Malware Analysis Report

2024-09-23 10:30

Sample ID 240614-lpzz2avepc
Target outbyte-driver-updater.exe
SHA256 f84552f506989cca3d3b592a9020931715b5a6675dbe44c9d1fdea36646537c6
Tags
bootkit discovery persistence spyware stealer
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

f84552f506989cca3d3b592a9020931715b5a6675dbe44c9d1fdea36646537c6

Threat Level: Likely malicious

The file outbyte-driver-updater.exe was found to be: Likely malicious.

Malicious Activity Summary

bootkit discovery persistence spyware stealer

Drops file in Drivers directory

Checks BIOS information in registry

Reads user/profile data of web browsers

Writes to the Master Boot Record (MBR)

Enumerates connected drives

Downloads MZ/PE file

Drops file in System32 directory

Launches sc.exe

Loads dropped DLL

Drops file in Program Files directory

Executes dropped EXE

Registers COM server for autorun

Drops file in Windows directory

Checks installed software on the system

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious behavior: LoadsDriver

Suspicious use of FindShellTrayWindow

Uses Volume Shadow Copy service COM API

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Checks SCSI registry key(s)

Modifies registry class

Modifies system certificate store

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-14 09:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 09:43

Reported

2024-06-14 09:46

Platform

win11-20240611-en

Max time kernel

187s

Max time network

203s

Command Line

"C:\Users\Admin\AppData\Local\Temp\outbyte-driver-updater.exe"

Signatures

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\storahci.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\storahci.sys C:\Windows\system32\DrvInst.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A

Reads user/profile data of web browsers

spyware stealer

Downloads MZ/PE file

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\F: C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File opened for modification \??\PhysicalDrive0 C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
File opened for modification \??\PHYSICALDRIVE0 C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\DriverStore\FileRepository\c_dot4.inf_amd64_387087eb20217c33\c_dot4.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmbsb.inf_amd64_21e2506ffb3ca7c4\mdmbsb.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmcxpv6.inf_amd64_46a3b42507e9d29e\mdmcxpv6.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmgl009.inf_amd64_de3a443a08f67fbf\mdmgl009.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmsuprv.inf_amd64_ec058ff99a62396c\mdmsuprv.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\nete1g3e.inf_amd64_af58b4e19562a3f9\nete1g3e.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\netsstpa.inf_amd64_8a3d09c4ce3bae33\netsstpa.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\netxex64.inf_amd64_ede00b448bfe8099\netxex64.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\rtvdevx64.inf_amd64_7b972df4e09f9463\rtvdevx64.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\scmbus.inf_amd64_46f2129ac3d2e9c9\scmbus.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\circlass.inf_amd64_8235ce7c619f415a\circlass.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\ipoib6x.inf_amd64_ef71073a5867971f\ipoib6x.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\netnwifi.inf_amd64_0525128a3d54207e\netnwifi.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\errdev.inf_amd64_6488cd71b2eb9399\errdev.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\vrd.inf_amd64_346f3764318c1681\vrd.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_nettrans.inf_amd64_9859e6d1394d99d3\c_nettrans.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\hidi2c.inf_amd64_8d859501766e75c8\hidi2c.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\hidserv.inf_amd64_a5f08d2285e888ad\hidserv.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\ialpss2i_i2c_skl.inf_amd64_9d9dbb01837eba23\ialpss2i_i2c_skl.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmcdp.inf_amd64_d46587d2ff3f7bda\mdmcdp.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\monitor.inf_amd64_5653ba7de4b18c6f\monitor.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\wdmaudioapo.inf_amd64_666d669b440bea7b\wdmaudioapo.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\bth.inf_amd64_20a41d5e1a37710f\bth.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\netax88179_178a.inf_amd64_a8bb8a6e92764769\netax88179_178a.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\pcmcia.inf_amd64_4efa1b843efa7081\pcmcia.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\ucmucsiacpiclient.inf_amd64_f0308fbfa34e312d\ucmucsiacpiclient.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\acpipmi.inf_amd64_e483b4d6fbab8545\acpipmi.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\image.inf_amd64_453bbde94b3e8428\image.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\itsas35i.inf_amd64_2dd0adfe5dc63075\itsas35i.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mchgr.inf_amd64_ec6b084dd265a1b9\mchgr.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmmhrtz.inf_amd64_5d1db907496dac72\mdmmhrtz.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\tsgenericusbdriver.inf_amd64_eeea0aec44c581b1\tsgenericusbdriver.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\tsusbhubfilter.inf_amd64_3bf74adaa444f9a2\tsusbhubfilter.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\hidbthle.inf_amd64_bebfd744ed9bdc17\hidbthle.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmhandy.inf_amd64_85e447bc15bac623\mdmhandy.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\microsoft_bluetooth_hfp_ag.inf_amd64_84a210036c6c1bdf\microsoft_bluetooth_hfp_ag.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\netrasa.inf_amd64_1ed57daf97af7063\netrasa.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\netwtw04.inf_amd64_c8f5ae6576289a2d\netwtw04.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\halextintcpsedma.inf_amd64_d3e62b6f129de692\halextintcpsedma.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmvdot.inf_amd64_f7f5b8f855852d83\mdmvdot.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\vhdmp.inf_amd64_1493e724f07f9b39\vhdmp.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\winusb.inf_amd64_d1861060a4b1a6d4\winusb.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\c_swdevice.inf_amd64_655de2ccc6addd01\c_swdevice.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmmhzel.inf_amd64_6c08d3673a4d55d5\mdmmhzel.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\sbp2.inf_amd64_b49086bce4c5a198\sbp2.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\net7500-x64-n650f.inf_amd64_cc87c915f33d1c27\net7500-x64-n650f.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\ts_wpdmtp.inf_amd64_7348bc0ffede0fbd\ts_wpdmtp.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_fssecurityenhancer.inf_amd64_bb1702e2cd245784\c_fssecurityenhancer.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\hidcfu.inf_amd64_7d09abe473dca6d0\hidcfu.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\hidinterrupt.inf_amd64_8193b4bcbf971b6d\hidinterrupt.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\msdri.inf_amd64_3aba8686305c0121\msdri.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmcom1.inf_amd64_32b8d1c2c827f4fb\mdmcom1.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmisdn.inf_amd64_31a73abccc49b200\mdmisdn.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmusrf.inf_amd64_9056257dfb9fbaf1\mdmusrf.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\oposdrv.inf_amd64_f311c1c114f952ea\oposdrv.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\c_keyboard.inf_amd64_59f8ec14d1f36993\c_keyboard.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\hidirkbd.inf_amd64_d311cc724d741914\hidirkbd.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\machine.inf_amd64_726cea1f0f349cf7\machine.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmmcom.inf_amd64_c4bc249cf104303d\mdmmcom.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\xinputhid.inf_amd64_6c32bb61e34a79ed\xinputhid.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\61883.inf_amd64_eb7cb6e4bc1e4d57\61883.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\acpipagr.inf_amd64_a661407420d5cf84\acpipagr.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\mdmeric2.inf_amd64_cd8318cd62ae9bc9\mdmeric2.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
File created C:\Windows\system32\DriverStore\FileRepository\netbvbda.inf_amd64_06bc8afcd2617abf\netbvbda.PNF C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A

