0e056015ea77714ef6307709779bc9b7ade3a0e3e730d6cee39e298056d9811b

Analysis

max time kernel
142s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-10-2024 18:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Driver_Updater_setup.exe
Size

6.5MB
MD5

60eadf6552fb282c9dd437890c0b5e24
SHA1

11d401803530793093a7e01e54ad627d72b3065c
SHA256

0e056015ea77714ef6307709779bc9b7ade3a0e3e730d6cee39e298056d9811b
SHA512

b4cc19f0ac5f333c73b1cb592276243f64ba44ba8b81e61bbf3d475c822b2faa18dad48a9795e6589c97ae12d4ff6c2de3a4d207ac3aae7ad4684d66d72916ed
SSDEEP

196608:Lw0d6YbAcnuLtG8ltisbd2WTXwLw/fDXGhQ/vPn:KOAlhlIslUMDXGhQ3Pn

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\International\Geo\Nation	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Control Panel\International\Geo\Nation	PCHelpSoftDriverUpdater.exe

Executes dropped EXE 6 IoCs

pid	Process
2996	Driver_Updater_setup.tmp
2428	PCHelpSoftDriverUpdater.exe
3000	PCHelpSoftDriverUpdater.exe
2920	DriverPro.exe
1748	PCHelpSoftDriverUpdater.exe
2836	PCHelpSoftDriverUpdater.exe

Loads dropped DLL 17 IoCs

pid	Process
2224	Driver_Updater_setup.exe
2996	Driver_Updater_setup.tmp
2996	Driver_Updater_setup.tmp
2996	Driver_Updater_setup.tmp
2996	Driver_Updater_setup.tmp
2428	PCHelpSoftDriverUpdater.exe
2996	Driver_Updater_setup.tmp
2996	Driver_Updater_setup.tmp
3000	PCHelpSoftDriverUpdater.exe
2920	DriverPro.exe
2920	DriverPro.exe
3000	PCHelpSoftDriverUpdater.exe
3000	PCHelpSoftDriverUpdater.exe
1748	PCHelpSoftDriverUpdater.exe
3000	PCHelpSoftDriverUpdater.exe
3000	PCHelpSoftDriverUpdater.exe
2836	PCHelpSoftDriverUpdater.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	PCHelpSoftDriverUpdater.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\sqlite3.dll	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-UDVJM.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-B8DT6.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Spanish.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-CU2N7.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-9EPRI.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-FASAO.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-S4SNQ.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\unins000.dat	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-T5ORK.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-5DR5L.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Finnish.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Brazilian.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\7z.dll	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\sqlite3.dll	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-JBNI4.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-18D64.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-I4EC1.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-65886.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\unins000.msg	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Danish.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\unins000.dat	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-12552.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-L4MO6.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-EK86Q.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-6D2OG.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Norwegian.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Polish.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-TS0T9.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Italian.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Korean.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\PlayaSDK.dll	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-SG5IF.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\French.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\HDMSchedule.exe	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-QE0VE.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-O0HKN.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Dutch.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Russian.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\stub64.exe	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-6R6A9.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-KU7AQ.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-VLME0.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\German.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Settings.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-E1AOD.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-2B703.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-JN9A1.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-64JP8.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-30D44.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-4HR10.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-PJP6P.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-BFJ83.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-L9NVC.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\English.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Japanese.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-7DPGK.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-EPUKH.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-NGUFT.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-F30DE.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-DA3AE.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-36FD6.tmp	Driver_Updater_setup.tmp

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.app.log	PCHelpSoftDriverUpdater.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Driver_Updater_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Driver_Updater_setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DriverPro.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PCHelpSoftDriverUpdater.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	PCHelpSoftDriverUpdater.exe

