c197bc447986ab3d7763435947b3201af8e13c225aed

SHA512
b98fb3f36992452c12c90f22481cb6927c970554a2d77e905e73ab5e9bd54b67975cac6041d5ed346765299fbe014a73abd3feaa9c7e6beb0dad1dd34fe48c05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e50eb4f77376683309d68e2d07c14bb2

SHA1
80b8eca0c0ffb878b03d71973805a6582721cc34

SHA256
79b18d75367ee505a582aae0131c1f7bbd0692af2b34e0ec6749536535b61e02

SHA512
404c61112c7014292f5d4c0f8e725cc8dc275604fccabf414894a23c7afb9dad287a5b231965308f0e76f65df3f5587be73b075b0829c129f1f280f4ab089b3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
32480393ad615edc05d7729b7252c11f

SHA1
e82ad73dada646bdd3f5fb2c68dddf014335cf68

SHA256
aba1dd05aa1d9a9ccedeae6bb9524199f74a663fdb5b101801b24f4824977272

SHA512
98189516dd74a6614c67a37df64543587e52b3c3ae414b5d69b2ac3048eaa70b83912c20da8c6a503f78c41cea54efcb1e66da01a69fd98f2ea113a711717291

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
84592bd5de87a32830f594a97376557c

SHA1
e1013908ce3b4a9799bba65bef5ce432964b5aff

SHA256
6fbc2638a0a07abd712000f11a55c8182761d3973fd1914188b248df3497d5ab

SHA512
01422f71e7da78463b32ae80c031a1d177615c44ccd0acdf6d8c06ebf69306b48053913379077ddc3bc4293595bb0186749bc1007863df0c2ce254ac2c6ea135

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c12de0350029522292668f7037a44ad8

SHA1
cae4c7e8d829292d51c60e6e8cb36d2241169788

SHA256
e8d3ebd89ac0f56d15aea89d66c76e46af306956b55fc71ff2f8910b3f2f38e1

SHA512
58c53c4adab96b9abdb75e94aaf1351868d13c9ddeaaade0d8f1b95955fada5f92a6f0fdac184fae0fe40587e6d00bd1140b537151263a71dbb3bad71a50d2b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8317.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8452.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB519.tmp_collect\PCHelpSoftDriverUpdater.exe

Filesize
448KB

MD5
217eef5d2ed89cf7b02835a4ea7b78be

SHA1
c274181e1161d2b4eef7b765da8f698879d5d71c

SHA256
9556676341a315ac5d0486fa0012762f7cd2f06c14e0cf1449612720fbd0ff6f

SHA512
dd8e8e39741045f5e84d280819828bc14d0441ed63005ac2ae1070b952b3d6945ec7a4268922c19f9b5a9a68b1afd6612db0a3f3fbf8ed911f762a82bbaf8724

Download Submit
C:\Users\Admin\AppData\Roaming\PC HelpSoft Driver Updater\231C3B6461A2E2B1A54F82CC975E773918A64196.7z.status

Filesize
38B

MD5
cf25c42f45a3fc92adb23a4fe24daecf

SHA1
2d52571ca1837e970538cabcc3c8fe78ae32ca88

SHA256
d25a2b6fd3c55e9a3932ac6290dd1729f02c90bdffd7cad20661ba20505a06a0

SHA512
a2ba4d33b442053030e8233af7bd64dc230343c8720f62228bb687bbaae5fea805b479e0b7eea7d8bc0ab0c84122b0733859f024ea77d4b4df59dfd0796ac00d

Download Submit
C:\Users\Admin\AppData\Roaming\PC HelpSoft Driver Updater\Devices.ini

Filesize
100KB

MD5
acc5ba995a6308965ca1d0ed872545f5

SHA1
2df07928834784267a6bea53c8746d081193b400

SHA256
1fcfc38aac23546a7e0f5a00f7a6607309f76fbc0401457dd97f4e495372990f

SHA512
c17bb2216fa67dfc8efeba736382941a49c6d212c56f9c4e012186bdd9c4e286c24deb569ebe00a24e78163839a4c95ce385294b85ebb46e16fdd43522223667