Checks installed software on the system

discovery

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Outbyte\Driver Updater\is-9661Q.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\is-SD7SD.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-56GTJ.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File opened for modification C:\Program Files (x86)\Outbyte\PC Repair\data\cmpdw.dict-wal C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\Lang\is-10489.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-QDFOG.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\Data\is-9EPAN.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\is-MV6RJ.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-V7SKD.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-KQ8O0.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-IV2HK.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-VUAK1.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\Lang\is-6FE5I.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\Lang\is-2JVC0.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-1T51D.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-FDAGK.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\is-TB9IO.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\is-BONHT.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\is-FOB51.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\is-0KP2R.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\Lang\is-LFOON.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\Lang\is-A6AS1.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\is-DJSFA.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\is-F661M.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\Lang\is-55LMR.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-BONHT.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\Data\is-2NUEI.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-7PK6D.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\Data\is-S6R0G.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-G0QF1.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\Lang\is-RHMQP.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\is-G0QF1.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\is-KQ8O0.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-F661M.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-AFPES.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File opened for modification C:\Program Files (x86)\Outbyte\PC Repair\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-SD7SD.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-UICCG.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\is-1T51D.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\is-R0DPE.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\is-ML37V.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-9CANO.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\is-4OOFO.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-0KP2R.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-LT8K9.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\Data\is-56GTJ.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\Lang\is-BT5G7.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-OP871.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-4IUB4.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-UG27A.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-NVHVT.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File opened for modification C:\Program Files (x86)\Outbyte\PC Repair\data\cmpdw.dict-shm C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\is-4IUB4.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-8TN7K.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-RVA6N.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\is-IV58T.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File opened for modification C:\Program Files (x86)\Outbyte\Driver Updater\unins000.dat C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\Lang\is-8NF2N.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-0M68P.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\PC Repair\is-09S5N.tmp C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\is-288DA.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
File created C:\Program Files (x86)\Outbyte\Driver Updater\is-ON9IH.tmp C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Program Files (x86)\Outbyte\Driver Updater\driverinstaller64.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\outbyte-driver-updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\outbyte-driver-updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\outbyte-driver-updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\outbyte-driver-updater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A