Modifies registry class 26 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\PCHelpSoftDriverUpdater.HDM_encrypted	Driver_Updater_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\DefaultIcon\ = "C:\\Program Files (x86)\\PC HelpSoft Driver Updater\\PCHelpSoftDriverUpdater.exe,0"	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open\command	Driver_Updater_setup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\pchsdriver\ = "URL: Driver Updater Protocol"	PCHelpSoftDriverUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\pchsdriver\shell\open\command	PCHelpSoftDriverUpdater.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\pchsdriver\shell\open\command\ = "\"C:\\Program Files (x86)\\PC HelpSoft Driver Updater\\PCHelpSoftDriverUpdater.exe\" \"%1\""	PCHelpSoftDriverUpdater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\ = "PC HelpSoft Driver Updater Protected File"	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PCHelpSoftDriverUpdater.exe	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PCHelpSoftDriverUpdater.exe\SupportedTypes	Driver_Updater_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PCHelpSoftDriverUpdater.exe\SupportedTypes\.HDM_encrypted	Driver_Updater_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\pchsdriver	PCHelpSoftDriverUpdater.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\pchsdriver\shell\open	PCHelpSoftDriverUpdater.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.HDM_encrypted\OpenWithProgids	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\DefaultIcon	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open\command	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	Driver_Updater_setup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\pchsdriver\URL Protocol	PCHelpSoftDriverUpdater.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open\command\ = "\"C:\\Program Files (x86)\\PC HelpSoft Driver Updater\\Extra\\DriverPro.exe\" \"%1\""	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\PCHelpSoftDriverUpdater.exe\SupportedTypes	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.HDM_encrypted\OpenWithProgids	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.HDM_encrypted	Driver_Updater_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.HDM_encrypted\OpenWithProgids\PCHelpSoftDriverUpdater.HDM_encrypted	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open	Driver_Updater_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000_CLASSES\pchsdriver\shell	PCHelpSoftDriverUpdater.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	PCHelpSoftDriverUpdater.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	PCHelpSoftDriverUpdater.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	PCHelpSoftDriverUpdater.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	PCHelpSoftDriverUpdater.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	PCHelpSoftDriverUpdater.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2996	Driver_Updater_setup.tmp
2996	Driver_Updater_setup.tmp
2428	PCHelpSoftDriverUpdater.exe
2428	PCHelpSoftDriverUpdater.exe
2428	PCHelpSoftDriverUpdater.exe
2428	PCHelpSoftDriverUpdater.exe
2920	DriverPro.exe
2920	DriverPro.exe
3000	PCHelpSoftDriverUpdater.exe
3000	PCHelpSoftDriverUpdater.exe
3000	PCHelpSoftDriverUpdater.exe
3000	PCHelpSoftDriverUpdater.exe
1748	PCHelpSoftDriverUpdater.exe
1748	PCHelpSoftDriverUpdater.exe
2836	PCHelpSoftDriverUpdater.exe
2836	PCHelpSoftDriverUpdater.exe
2836	PCHelpSoftDriverUpdater.exe
2836	PCHelpSoftDriverUpdater.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3000	PCHelpSoftDriverUpdater.exe

Suspicious use of AdjustPrivilegeToken 47 IoCs

description	pid	Process
Token: SeDebugPrivilege	2428	PCHelpSoftDriverUpdater.exe
Token: SeIncreaseQuotaPrivilege	2428	PCHelpSoftDriverUpdater.exe
Token: SeImpersonatePrivilege	2428	PCHelpSoftDriverUpdater.exe
Token: SeLoadDriverPrivilege	2428	PCHelpSoftDriverUpdater.exe
Token: SeDebugPrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeIncreaseQuotaPrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeImpersonatePrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeLoadDriverPrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeDebugPrivilege	1748	PCHelpSoftDriverUpdater.exe
Token: SeIncreaseQuotaPrivilege	1748	PCHelpSoftDriverUpdater.exe
Token: SeImpersonatePrivilege	1748	PCHelpSoftDriverUpdater.exe
Token: SeLoadDriverPrivilege	1748	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	3000	PCHelpSoftDriverUpdater.exe
Token: SeDebugPrivilege	2836	PCHelpSoftDriverUpdater.exe
Token: SeIncreaseQuotaPrivilege	2836	PCHelpSoftDriverUpdater.exe
Token: SeImpersonatePrivilege	2836	PCHelpSoftDriverUpdater.exe
Token: SeLoadDriverPrivilege	2836	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	2836	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	2836	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	2836	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	2836	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	2836	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	2836	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	2836	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	2836	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	2836	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	2836	PCHelpSoftDriverUpdater.exe
Token: SeBackupPrivilege	2836	PCHelpSoftDriverUpdater.exe
Token: SeRestorePrivilege	2836	PCHelpSoftDriverUpdater.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2996	Driver_Updater_setup.tmp
1748	PCHelpSoftDriverUpdater.exe
1748	PCHelpSoftDriverUpdater.exe
1748	PCHelpSoftDriverUpdater.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1748	PCHelpSoftDriverUpdater.exe
1748	PCHelpSoftDriverUpdater.exe
1748	PCHelpSoftDriverUpdater.exe