Download Submit
C:\Users\Admin\AppData\Roaming\PC HelpSoft Driver Updater\program.log

Filesize
613B

MD5
4f5844c4d523ae8e66aba65648125ea3

SHA1
3b07e9c976bea3bb5137a2b269020a9a05a41db9

SHA256
b5d280af587c4bd6f2df9d7cb2523ece760f928886700de6919e60b963e2717e

SHA512
7cfa517734aae7b626a45a98ffe8e3aa7889e96394b330ba4211a3a92483b9ed4c62ee1dddd33820a1a72f00d9c699c3e8aed9584c092fa002d24599324cff41

Download Submit
\Program Files (x86)\PC HelpSoft Driver Updater\7z.dll

Filesize
999KB

MD5
6de20d75ed981894ff5b8b89ccbc7499

SHA1
066bfefdb6a22fcc69d8cd7b22b9b9657c4f8e73

SHA256
23cc17c0e8c24f8084cd8a396e9aa33cb3e766d8b93cae54fc3857af825e7f36

SHA512
1e9766a3102da84673779e6fe597a2e301d0c770754bfa943897fa5449b21403f7e0e05c110ba0b8f84b73d791ce37e5f01c3c58f8304b86bfc0fc492e604aff

Download Submit
\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe

Filesize
768KB

MD5
b1b1f2ef3ff336f0ae1e7b2d1689c37a

SHA1
8614ee675e9d8463dbd2c944dcd84fdbdae76e3e

SHA256
832ba80a560ed77cb1bf5ccb7b3424fdf474a2b203030a612bce15c871bdcbe2

SHA512
efcad14f50d7b55b9893da1a28bb3e0d6448d345eff3bd3df1b75c431fef6acb95e8100a14b60b7c8ae3881b657d8504085bc4c508d9aa4e5bbfa2c0b902758b

Download Submit
\Program Files (x86)\PC HelpSoft Driver Updater\Extra\sqlite3.dll

Filesize
64KB

MD5
8f536319dcb2c74ecd282b81410ed19d

SHA1
b9d0f0fc8159c214a6673abe25757f225cda690c

SHA256
a8060c327e76a4264eaa9ada0c14e3eabea6e29f45209a142d46d6b7aae427df

SHA512
c5e1ace94189ded59499f9b2cd2dc88fd677c57391e280f55b107ec69775f868c3e9395bf2397c47fc30627a9ea1310f668bc5f650370cf0c778ea3936a4dd25

Download Submit
\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

Filesize
8.0MB

MD5
5130915b68090155ee60cb0dbdb31036

SHA1
8ea4812250b6397344b434653e9a632e89169b09

SHA256
9bf82d6faa91b972816c5b6c40dfdf7b2cee0ae423edd6ed7f698576cdc47356

SHA512
ff8a8f1ea343fe56e4ba44bd99b98c6ce9bdadc37627a531a9d97d7a7095dcfc7bcbfb238a0c13b79b0b60e52f5a9bd57f4e625303bd4d5666ede4be9f61e045

Download Submit
\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

Filesize
5.9MB

MD5
4fc1636655ba6c8d481a44f867b3933f

SHA1
b75e4f7d63a9744d399853c3ce23f9e088c75c95

SHA256
80d4dc6fd920cb95e193f23aefcd9fe0cac1d05bf88ed73861227055980c1575

SHA512
250d49853d47e23a6312a31c81b1a638de1d4d376716737a61a676c471728ccc2d24f6d9fd94957048d8939e0b5e94183b132fe1bf9c9fe441e0fc2cb4dd3a0a

Download Submit
\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

Filesize
2.6MB

MD5
52c7f9bf6e32b4a362639e2890772b72

SHA1
7460914ad51a4ee0a1a9a661a6223c4bbc7c72bc

SHA256
767b6a5f22813c5fb6d42d0ca0f4b0066b2738fcba706408ac7aec8687c31632

SHA512
1fdcb21613be9d2c7ba3ba717a1fa8986d0f8a06766edc292c46c68aac23fc1fbf1b9717bfeb69703da752b3ded36f5369385fc038d6936e2a2907964abe08e7