Registers COM server for autorun

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-E58C2E9A7D28}\InprocServer32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-E58C2E9A7D28}\InprocServer32\ = "C:\\PROGRA~2\\Outbyte\\PCREPA~1\\BROWSE~3.DLL" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-E58C2E9A7D28}\InprocServer32\ThreadingModel = "Free" C:\Windows\system32\regsvr32.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Program Files (x86)\Outbyte\Driver Updater\driverinstaller64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Program Files (x86)\Outbyte\Driver Updater\driverinstaller64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Program Files (x86)\Outbyte\Driver Updater\driverinstaller64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Program Files (x86)\Outbyte\Driver Updater\driverinstaller64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E\ C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004 C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\DeviceDesc C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\ C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003 C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\ C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Program Files (x86)\Outbyte\Driver Updater\driverinstaller64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\ C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\ C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\ C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006 C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Program Files (x86)\Outbyte\Driver Updater\driverinstaller64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\ C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002 C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Program Files (x86)\Outbyte\Driver Updater\driverinstaller64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009 C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Program Files (x86)\Outbyte\Driver Updater\driverinstaller64.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\DeviceDesc C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0006 C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\ C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\ C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosDate C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-69E12C17AF7C}\1.0\FLAGS\ = "0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-E58C2E9A7D28}\AppID = "{93469602-4134-4012-A6BC-E58C2E9A7D28}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-E58C2E9A7D28}\TypeLib C:\Windows\system32\regsvr32.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{368CE22E-C2E8-98C1-49B7-049B4CA38EC3}\Version\Assembly = 11091f8a592f7ab99f197b242736b1f211091f8a592f7ab99f197b242736b1f288ad8cbb5ed3f66b83a8a2cdf194269c890bb34aebd806e41a50d3bd9c0b4765219909f09e75dec0927ff4e8152284cd219909f09e75dec0927ff4e8152284cd59b5414605bae21e9735786eb516d3f8dd50f5c9c2a951f0edaadc43e3963539e0ab32b2d8dca36272505d60a56aa7ee97c34fd3852e23984a5b8f640a8ac47424723770c5c176976950675ce4a116afa3b0d389305332fc9d2bd0537cdfddd9022a4c47ef802e5065fea693f620ccc204 C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{368CE22E-05A6-98C1-49B7-75A8B3B27F37}\Version\Assembly = 11091f8a592f7ab99f197b242736b1f211091f8a592f7ab99f197b242736b1f288ad8cbb5ed3f66b83a8a2cdf194269c890bb34aebd806e41a50d3bd9c0b4765219909f09e75dec0927ff4e8152284cd219909f09e75dec0927ff4e8152284cd59b5414605bae21e9735786eb516d3f8de1283c2aff9bf99d33ed2740c86bbd2f8157495fe950fa4a01046bb55f00dad0f20aa1b1adfe602954529934d03147d C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-F5ED88675F39}\ProgID\ = "BrowserPluginsAgentCOM32.BrowserPluginsAgent32" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-F5ED88675F39}\Version C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\odu\shell\open\command C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{93469602-4134-4012-A6BC-F5ED88675F39}\DllSurrogate C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-F5ED88675F39}\ProgID C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-F5ED88675F39}\TypeLib\ = "{F2C6F7D1-ED32-49E5-9919-FDF6143A53E1}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-69E12C17AF7C}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Outbyte\\PC Repair\\" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3CC2E0D5-193C-4192-B8BA-AFEF0AB6A2FD}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3CC2E0D5-193C-4192-B8BA-AFEF0AB6A2FD}\TypeLib\Version = "1.0" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-FDF6143A53E1}\1.0\FLAGS\ = "0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A3310BE-83DD-4E80-AC51-242D3A7D7F73}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\odu\ = "URL:odu" C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BrowserPluginsAgentCOM64.BrowserPluginsAgent64\ = "Outbyte BrowserPluginsAgent64" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-E58C2E9A7D28}\Version C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-E58C2E9A7D28}\TypeLib\ = "{F2C6F7D1-ED32-49E5-9919-69E12C17AF7C}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-FDF6143A53E1}\1.0\HELPDIR C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A3310BE-83DD-4E80-AC51-242D3A7D7F73}\ = "IBrowserPluginsAgent32" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{368CE22E-05A6-98C1-49B7-75A8B3B27F37}\Version C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-FDF6143A53E1} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-69E12C17AF7C}\1.0 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BrowserPluginsAgentCOM64.BrowserPluginsAgent64\Clsid C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-FDF6143A53E1}\1.0 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A3310BE-83DD-4E80-AC51-242D3A7D7F73}\ProxyStubClsid32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BrowserPluginsAgentCOM32.BrowserPluginsAgent32 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\pcr\shell\open\command C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-F5ED88675F39} C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-69E12C17AF7C}\1.0\ = "BrowserPluginsAgentCOM64" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-E58C2E9A7D28}\Version\ = "1.0" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A3310BE-83DD-4E80-AC51-242D3A7D7F73} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A3310BE-83DD-4E80-AC51-242D3A7D7F73}\TypeLib C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\pcr\shell\open C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{93469602-4134-4012-A6BC-E58C2E9A7D28}\DllSurrogate C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{93469602-4134-4012-A6BC-E58C2E9A7D28}\InprocServer32\ThreadingModel = "Free" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-F5ED88675F39}\AppID = "{93469602-4134-4012-A6BC-F5ED88675F39}" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BrowserPluginsAgentCOM32.BrowserPluginsAgent32\Clsid C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\pcr C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1560405787-796225086-678739705-1000_Classes\Local Settings C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-69E12C17AF7C}\1.0\FLAGS C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3CC2E0D5-193C-4192-B8BA-AFEF0AB6A2FD}\TypeLib\ = "{F2C6F7D1-ED32-49E5-9919-69E12C17AF7C}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3CC2E0D5-193C-4192-B8BA-AFEF0AB6A2FD}\TypeLib\ = "{F2C6F7D1-ED32-49E5-9919-69E12C17AF7C}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\BrowserPluginsAgentCOM64.BrowserPluginsAgent64\Clsid\ = "{93469602-4134-4012-A6BC-E58C2E9A7D28}" C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3A3310BE-83DD-4E80-AC51-242D3A7D7F73} C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\BrowserPluginsAgentCOM64.BrowserPluginsAgent64 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-FDF6143A53E1}\1.0\FLAGS C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-FDF6143A53E1}\1.0\0 C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-FDF6143A53E1}\1.0\0\win32 C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A3310BE-83DD-4E80-AC51-242D3A7D7F73}\TypeLib\Version = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{93469602-4134-4012-A6BC-F5ED88675F39}\Version\ = "1.0" C:\Windows\SysWOW64\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\odu\shell C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-69E12C17AF7C} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F2C6F7D1-ED32-49E5-9919-69E12C17AF7C}\1.0\0\win32 C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3CC2E0D5-193C-4192-B8BA-AFEF0AB6A2FD} C:\Windows\system32\regsvr32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3CC2E0D5-193C-4192-B8BA-AFEF0AB6A2FD}\ProxyStubClsid32 C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3CC2E0D5-193C-4192-B8BA-AFEF0AB6A2FD}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Windows\system32\regsvr32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\odu\URL Protocol C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\ServiceHelper.Agent.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\ServiceHelper.Agent.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\ServiceHelper.Agent.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\ServiceHelper.Agent.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\PC Repair\ServiceHelper.Agent.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\PC Repair\ServiceHelper.Agent.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\PC Repair\ServiceHelper.Agent.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\PC Repair\ServiceHelper.Agent.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A
N/A N/A C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3160 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\outbyte-driver-updater.exe C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe
PID 3160 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\outbyte-driver-updater.exe C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe
PID 3160 wrote to memory of 3624 N/A C:\Users\Admin\AppData\Local\Temp\outbyte-driver-updater.exe C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe
PID 3624 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe C:\Program Files (x86)\Outbyte\Driver Updater\ServiceHelper.Agent.exe
PID 3624 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe C:\Program Files (x86)\Outbyte\Driver Updater\ServiceHelper.Agent.exe
PID 3624 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe C:\Program Files (x86)\Outbyte\Driver Updater\ServiceHelper.Agent.exe
PID 3624 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe
PID 3624 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe
PID 3624 wrote to memory of 4632 N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe
PID 3624 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe C:\Windows\SysWOW64\sc.exe
PID 3624 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe C:\Windows\SysWOW64\sc.exe
PID 3624 wrote to memory of 3980 N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe C:\Windows\SysWOW64\sc.exe
PID 3624 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe
PID 3624 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe
PID 3624 wrote to memory of 2700 N/A C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe
PID 3480 wrote to memory of 3640 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3480 wrote to memory of 3640 N/A C:\Windows\system32\cmd.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 636 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 564 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 3392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3640 wrote to memory of 4208 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Users\Admin\AppData\Local\Temp\outbyte-driver-updater.exe