Suspicious use of WriteProcessMemory 50 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2996	2224	Driver_Updater_setup.exe	30
PID 2224 wrote to memory of 2996	2224	Driver_Updater_setup.exe	30
PID 2224 wrote to memory of 2996	2224	Driver_Updater_setup.exe	30
PID 2224 wrote to memory of 2996	2224	Driver_Updater_setup.exe	30
PID 2224 wrote to memory of 2996	2224	Driver_Updater_setup.exe	30
PID 2224 wrote to memory of 2996	2224	Driver_Updater_setup.exe	30
PID 2224 wrote to memory of 2996	2224	Driver_Updater_setup.exe	30
PID 2996 wrote to memory of 2428	2996	Driver_Updater_setup.tmp	33
PID 2996 wrote to memory of 2428	2996	Driver_Updater_setup.tmp	33
PID 2996 wrote to memory of 2428	2996	Driver_Updater_setup.tmp	33
PID 2996 wrote to memory of 2428	2996	Driver_Updater_setup.tmp	33
PID 2996 wrote to memory of 2428	2996	Driver_Updater_setup.tmp	33
PID 2996 wrote to memory of 2428	2996	Driver_Updater_setup.tmp	33
PID 2996 wrote to memory of 2428	2996	Driver_Updater_setup.tmp	33
PID 2428 wrote to memory of 1984	2428	PCHelpSoftDriverUpdater.exe	34
PID 2428 wrote to memory of 1984	2428	PCHelpSoftDriverUpdater.exe	34
PID 2428 wrote to memory of 1984	2428	PCHelpSoftDriverUpdater.exe	34
PID 2428 wrote to memory of 1984	2428	PCHelpSoftDriverUpdater.exe	34
PID 2428 wrote to memory of 1684	2428	PCHelpSoftDriverUpdater.exe	35
PID 2428 wrote to memory of 1684	2428	PCHelpSoftDriverUpdater.exe	35
PID 2428 wrote to memory of 1684	2428	PCHelpSoftDriverUpdater.exe	35
PID 2428 wrote to memory of 1684	2428	PCHelpSoftDriverUpdater.exe	35
PID 2996 wrote to memory of 3000	2996	Driver_Updater_setup.tmp	38
PID 2996 wrote to memory of 3000	2996	Driver_Updater_setup.tmp	38
PID 2996 wrote to memory of 3000	2996	Driver_Updater_setup.tmp	38
PID 2996 wrote to memory of 3000	2996	Driver_Updater_setup.tmp	38
PID 2996 wrote to memory of 3000	2996	Driver_Updater_setup.tmp	38
PID 2996 wrote to memory of 3000	2996	Driver_Updater_setup.tmp	38
PID 2996 wrote to memory of 3000	2996	Driver_Updater_setup.tmp	38
PID 2996 wrote to memory of 2920	2996	Driver_Updater_setup.tmp	39
PID 2996 wrote to memory of 2920	2996	Driver_Updater_setup.tmp	39
PID 2996 wrote to memory of 2920	2996	Driver_Updater_setup.tmp	39
PID 2996 wrote to memory of 2920	2996	Driver_Updater_setup.tmp	39
PID 2996 wrote to memory of 2920	2996	Driver_Updater_setup.tmp	39
PID 2996 wrote to memory of 2920	2996	Driver_Updater_setup.tmp	39
PID 2996 wrote to memory of 2920	2996	Driver_Updater_setup.tmp	39
PID 3000 wrote to memory of 1748	3000	PCHelpSoftDriverUpdater.exe	40
PID 3000 wrote to memory of 1748	3000	PCHelpSoftDriverUpdater.exe	40
PID 3000 wrote to memory of 1748	3000	PCHelpSoftDriverUpdater.exe	40
PID 3000 wrote to memory of 1748	3000	PCHelpSoftDriverUpdater.exe	40
PID 3000 wrote to memory of 1748	3000	PCHelpSoftDriverUpdater.exe	40
PID 3000 wrote to memory of 1748	3000	PCHelpSoftDriverUpdater.exe	40
PID 3000 wrote to memory of 1748	3000	PCHelpSoftDriverUpdater.exe	40
PID 3000 wrote to memory of 2836	3000	PCHelpSoftDriverUpdater.exe	43
PID 3000 wrote to memory of 2836	3000	PCHelpSoftDriverUpdater.exe	43
PID 3000 wrote to memory of 2836	3000	PCHelpSoftDriverUpdater.exe	43
PID 3000 wrote to memory of 2836	3000	PCHelpSoftDriverUpdater.exe	43
PID 3000 wrote to memory of 2836	3000	PCHelpSoftDriverUpdater.exe	43
PID 3000 wrote to memory of 2836	3000	PCHelpSoftDriverUpdater.exe	43
PID 3000 wrote to memory of 2836	3000	PCHelpSoftDriverUpdater.exe	43