Download Submit
\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

Filesize
3.2MB

MD5
e383d6d779e2b9d9a914fd95c3c89d64

SHA1
e0b61f0e4a537d27b245b248b8c2e8ec1ee97400

SHA256
1231d8b12e55297e5ebf7b64329b78f682234c21addc2e319f8dee6bb2502786

SHA512
4eeaa43c3f0e403c7e57e325f2b02292ba6c3cdf47ba1a94c1c57a88e4f3a157cdccdb9016508a7006ccf2f11cec98c467dbf43b86dce2cae645dac14441854f

Download Submit
\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

Filesize
1.2MB

MD5
a63768225a37a65230bba2dbd2684fac

SHA1
45d901789a08a3f4a056206ead821bf44d5c8fcf

SHA256
85d5a06281f21f340a9846fedf17ff07005744485c10ca8aad8d2aa9190d1d14

SHA512
92c09d147a42860032ee6dd91eea92bb30fb423513f60e52d6eaf7451158635f1bae9ddfe3fbe84d302fcdb79e286dfe75a71a4c8d3a787db5c70ff151f44164

Download Submit
\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

Filesize
704KB

MD5
c9257142434b8ad9fd7fb53ee6271e57

SHA1
f835f342acfd8debf00199ae859883678660813a

SHA256
f8ac616c0f13504f745dd09cc40129c93a1602a9a70f3bb04fca22d1b33fbba7

SHA512
af10e2e6ea0d6bd165b4e358f1164f556279985164c744b43007ae4e6cbb9a7f18fff46a377b1fb6f0ee0e201bfe1d4d7edf63828f1e444facf2abd4c320cb02

Download Submit
\Users\Admin\AppData\Local\Temp\is-HFD6T.tmp\Driver_Updater_setup.tmp

Filesize
3.0MB

MD5
4947f753eb5c3b1aa3ce496a9ab30130

SHA1
20da210a244b611cc51f3167688b108fea890cc8

SHA256
1cb7131714f41d651792f15b48a128840c959a5190d076a7fee5fe8b8efe232d

SHA512
70407d838aadae2f1c5e9e10446787fed29b683a8374eedb834ee0b255524adf5d1cea6e641e859b14a5e4f8b3fec313f7f943522d144fa902eed6dd5efab4ad

Download Submit
\Users\Admin\AppData\Local\Temp\tmpB519.tmp_collect\PCHelpSoftDriverUpdater.exe

Filesize
256KB

MD5
e729c9a2d26ce1d0a8233979a1c133a1

SHA1
c57d8a869acfe989c025e9807c76f6d07dad7d58

SHA256
19df7a22061613988c0ad70be3d4fb3f36d529d5a3511682cef5c8a027a639b7

SHA512
ae2418cb4f564c5501f3e556b91d0a62813271834257789410c38dd74baef90ec13c7fc20649caf63b1dbf42a03f22576334d341b8f3ab4fa041ad1ab6fea45f

Download Submit
memory/1372-1060-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1372-1050-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1372-473-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1372-468-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1372-1046-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1372-485-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1372-1042-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1372-489-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1372-1054-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1372-194-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/1372-465-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/1372-457-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1372-362-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/1372-792-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1372-361-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1372-1608-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1392-187-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/1392-146-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1392-186-0x0000000000400000-0x000000000093A000-memory.dmp

Filesize
5.2MB

Download
memory/1668-466-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1668-495-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1668-355-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1668-356-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/1668-450-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/1668-1040-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1668-487-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1668-1044-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1668-483-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1668-1048-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1668-471-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1668-144-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/1668-449-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1668-1058-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1668-459-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/1668-1108-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/1668-1052-0x00000000001F0000-0x0000000000A2C000-memory.dmp

Filesize
8.2MB

Download
memory/2052-142-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/2052-1-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/2052-195-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/2168-143-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/2168-8-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2168-188-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/2240-132-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/2240-131-0x0000000000360000-0x0000000000B9C000-memory.dmp

Filesize
8.2MB

Download
memory/2240-128-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2812-460-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2812-463-0x00000000009D0000-0x000000000120C000-memory.dmp

Filesize
8.2MB

Download
memory/2812-464-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download