"C:\Users\Admin\AppData\Local\Temp\outbyte-driver-updater.exe"

C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe

"C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe" /spid:3160 /splha:37659456

C:\Program Files (x86)\Outbyte\Driver Updater\ServiceHelper.Agent.exe

"C:\Program Files (x86)\Outbyte\Driver Updater\ServiceHelper.Agent.exe" /install /silent

C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe

"C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe" /Install /AutoStart /CreateOSSnapshot

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Windows\SysWOW64\sc.exe

sc start OutbyteDUHelper

C:\Program Files (x86)\Outbyte\Driver Updater\ServiceHelper.Agent.exe

"C:\Program Files (x86)\Outbyte\Driver Updater\ServiceHelper.Agent.exe"

C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe

"C:\Program Files (x86)\Outbyte\Driver Updater\DriverUpdater.exe" /AutoScan /FromInstaller

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:3

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /C "start "title" "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://outbyte.com/software/driver-updater/purchase/?DriversCount=4&softwareCode=driver-updater&registered=false&language=en&_sid=GoLKNIAoQ2&m_=0604182354_src_ag_affiliate_du_jerome-ab_0604182354_vk_odu_2_3_3_31862_b-driver_updater_ver_2_3_3_31862&clkid=rs7acj4d5fbn&utm_source=jerome&utm_medium=affiliate&utm_campaign=du_dll&_ga=1155809935.1717525434&version=2.3.3.31862""

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://outbyte.com/software/driver-updater/purchase/?DriversCount=4&softwareCode=driver-updater&registered=false&language=en&_sid=GoLKNIAoQ2&m_=0604182354_src_ag_affiliate_du_jerome-ab_0604182354_vk_odu_2_3_3_31862_b-driver_updater_ver_2_3_3_31862&clkid=rs7acj4d5fbn&utm_source=jerome&utm_medium=affiliate&utm_campaign=du_dll&_ga=1155809935.1717525434&version=2.3.3.31862"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ff8fc7d3cb8,0x7ff8fc7d3cc8,0x7ff8fc7d3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,13869319581813204179,9603094512235392391,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,13869319581813204179,9603094512235392391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,13869319581813204179,9603094512235392391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,13869319581813204179,9603094512235392391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,13869319581813204179,9603094512235392391,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3448 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,13869319581813204179,9603094512235392391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\ProgramData\Outbyte\Driver Updater\2.x\Temp\setup_pcrepair.exe

"C:\ProgramData\Outbyte\Driver Updater\2.x\Temp\setup_pcrepair.exe" /BgdWnd:393806 /BgdMsg:49689 /BgdLanguage:'ENU'

C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe

"C:\Users\Admin\AppData\Local\Temp\is-29417508.tmp\Installer.exe" /spid:2360 /splha:36545344 /BgdWnd:393806 /BgdMsg:49689 /BgdLanguage:'ENU'

C:\Windows\system32\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Outbyte\PC Repair\BrowserPluginsHelper.Agent.x64.dll"

C:\Windows\SysWOW64\regsvr32.exe

"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Outbyte\PC Repair\BrowserPluginsHelper.Agent.x32.dll"

C:\Program Files (x86)\Outbyte\PC Repair\ServiceHelper.Agent.exe

"C:\Program Files (x86)\Outbyte\PC Repair\ServiceHelper.Agent.exe" /install /silent

C:\Program Files (x86)\Outbyte\PC Repair\ServiceHelper.Agent.exe

"C:\Program Files (x86)\Outbyte\PC Repair\ServiceHelper.Agent.exe"

C:\Program Files (x86)\Outbyte\Driver Updater\driverinstaller64.exe

"C:\Program Files (x86)\Outbyte\Driver Updater\driverinstaller64.exe" "update" "PCI\VEN_8086&DEV_2922" "C:\Users\Admin\AppData\Local\Temp\9C0E465B-F9F2-434A-B9FA-8FACAA23E500\91061eda901e286374f4abca51b64573\ibexahci.inf"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{492052b4-7db7-ff43-a231-f78d1c9d360f}\ibexahci.inf" "9" "4105f081f" "00000000000000BC" "WinSta0\Default" "0000000000000158" "208" "c:\users\admin\appdata\local\temp\9c0e465b-f9f2-434a-b9fa-8facaa23e500\91061eda901e286374f4abca51b64573"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "2" "11" "PCI\VEN_8086&DEV_2922&SUBSYS_11001AF4&REV_02\3&11583659&0&10" "C:\Windows\INF\oem3.inf" "oem3.inf:5f63e534097746e6:Intel_msahci_Inst:9.1.9.1005:pci\ven_8086&dev_2922," "4105f081f" "00000000000000BC" "d11a"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "2" "11" "PCI\VEN_8086&DEV_2922&SUBSYS_11001AF4&REV_02\3&11583659&0&FA" "C:\Windows\INF\oem3.inf" "oem3.inf:5f63e534097746e6:Intel_msahci_Inst:9.1.9.1005:pci\ven_8086&dev_2922," "4105f081f" "000000000000015C" "d11a"

C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe

"C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe" /Install /SendInfo /AutoStart