C:\Users\Admin\AppData\Local\Temp\Driver_Updater_setup.exe
"C:\Users\Admin\AppData\Local\Temp\Driver_Updater_setup.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Users\Admin\AppData\Local\Temp\is-AVK05.tmp\Driver_Updater_setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-AVK05.tmp\Driver_Updater_setup.tmp" /SL5="$40150,5854474,811008,C:\Users\Admin\AppData\Local\Temp\Driver_Updater_setup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2996
- - C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe
    "C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /INSTALL
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2428
  - - C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Delete /TN "PC HelpSoft Driver Updater Schedule" /F
      4⤵
      System Location Discovery: System Language Discovery
      PID:1984
  - - C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Delete /TN "PC HelpSoft Driver Updater Monitoring" /F
      4⤵
      System Location Discovery: System Language Discovery
      PID:1684
- - C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe
    "C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /START /INSTALLED
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks system information in the registry
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Enumerates system info in registry
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3000
  - - C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe
      "C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /TRAY
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\tmpA14E.tmp_collect\PCHelpSoftDriverUpdater.exe
      "C:\Users\Admin\AppData\Local\Temp\tmpA14E.tmp_collect\PCHelpSoftDriverUpdater.exe" /COLLECT
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:2836
- - C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe
    "C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\PC HelpSoft Driver Updater\English.ini

Filesize
50KB

MD5
f5b8c34947247058f621bdf996c3cc53

SHA1
6d306b9744feb2678a14061cb66f1e7f51a4c14a

SHA256
d65a51902e7dc17956fd538e021fa7895fbcf542764948a8030e96a9ab1d6442

SHA512
f4445293dfe5227f2dec56cffcae26eab5935ed9be98f71fe19ebccefcda641202245f959f25c5a9e331bbf76f382f7f5c59d52d468af732bc9acd0f6dd2d9f6

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Brazilian.ini

Filesize
17KB

MD5
59fdee32d3f9b78f5584b0f41b0fd6f7

SHA1
cd29d4fd4868027203e05aaac7540e3b56b76ae3

SHA256
030e0280563f4e6cc76dc47fa8143fe2cae26684bf657e836fa250d6a44f8710

SHA512
f94e38fe71227f055830124baa9b2aa5707ff4680f527bd10a71a73f43e5888056ec83ce77bc3097ed945d89861efdf44d2450fb905388bc09c4fb00c341e2ea