C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe

"C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe" /FromInstaller

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa39cd055 /state1:0x41c64e6d

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 45.33.97.245:443 store.outbyte.com tcp
US 45.33.97.245:443 store.outbyte.com tcp
US 51.81.185.149:443 du.outbyte.com tcp
US 45.33.97.245:443 store.outbyte.com tcp
US 45.33.97.245:443 store.outbyte.com tcp
US 192.155.86.205:443 api.outbyte.com tcp
US 8.8.8.8:53 153.101.63.23.in-addr.arpa udp
US 45.33.97.245:443 outbyte.com tcp
US 45.33.97.245:443 outbyte.com tcp
CA 149.56.19.59:443 dynamicdownloads.outbyte.com tcp
US 51.81.185.149:443 du.outbyte.com tcp
US 172.67.148.48:443 static.outbyte-du.com tcp
BE 104.90.25.32:80 x2.c.lencr.org tcp
US 45.33.97.245:443 outbyte.com tcp
US 172.66.43.196:443 cdn.paddle.com tcp
GB 216.58.201.110:443 www.youtube.com tcp
IE 63.33.186.64:443 seal.digicert.com tcp
GB 216.58.201.110:443 www.youtube.com udp
US 8.8.8.8:53 196.43.66.172.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 64.186.33.63.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
GB 142.250.187.246:443 i.ytimg.com tcp
GB 87.248.114.12:443 s.yimg.com tcp
SE 23.34.233.58:443 amplify.outbrain.com tcp
GB 163.70.147.23:443 connect.facebook.net tcp
US 151.101.1.44:443 cdn.taboola.com tcp
US 13.107.246.64:443 www.clarity.ms tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net tcp
CH 18.165.183.49:443 static.hotjar.com tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
US 204.79.197.237:443 bat.bing.com tcp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
GB 142.250.187.202:443 jnn-pa.googleapis.com tcp
US 8.8.8.8:53 44.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 58.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 49.183.165.18.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 119.21.88.77.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.213.6:443 static.doubleclick.net tcp
GB 142.250.180.1:443 yt3.ggpht.com tcp
GB 142.250.187.202:443 jnn-pa.googleapis.com udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
BE 108.177.15.156:443 stats.g.doubleclick.net tcp
BE 108.177.15.156:443 stats.g.doubleclick.net tcp
BE 108.177.15.156:443 stats.g.doubleclick.net tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 172.217.169.46:443 play.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 45.33.97.245:443 outbyte.com tcp
US 51.81.185.149:443 du.outbyte.com tcp
US 45.33.97.245:443 outbyte.com tcp
US 45.33.97.245:443 outbyte.com tcp
CA 54.39.16.131:443 am.outbyte.com tcp
CA 54.39.16.131:443 am.outbyte.com tcp
CA 54.39.16.131:443 am.outbyte.com tcp
GB 104.86.110.120:443 tcp
US 104.208.16.92:443 browser.pipe.aria.microsoft.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.97:443 r.bing.com tcp
US 51.81.185.149:443 du.outbyte.com tcp
US 150.171.69.254:443 mcr-ring.msedge.net tcp
US 152.199.19.161:443 fp-vp-nocache.azureedge.net tcp
FR 152.199.21.118:443 static-ecst.licdn.com tcp
CH 20.203.155.189:443 f0cbc747ed9c7c3f1272cbac02787274.azr.footprintdns.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\SetupHelper.dll

MD5 70cc462bb6933e4ef78626e27cc72f8c
SHA1 056ad34da28ca90bd40e4a1b0080514df9a1d789
SHA256 acf4cd594e472c4dd1fd6ac0e8c6841ec942e0b27e3fc5c52fc345f4ec817fbb
SHA512 a5fc7ae7605e15b70b6b410cbb2ff3acde89746d3a8d10196e42fd99d17b1a5eac0bb7fbf0eb65ce273fc3465e58fc174133bec1a3bc676a8010689ff760ed54

memory/3160-5-0x0000000002550000-0x0000000002893000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\InstallerUtils.dll

MD5 2f7ae090ac0787ee453ce6e6b86d648c
SHA1 97103eaa046446c65cff34cdf21b547106a7615f
SHA256 fed5dcf311310962f10fd37d749bef8eb0cc1df8f2ba720ecfeb8aab357e5990
SHA512 d391cd6b45db171eebccf5b3c9be3f534d9bc8958e55ca0262a18563c6f33297a316cd3009443e8597a355fb40864a12d24c579a55f97808de930a284497e308

memory/3160-11-0x0000000003120000-0x0000000003210000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Installer.exe

MD5 b1decf2bd302335f79a54a1f0a928365
SHA1 00aded2340a8bc4f887e0d25b6ba59830f974ab8
SHA256 f85e0b7665d886ba35dc53866428b9fc1729749c2d067fb5f3664fb0e18d57a8
SHA512 b926a828401b365c168618ea81f13e0db4a7ba51be910ebd8398f47024fa48a6300bf6dd66af6bcacaf5e56b82274a7558866b7d5712af52d11866905d603ec6

C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\AxComponentsVCL.bpl

MD5 086c92338c9fed70a2947912bee696cc
SHA1 486bad6032a09bafdec25f0525876dfc26955478
SHA256 de4fd0d885e1ea84185941f6cc7db5193eb54432bfc55ac184752a7d3058f646
SHA512 bf95f7fc0547f4840413c08b77d583bd4e0d95caac6c3b0535bee3612ae64009e43b4bd62fa21c1b64077ad2019db06034e3b2b7c6d0f31ba996396ee194de8d

C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\AxComponentsRTL.bpl

MD5 3614834203470b31055d8521bc8e01d1
SHA1 3e4c6cb29f9b9b19adaa10907027bae30585743e
SHA256 5a71fc1a3eee30e1c9c30e530b9191e591a70a7322bfd2bc1aa6fd6f16570805
SHA512 c989cf2033a409072b377a03e36f0bd11ffbc44678ddbaf59a0ab5199c2f070fd5e702cf758b5923a1101a45d76cea72af85d5a92f3b66805d0485d429b7338f

C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\OxComponentsRTL.bpl

MD5 3b9c05de0187caca66ea3ad1facc5cd4
SHA1 a80f1e31772e14573451289e7c4bf8737807b66a
SHA256 f18b32eb8de70d8533d23aab4ca0bf5c202dbe57dc4718f3a21f862713ab192c
SHA512 b164358b6f9352c198e2c511918c2df9ce1af963d54293236bbc108e56d184b0700faedefa0be91a613f423696b222e6d4106eaf22e7eb9661d112daac618fa5

C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\vclimg250.bpl

MD5 566a71b06c56101e887a2e769aa58a65
SHA1 7dbd3a89d5b18fc3d41146b7aa558a4ab9266a5f
SHA256 f57b488a40016cbff6f6aa3d74cfdf74c2cf1c171955efde0549faea40444e17
SHA512 f1b20955783f15d36379f9ef5f52f2d453f7d16fb106ee273c8022bec260ec5de91400d81fdd5f01fadf286db4179ecaa88c04f44d783931ede71654bdc06193

memory/3624-55-0x0000000000CC0000-0x0000000000DF6000-memory.dmp

memory/3624-62-0x00000000016E0000-0x0000000002106000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\DriverUpdater.exe

MD5 7f3308a5f175bc30c6532a25b49b829b
SHA1 cda1aa16310157b5141a691bb39f92e7af2dce9a
SHA256 9f6569ac1c2bd5c878583cad1bf0eb67f5cd625099bf803908b3127043581fab
SHA512 6bd47b7ed2a796a47e440b4c99d212304f366c0ced69d3be981bbb10eb7e55fa010a8980a38a2caa7255ba896e7b0a6765cd8d41fdeca97c0cbf38de3a69bfb4

C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Data\main.ini

MD5 1222fe3b63384757b322d6504c37d444
SHA1 e2ea1911982e8de26757b863f4a65463ea0fde42
SHA256 7853bde1900a821b07e2060fe04902c38de9597dd763c0cea75fec7f83cd11e6
SHA512 8f86e6d1835d012541bbc28042cb6774de705698a2ce4340b20f92b7c3077027a9b8a45c4030ef84e951204fd941cbb7e0cc94f8dc7de0c770bdeaa8b4b1d4df

C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\rtl250.bpl

MD5 535a3284343923fbaa353f4d08da0660
SHA1 2c5c169e2b51f2ff9620d39dc796f66b42cb39fb
SHA256 963f74fd50ed48d2dfe1d73f2ba0027b5a4d38e3df4f74c5ba7613391ae786cc
SHA512 c9ccab7a8025f03b30aaaf39df208b5fa4fd14bfd020bfdfc1857b51a5458bcd9094cc1b50eb6aa2852ff2f7d9c06fc800795be1f2363da5a3754158c122c20d

memory/3624-59-0x0000000000E00000-0x00000000016DA000-memory.dmp

memory/3624-57-0x0000000000920000-0x000000000097A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\vcl250.bpl

MD5 1a85e8eff7731cd8db1eb701cc3af878
SHA1 833f5ab6c3d0604fca4fee57c049733079b918e5
SHA256 ddf6faf9872f17b81a3183695c0fe3344d07b8a6c80a1e0c766302d1db76b4d9
SHA512 c7a4d0807052e0a99e144cba8a4fdbfeb052b810c91a9b7aa0592389ff3547958a3784a842cf4664393da5e3a0d9b9db62236e635e78c9e278b604cb3df76343

memory/3624-74-0x00000000070A0000-0x00000000070C0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Lang\enu.lng

MD5 1659f8b0c571f8c3680ba2f5fabc3ff6
SHA1 148705a1eddb8a501602cd2e53f35ee139a80831
SHA256 ecd464ff137ac8facf6c48e347225a3931b68ea8a717a029e895429124522a22
SHA512 9da02d15f4e420654de92827c612aed18e036fbef3dd3653ec34cf36d45d6ce5a167786a89f8888c0bf903fcd9d4a8d9becba9d5d179c40234e6d94b2918e4ce

memory/3624-95-0x0000000007BF0000-0x0000000007F33000-memory.dmp

memory/3624-90-0x0000000007160000-0x0000000007192000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\Localizer.dll

MD5 a0653889a245671bffd7ed757b3706f6
SHA1 d98d5075891ad397715f06f80b2ab547ccc9d23b
SHA256 ffbba906795fca8e1e40660cc56f67bdb48922e4fc6f95858803d9d7f98e7f53
SHA512 19aa8e08b2029e7d5dde5e38c1f441afeb2125efe5a63668084e7c549db1977bc620befdce48e753e8fa9cc56c99049cc6bed401ab29d80ca48fb21f7903b3f1

memory/3624-86-0x00000000070D0000-0x0000000007115000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\GoogleAnalyticsHelperIV.dll

MD5 7f305ee765ffd70949d1c7de456457cc
SHA1 640ae5044b5d516765cdaaedcd58b40dfd67d01a
SHA256 58e388025c59c058f1444b5adef39565a69c14a750385a92ddac1835cd78386a
SHA512 43184596d1847ed9a925b66a7db860dfac06df25edb731479f1f7b4486664b2c5d614416f749c06a9fceece563babe35cca9ca551015dc5df9a8c174bb536018

memory/3624-73-0x00000000070A0000-0x00000000070C0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\CommonForms.Site.dll

MD5 88ae389473d070854abddc513bb64b6e
SHA1 3be7660dfbaeee013971b9e10d618134f713dc47
SHA256 5701136caf42defb14fec04ad409047709862b2f0dca41ef13387fae4c876403
SHA512 f1ce210fe809f47d1cf3e1d57b60811c5a09a69b12fd0b7b993a0f7180a5ffb911286958884a63baf63d955bd576560a39c6b13ddfb44d29e26e18ca154f44a7

memory/3624-107-0x0000000008740000-0x0000000008760000-memory.dmp

memory/3624-106-0x0000000008740000-0x0000000008760000-memory.dmp

memory/3624-105-0x00000000086E0000-0x0000000008738000-memory.dmp

memory/3160-125-0x0000000000400000-0x0000000000481000-memory.dmp

memory/3624-127-0x0000000050000000-0x0000000050260000-memory.dmp

memory/3624-131-0x0000000000E00000-0x00000000016DA000-memory.dmp

memory/3624-130-0x0000000000920000-0x000000000097A000-memory.dmp

memory/3624-136-0x00000000086E0000-0x0000000008738000-memory.dmp

memory/3624-135-0x0000000007BF0000-0x0000000007F33000-memory.dmp

memory/3624-132-0x00000000016E0000-0x0000000002106000-memory.dmp

memory/3624-134-0x0000000007160000-0x0000000007192000-memory.dmp

memory/3624-133-0x00000000070D0000-0x0000000007115000-memory.dmp

memory/3624-129-0x0000000000CC0000-0x0000000000DF6000-memory.dmp

memory/3624-128-0x0000000050A80000-0x0000000050E72000-memory.dmp

memory/3624-126-0x0000000000400000-0x0000000000695000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\EULA.rtf