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Danish.ini

Filesize
16KB

MD5
e105e39bd46b29fc3d9c8a45cc93b1a8

SHA1
e8d29b02e57e223feea62b0bae930df9af064dd1

SHA256
338afdb73932bfbd15c2627df805c5838efc1a0e624e84e7311389bdfb1fd54e

SHA512
873f1cb99e02885a9f85b8ced3c0dd404f652b974f421bef77e223fe590488cf1202a55f48f784793cb34f68565a31e06d52496ba3aad8b52ff1287816c1ee09

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe

Filesize
5.2MB

MD5
98ff049770433852a64f027caa567e71

SHA1
1c2589dfb5bea24fb439c333f1fe7bfb9719bd20

SHA256
012da8993f671af5ff41ea38577a25822268763b766b17fa88398ec23e34aee5

SHA512
c569301533bf64b5072d49bcd7a82f2c57dc877158345c2c8056842b98288935aa088a96edaf5f2d955a984d8087013760307e4a18b52a5c7892269c6b3e09d2

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Dutch.ini

Filesize
17KB

MD5
094069998ccb29d5a56a4e605394a639

SHA1
440b4ecbff42c32d1ea1f299001f38675ac0190e

SHA256
c2b9ef60261365303b536258831c93fc1804e09e1bb01a02b010fa7878cbd22e

SHA512
6e6f443e6b744e2b62989cb92e8bb7561e5ef8aaef46dea35529107bdbce028894d0e8a150fd66f7ff1b287dce086fcf3b9f8defe3b985e73ae74bfb2431d21f

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\English.ini

Filesize
15KB

MD5
1b2ffa92f211d9d0b7cdb536e99ce4b3

SHA1
ec5b4885556194540bdb4a0166adbd081b591fae

SHA256
10d7845b4f5ce17da1115eb60b054adaa32f424e349b21d8a46682eecc1b835e

SHA512
86ac865a88a438bb4035b0b5473354b8aecd9963a79c67f5725813a585a0b94eb1ed049903fc5e8d8495d274fd23b88bdc7ac7c263e4c18e1c2492066873fa79

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Finnish.ini

Filesize
17KB

MD5
07ace8db776a5db0a639fa6be292a277

SHA1
11b8003a8a5382b8e3dcd3b002b9de254f4c83d4

SHA256
e6524a50756ca57f607acba31184b493d04030b31455ecd7d9ecdd9f875a6805

SHA512
345071223110b19bb0b06e261929be7fd9c9249e7960296ad471bd86c28c605c5f9b9c3d3bd0123e4fb6d59badf80f077882b06cd78f0d6a4a47ecc035d2a348

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\French.ini

Filesize
18KB

MD5
d0d011e52fb74218b602003c376d94b3

SHA1
3024e6bd626d6dc3a684295e733eac740d2c53fe

SHA256
0895c6e68dd04cdc888e93a82b60d59d807eb24b8002c2bdc8998bacc6246bee

SHA512
8ebd6f8e6dc9b987c161d44b505e29b1840442cc2b46e67239a3aa33e1fa2257b9726c36a9527e0e9f17001ca02272f7ddf5676b36ec27472936a5c8f30c8eb1

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\German.ini

Filesize
18KB

MD5
9f25fbf2d9d6db03a387895b9ad147b4

SHA1
42ffa865b058e4dbe41059c5c03b09ebe41cb7a6

SHA256
67d2a2452dd77fa8deda9e1d5cf5710eeadc5ef29a85b7aac690420db2cbb62d

SHA512
3b935261a4180e58464886355123193edf446512ecb61b941e3cffc2062ea51399802a4873760e35696e35afedfb9e647a904927f2cf4171e64b040bc29230a5

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Italian.ini

Filesize
17KB

MD5
123b66fc5bdda63a8bba1b580511f6ac

SHA1
abba14dfa8c91c0c98a2659a9e6751cb98383921

SHA256
f809d4ea37d7c1d42c5d8ffe55b1bdeaa9065b2313b53810400297f70efecd44

SHA512
2a942d9cbf31b3e6a30f66c6445ffe1c18582826c0a9f1d35268e99193b590762adc9f6aa14498b39285da873ea3b6ec87a3c48a79eafe7c4c2bfdc8634910f3