MD5 c8d22e22f0d65d6e12215fdb684e0351
SHA1 ada8306a2ef4bc41193ee225dc62edcec1d479e1
SHA256 fdd970229cf6fda7794c74f8048caa473309784f3a0b77da661024f556846ce9
SHA512 26c45d846ee29106086ad0fa60420b63b3154d5667d80698189796b8f49853fa293a91a2379c46cbae6c0203d8e9a152cde4b2ee2f7f03c7ad81fe115e74b68b

memory/3624-141-0x0000000050A80000-0x0000000050E72000-memory.dmp

memory/3624-140-0x0000000050000000-0x0000000050260000-memory.dmp

memory/3624-139-0x0000000000400000-0x0000000000695000-memory.dmp

memory/3624-145-0x00000000016E0000-0x0000000002106000-memory.dmp

C:\Program Files (x86)\Outbyte\Driver Updater\ServiceHelper.Agent.exe

MD5 57b23d39f96055245e3d5825f5752a26
SHA1 5c0a14446c63b6a3255c0ea7b2bc2d4013f31ad2
SHA256 74bf0bb07c36b3b0ac9d9b23f854f7e38685a999ab7f4a81085649ddeebedb43
SHA512 87025fe046d10b24acccb07f34206407a40b0f3fa050f92bfd7fc591ab0f39de61be4eb412694ca377c99acf7b842c2b51415f4a4d80705503feed7865bf4ad3

C:\Users\Admin\AppData\Local\Temp\is-11403371.tmp\__setup\islzma.dll

MD5 10d16e657af3bc025b925f9b83ed8fb6
SHA1 88a226d8feff248e0a0246e28dcb8db29114a8b4
SHA256 ac12a3faa457ae0bb5c94b75b03717c610b221317e9718f04bbad54e0acd382a
SHA512 f953522760f0dbdc66a5857bcd88895fcf2fed6eb4efcf9b7295fcbdf63b6aedf1af7ec121e820fb45f342078006f03083a2998c21e4aa463d155a9b5b621961

memory/2740-265-0x0000000000400000-0x0000000000810000-memory.dmp

memory/3624-274-0x0000000050A80000-0x0000000050E72000-memory.dmp

memory/3624-272-0x0000000000400000-0x0000000000695000-memory.dmp

C:\ProgramData\Outbyte\Driver Updater\2.x\Data\odu_sign.dat

MD5 2aceffd693e8f66f30e86ab6d097ecc6
SHA1 04340c4738b56ae34b86a9003281d8dd9c7b172b
SHA256 f4a8bd89f9f8e4c8a2d0d0f6b7629a9b014e6d3bc84be20bcab07af121cf96f2
SHA512 21881d6de668d39e09596464fbcac538dadeb14d21a105c335f887c115e7f1a23bee07ddfaed4082a9ec71333e1d2e995f113d76213e89abbde4452723397a5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 196eaa9f7a574c29bd419f9d8c2d9349
SHA1 19982d15d1e2688903b0a3e53a8517ab537b68ed
SHA256 df1e96677bcfffe5044826aa14a11e85ef2ebb014ee9e890e723a14dc5f31412
SHA512 e066d74da36a459c19db30e68b703ec9f92019f2d5f24fd476a5fd3653c0b453871e2c08cdc47f2b4d4c4be19ff99e6ef3956d93b2d7d0a69645577d44125ac7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f717f56b5d8e2e057c440a5a81043662
SHA1 0ad6c9bbd28dab5c9664bad04db95fd50db36b3f
SHA256 4286cd3f23251d0a607e47eccb5e0f4af8542d38b32879d2db2ab7f4e6031945
SHA512 61e263935d51028ec0aab51b938b880945a950cec9635a0dafddf795658ea0a2dfcf9cfc0cab5459b659bb7204347b047a5c6b924fabea44ce389b1cbb9867d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6b36dac7cdb697e67459b73b07da2d99
SHA1 44273adc00715424d1001df24740a9f5dec8da2b
SHA256 a70633aaa3627577c31e46f44bf6f593ba72d46f9e62a0b505717e1e0a4a0f66
SHA512 740575993ba304d67d121f318f33839a227effaecc50883e76b98a068c0915f6b94a635e1949277d1e2de757558dc9ccaad078235447866863174152eca93f56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ccaa0e4ccac1f87ed1eeb5eebb18d0a4
SHA1 bd1b66cf9de18118a0595645ccd4c2811f9fb6ff
SHA256 eb5a96786b372866f2124eee1a7be28ca63b523a7d2d4892f41c1def11fb383f
SHA512 483b4a9c96f1f0c6b43bc8856bce0ed63b58d5f701ec82107dc3824cacf577e5ed0dd2de60a2b104a1b9116bac5113667abce7dc758c42f99ca4681dc7c3cb56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 18df078017ca20379d17d5d3e97bf80d
SHA1 1773de83deeb6e62097dd1d8be23711bbd04687b
SHA256 942f2e97ba50722cc54a8064194413c5b0ab3eaeb46cada222b78d749f407ca0
SHA512 3be99c3258c1cd3825966007ea694656a029b84180551e3033a6822fbb307f3345170c433406c427aebfeb57aba9cf716320af6b6aa0c0510c4f280a04b9d7e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ceb672a89ce624027a544b34d76cc484
SHA1 c336020a3099b9922d99628b853318b565446d41
SHA256 cf39d277261dbea885cd954580f8fd6c84b7d4cea5e190d71237ac8e81d91863
SHA512 c39db9f68dbf28c54ec1cb0ccfc590f0b399e842e92d5a45a1642f65bdefe6143399708b8084a3addd4ecf28437664c3c71d5aa78e1fee4fc0bba73c455a4c6f

C:\ProgramData\Outbyte\Driver Updater\2.x\Temp\setup_pcrepair.exe

MD5 662a9c27bbe4c7a6b4f3efd481ccd97d
SHA1 d0859e244adc6a850ff081c11d117bcc5e068071
SHA256 b792c90c5520bd3ad1e9be9f30baddcf9190cbe10fbc3793b097c48f1735c4e3
SHA512 b4844ab6ec9aacf678416599a607b1323f338d0d48bea5a82b73ebad704b2bad469f021d8715f52996532f651228697a17a5573a355231373a7380bc345f01db

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 65abfbc61b2a94ccdb75ae8131e0fdbe
SHA1 936859a2d8561c4fca6ade7934050579a5654510
SHA256 8ba2911b2b9b399af70e7d5d8eb396d35bcda897023857a00c99746e434050a4
SHA512 9ae5939a2fdca9053a3c92663dca0fc95666d4b4d62155f1ca090a1fa65a94d2b1e96958768be6f52e6a8a8215f68ee13e792fddf59ac4a9aaacc2b97c4262b8

C:\Program Files (x86)\Outbyte\PC Repair\PCRepair.exe

MD5 bbc6cf29df2497d16eb2b9529fe68875
SHA1 5b8bab2723471bd726d12e0e4159b4e3c0f3cb37
SHA256 50d155f2a4091fe3f62d428346953519df7f7ba09be669cf008bddcabc6fc5a9
SHA512 be1345b7a166b4ddc730b556fad24f14335a479d2f699a4cf5c2ee459799247e57eca76e1523076bdfd159bf1e9c29c442b9052875c5202290120a3eaddf7075

C:\Users\Admin\AppData\Local\Temp\{492052b4-7db7-ff43-a231-f78d1c9d360f}\SET45EA.tmp

MD5 2f7051d08dea2b20510426c0c4c40115
SHA1 63c66badd37425c98a079d841b81d15ce760d3a6
SHA256 fa3b1f98fc7c1cdc8230921d9e5939b13c609aca5f57744111ee47103cec43db
SHA512 bc1dee06af46a17941b95281aecea9fcdc7b9eb6d726443a242cf483967bbf0a6513cfcb81e72cc8bc8dcbec1aa497b58223e5b133e6169bef502bdd156ab743

C:\Users\Admin\AppData\Local\Temp\{492052b4-7db7-ff43-a231-f78d1c9d360f}\SET45D9.tmp

MD5 8c051058c5b82339b1ebd494e437c7d5
SHA1 cb3b016015c814004c66151762fc3bc1f0988dad
SHA256 c64bb14287b38a254a02406cbf7f5610a4be12c43a62b4d64f5710708c822980
SHA512 6271b06c51fc0f3c9fb10a8721d2ee7710fa37073ebfb4c5bedad037afcdd04b766a5630362a2e942cfb3ef29101c65a1a2ea0f4fb44ae43a63e6d7956774d5a

C:\ProgramData\Outbyte\PC Repair\1.x\Data\Mat.Apps.db

MD5 836f63ebaf979a7e94dc0bd8af134887
SHA1 699025bae1db4ce2f96533e1d7b3e5529dc8bd86
SHA256 b333748ca0f827dc81b77d4cd31724612c9089bc1ddb93a3375861e01357bd5d
SHA512 6749101677ae6263d1370c1f2f1355390d7f1f8b841baea243a9c318575474219b7a1c2a56c8e35ee56574fc072d527f0924bda975021b562210e924b378f0bf

C:\ProgramData\Outbyte\PC Repair\1.x\$$$data_1121606632

MD5 12a3e84b720ec101f180a4b4ab2ba58e
SHA1 470f531eee2e5ed8ef6bea5b14be0376f7f95ed6
SHA256 597253847de1fe610c87859a2b9a26c094ca54c3aac41eea0e3b58c7da4253ab
SHA512 01ab52a730db480346b7290dbef8b5cb0ba09e40f39ed6304caa373cad57bdccc71c1636d10790534fd688872241e7b95b4a3168a983b260db153805afb18aeb

C:\ProgramData\Outbyte\PC Repair\1.x\$$$data_2121606648

MD5 d9ad4da34f750933c1d59caf92a09005
SHA1 8fc3a34c122368543e6a1d86456b00f57e9864ae
SHA256 b181f003290d112fc1dc414f209ef684d16c40d3558e7c0990954b068dd22e2c
SHA512 d82b515947d47a46ea0379c34bb87f8fa96ee885f9b9ffa487495ea4ff9ac8c3a9eac21e6197954e09018bdb2f7129f907d0728313a6610c84ec9b0e4da8aa32

C:\ProgramData\Outbyte\PC Repair\1.x\$$$data_1121606788

MD5 b777891fc02522e032351d5f3cb37b81
SHA1 b66a939daff899ec51f73dbffc8c5baf75114889
SHA256 6ec207e16c935996f2fcf483a8bc67364924f6e14357066b6ce6e064dc516142
SHA512 d5e0e5e3d8b7ca3dead757a99782109bd267031b83ac65ef032de701d37f4bc955551d35708855605e7ba50620c2187e0792afdb39c7ca54a7f6eae23978bf2a

C:\Users\Admin\AppData\Local\Temp\$$$prefs.js121607148

MD5 d0fa016944f317dd72006541bc60aef1
SHA1 ddfa846cf4c71f5f580f3b7d26efdd106fa02cd2
SHA256 c54471e83c14a7fce21a817ea869770c335ee0c883e5adb3d646938358b677bc
SHA512 55efee83b81f79c811ff1093871dd714575cb0e554d2c5c0010d67b492d6ae9d054b6bc6e8c15db9f617d76389611d2e2c04a9ebc715922049553201d60aed39