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Japanese.ini

Filesize
21KB

MD5
daba71201d5e8859ff518008a23bf1fe

SHA1
f583f65604c1793d90c5b4ba72145f45af0894d7

SHA256
cb73b7514d23b9958735a8bfdecbd5d77571be9cc23da9bb9724b01b9116e602

SHA512
d187f38e7ab632656bb5fc3baae5bbbcf521a9f612e09dd03c536bd0c03482eb7a42116380aec1bfbf2b462f88c86cd7c29cc02e4f0030f2153edabf1e031dd4

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Korean.ini

Filesize
18KB

MD5
a1aaaf95ea726ad6d5bb5e3ec030be59

SHA1
f1b2341983c7d2a0a81b7f5786865219aeb22ca4

SHA256
52bac3272f720b51fad93ac34cb9f244522752e82c833c7eb6edebb960d32369

SHA512
c3db2fb4378733d7cca8d7dee651cb096fc6cf01dca8203643aa8cd9a6db0f411b222321ea51aac8361e2bd732c546a6cf7eb5f7cfca5f1e34692fd1e5dfd48e

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Norwegian.ini

Filesize
16KB

MD5
1f35efcde6db4dec93c94bba45be4542

SHA1
359a683c1c959c0ad5cf7f7ead2a463fe4747842

SHA256
1902747d9c60329c5752b869c1adf85c701b533471cf3c6c980f736d7551c4c4

SHA512
d243d4ecaee6ad2ef06a73291db82ca9763b1d8f7a93c0f07b2b0f7b71a85b5773cfd99962aed6b2c600d86a228a5dfdbf17aee12106e5dd6dc9fedf6505a4c3

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Polish.ini

Filesize
17KB

MD5
85a03f193e27125d605b19804b43e0bb

SHA1
70d28931c8f5f19b59b1e719f1183a79f69efa62

SHA256
4805389183887f3636646cb5897371bccf7d683b4e7cbd50e35d2675e1d7fac2

SHA512
591c555a75ef380048583a4cda16888b2005dd103edfa2b4aea0b8aed459102f3a6781d34e4a2f533b25faaabefa980aafb546bdf743a55febf03c72c6000fb0

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Portuguese.ini

Filesize
17KB

MD5
b95d52afe2aa053c0096a2567bd3e381

SHA1
9fd928fb9af44e30fc8bddcba4f42a319b567666

SHA256
0e1c55e1acffc117656b552e9dc9fcab1bb5d4c8d15fdfaadedafe21222c0aea

SHA512
5d6fefdab72dc5edae981a52a809eb840bdfb6f834f7881a7ac95d99fb4692e8ee1b66709696020564cd3f3c4bf13b1b2d01228f924272c8097dee7e02a3add1

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Russian.ini

Filesize
25KB

MD5
f1e275534fe7d59ad3bebfda230d7370

SHA1
cc11725efe67239f62e0d3ae063a27576ef67db3

SHA256
c9e0b64103422fdc3f6a31ec2300b58e9540cc21346a0620c9f0901d16bdc405

SHA512
b6045f90ee2e16d15a321c149beab0d91f6e4603a9582d1efabcccdaff53bb0aca8a7ca34219b19511f9a649b11fe35cc41ecb41989c29702470d1decf5496c1

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Settings.ini

Filesize
126B

MD5
77d8771a751ba0d495200f339872ef85

SHA1
533acd0f129881feaa756fb79dde5d023f6bcede

SHA256
0166b6cd9fa3a3b030681c23b3d2399148a9ae0fa945ea5c39ff0b87f18098a9

SHA512
9bdd6655e27b36954fd6127a75bfee92d49ae7d1d553c44f6f67592ebfd147a4c0791b2bdabaa2657916c4621212b20bbb913499fbe3653584de099fd5cd01d7

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Spanish.ini

Filesize
17KB

MD5
839235142fedcf6eaacda727ab05dcb5

SHA1
99d860c34452d31d3c69f37bdb826bb9b45ab478

SHA256
802b866f10646fef8facf3b5b45b714f800aa03a582c76c06d4b9cfe7e164c82

SHA512
c145a8386e41aa9427d7a896aba5c6024daa3d9c2f2041325dc72b5c991aa43c24db0cb29138f0c91833c00528912ec787a5295fb832a8764c1e5f11b71a2dae

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Swedish.ini

Filesize
16KB

MD5
1aab81548ef8bfb11b1e81bebee4f19f

SHA1
073a5e57c51153da9454f3097f35f4213fc15d18

SHA256
0b5578d884c760c2d1e4c2d4fb16459f15bc3871a55320e58e1d9d3bfe5a4bbd

SHA512
f84cca8cc024a2c4427f9479aa719a1d0534053aa2dca7d4abd9fe759b32dea3cb91cbdad44d7e0b45f6c04515e3025d4a198704d826071d174e0fec92b71865

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\PlayaSDK.dll

Filesize
960KB

MD5
11a813c0972b740937d3a7e2daf9ffcb

SHA1
4245b5a3c97f725c56a29d745767edebb5e3f15d

SHA256
3f933bced2d9f65d48f7c48715bf286fd431341a74e1ce15d39b7c4c96603cf9

SHA512
9a590dcab0cf7051d04743736ea7a6b74fa0f87539580cc41a58ad33a76574201e7b6d54d5100cbcd262266bc55b053243edd4860a2d43deeb1c164395e4a941

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\sqlite3.dll

Filesize
640KB

MD5
842e8edbfbeffb9ef234a2da6d5980fe

SHA1
f76e944e5ac3c489d987a11a313b41dee3e813f3

SHA256
ec30f1214fa645b8e436142acab6cc9a07f5c4e3414b5e539a832df9237a7bb3

SHA512
1ca9449dffa72b274b842b3a1f2008d3f13c6f423e7ac466e2efb97fe2103e1aea052a5e8a9839083061154fb61ec870fbe8e35164b386a3aa0aaaf8064a0ed4

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\stub64.exe

Filesize
398KB

MD5
3892af3a2540cf8567d89f5e52837d6c

SHA1
9f52ec519d454d32a8b446b54b547cbff81cf4bf

SHA256
db6383d6291c8842131ab741217ee4a22685ed87934aa470a22d0c755aa52e37

SHA512
d97ddf70c1f7609def62ba66a0721f0a815ad014c071bf514ab048ea4d7495ad23b8f5e149f0aae17144be3fa8612e1e253acc0a11889673fbc19d6c60e4473d

Download Submit
C:\Users\Admin\AppData\Roaming\PC HelpSoft Driver Updater\3ECD8B979B7E15F1898DE0CA5254254D33450D70.7z.status

Filesize
38B

MD5
cf25c42f45a3fc92adb23a4fe24daecf

SHA1
2d52571ca1837e970538cabcc3c8fe78ae32ca88

SHA256
d25a2b6fd3c55e9a3932ac6290dd1729f02c90bdffd7cad20661ba20505a06a0

SHA512
a2ba4d33b442053030e8233af7bd64dc230343c8720f62228bb687bbaae5fea805b479e0b7eea7d8bc0ab0c84122b0733859f024ea77d4b4df59dfd0796ac00d

Download Submit
C:\Users\Admin\AppData\Roaming\PC HelpSoft Driver Updater\Devices.ini

Filesize
102KB

MD5
efd3181a3202e4ec76dcd2469bce7310

SHA1
3bb27f4c1067cc8e29e22425b4272fd7cbe717f3

SHA256
bf5b080691c257d0b848089710e9a93eb45ef1666a66e7954179e22088e60af6

SHA512
92d807bfe172f0741c688399baf3924b6b46b63848f9eaa596194ee29fbc79e119d94519233cc908171373f57c08062cc2acd5ab65a6481e8a78435643aafd65

Download Submit
C:\Users\Admin\AppData\Roaming\PC HelpSoft Driver Updater\program.log

Filesize
4KB

MD5
ab7cc7804a96e3bbd68cc12124cd2d0f

SHA1
68e62fd043c1773b9af414c2b006422af3f3b0bc

SHA256
8329ef3594158f279a8ce0f3161bcbf3c6f7689203754038872ee675c6cb6bd5

SHA512
232841aa7d43af25b1c5775e69e0b76a9b85455d292cbaafc26bc8492140749f4ab3cd2f36ad5f52543073d21f158709af6c5ac968864939d5ae1983ac410edf

Download Submit
C:\Users\Admin\AppData\Roaming\PC HelpSoft Driver Updater\program_error.log

Filesize
229B

MD5
18b553ded28ea065c1025cadf97e9440

SHA1
fef362126df2a94c58de666280626b9d14252704

SHA256
f58586720f2c43307743b03fb7f5f1f568bd67ec2be872778cc11a184fa1b96b

SHA512
f84ea1b2bfe07df7f2c0b2caf7da9969a998b7abfffdc9ae9c14f2e9e752c36b2dfde46707512f86b67ca6b0797b6214f574bc8eb57fab931334ab4a77131f2d

Download Submit
\Program Files (x86)\PC HelpSoft Driver Updater\7z.dll

Filesize
999KB

MD5
6de20d75ed981894ff5b8b89ccbc7499

SHA1
066bfefdb6a22fcc69d8cd7b22b9b9657c4f8e73

SHA256
23cc17c0e8c24f8084cd8a396e9aa33cb3e766d8b93cae54fc3857af825e7f36

SHA512
1e9766a3102da84673779e6fe597a2e301d0c770754bfa943897fa5449b21403f7e0e05c110ba0b8f84b73d791ce37e5f01c3c58f8304b86bfc0fc492e604aff

Download Submit
\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

Filesize
8.2MB

MD5
21a4dadd5686773fe0ef880c22f07d38

SHA1
6236e9ec7eee10d95b3055a5e473fd2656898469

SHA256
76ec2ea23b6d6cfd69699822a95e9032b9ef8100df19be91357c4e71a1f33b37

SHA512
e8dc6bec5347f6d83cdab1df7683abc0d563603ea08dcd5acccbdb6ac3a6efdbaa88dbdff5c257251eaa1c5311947a581d4a2bd506cbf3fbddba1e46471683c9

Download Submit
\Users\Admin\AppData\Local\Temp\is-AVK05.tmp\Driver_Updater_setup.tmp

Filesize
3.0MB

MD5
dfd93de42e9578134afa014f60acbe36

SHA1
9a0e08fd5122a5f7688b05868aa51e4e2c69a647

SHA256
9d2d3263a5b32dbb2dd9532aa571c1e07da9a2df228e5389872df126126bdabc

SHA512
4b6858c06a93e107e9854d4e5892da171d28c069fe7cea465c66e9e5dbb98285d165bf50281d8d00390263b99323222bc7c87017bb24c90c6529a3406faa0100

Download Submit
memory/1748-297-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download
memory/1748-323-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download
memory/1748-293-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download
memory/1748-335-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download
memory/1748-315-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download
memory/1748-331-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download
memory/1748-222-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/1748-221-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download
memory/1748-327-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download
memory/1748-288-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download
memory/1748-319-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download
memory/2224-10-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/2224-202-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/2224-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/2224-0-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/2428-140-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/2428-139-0x0000000000230000-0x0000000000A6F000-memory.dmp

Filesize
8.2MB

Download
memory/2836-286-0x00000000002F0000-0x0000000000B2F000-memory.dmp

Filesize
8.2MB

Download
memory/2836-287-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/2920-189-0x0000000000400000-0x000000000093A000-memory.dmp

Filesize
5.2MB

Download
memory/2920-190-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/2996-9-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/2996-11-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/2996-200-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/2996-137-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/3000-271-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/3000-313-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download
memory/3000-317-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download
memory/3000-219-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download
memory/3000-321-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download
memory/3000-220-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/3000-325-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download
memory/3000-295-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download
memory/3000-329-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download
memory/3000-270-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download
memory/3000-333-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download
memory/3000-290-0x0000000000020000-0x000000000085F000-memory.dmp

Filesize
8.2MB

Download