General Info

File name

avastdriverupdater.exe

Full analysis
https://app.any.run/tasks/74ce9e8a-8486-4438-b451-957922572a81
Verdict
Malicious activity
Analysis date
2/10/2019, 16:33:11
OS:
Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:

MIME:
application/x-dosexec
File info:
PE32 executable (GUI) Intel 80386, for MS Windows
MD5

9517246195b07fe8f4e6ad34556699f9

SHA1

cdde928f62803334b14fe9cb59d35745323ce628

SHA256

03c0b95c3aedfff07d292a47402eb9ce4edf96b7a2e53fe58b88ae2c5bd59539

SSDEEP

12288:LUjXV1+uVs2W8B0EHgs628H7kzT34drrrrIofcKBO:wBAtL7kzT34drrrrFcKBO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distored by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Software environment set and analysis options

Launch configuration

Task duration
60 seconds
Additional time used
none
Fakenet option
off
Heavy Evaision option
off
MITM proxy
off
Route via Tor
off
Network geolocation
off
Privacy
Public submission
Autoconfirmation of UAC
on

Software preset

  • Internet Explorer 8.0.7601.17514
  • Adobe Acrobat Reader DC MUI (15.023.20070)
  • Adobe Flash Player 26 ActiveX (26.0.0.131)
  • Adobe Flash Player 26 NPAPI (26.0.0.131)
  • Adobe Flash Player 26 PPAPI (26.0.0.131)
  • Adobe Refresh Manager (1.8.0)
  • CCleaner (5.35)
  • FileZilla Client 3.36.0 (3.36.0)
  • Google Chrome (68.0.3440.106)
  • Google Update Helper (1.3.33.17)
  • Java 8 Update 92 (8.0.920.14)
  • Java Auto Updater (2.8.92.14)
  • Microsoft .NET Framework 4.6.1 (4.6.01055)
  • Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Professional 2010 (14.0.6029.1000)
  • Microsoft Office Proof (English) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (French) 2010 (14.0.6029.1000)
  • Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
  • Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
  • Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Office Single Image 2010 (14.0.6029.1000)
  • Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
  • Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
  • Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
  • Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
  • Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
  • Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (14.15.26706.0)
  • Microsoft Visual C++ 2017 x86 Additional Runtime - 14.15.26706 (14.15.26706)
  • Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.15.26706 (14.15.26706)
  • Mozilla Firefox 61.0.2 (x86 en-US) (61.0.2)
  • Notepad++ (32-bit x86) (7.5.1)
  • Opera 12.15 (12.15.1748)
  • Skype version 8.29 (8.29)
  • VLC media player (2.2.6)
  • WinRAR 5.60 (32-bit) (5.60.0)

Hotfixes

  • Client LanguagePack Package
  • Client Refresh LanguagePack Package
  • CodecPack Basic Package
  • Foundation Package
  • IE Troubleshooters Package
  • InternetExplorer Optional Package
  • KB2534111
  • KB2999226
  • KB976902
  • LocalPack AU Package
  • LocalPack CA Package
  • LocalPack GB Package
  • LocalPack US Package
  • LocalPack ZA Package
  • ProfessionalEdition
  • UltimateEdition

Behavior activities

MALICIOUS SUSPICIOUS INFO
Loads dropped or rewritten executable
  • csrss.exe (PID: 400)
  • svchost.exe (PID: 844)
  • explorer.exe (PID: 116)
Loads the Task Scheduler DLL interface
  • Avast Driver Updater.exe (PID: 3348)
Application was dropped or rewritten from another process
  • Avast Driver Updater.exe (PID: 3348)
Changes settings of System certificates
  • MsiExec.exe (PID: 2192)
Creates files in the Windows directory
  • Avast Driver Updater.exe (PID: 3348)
  • svchost.exe (PID: 844)
Reads Internet Cache Settings
  • Avast Driver Updater.exe (PID: 3348)
Removes files from Windows directory
  • Avast Driver Updater.exe (PID: 3348)
Creates files in the program directory
  • svchost.exe (PID: 844)
Creates files in the driver directory
  • Avast Driver Updater.exe (PID: 3348)
Creates or modifies windows services
  • Avast Driver Updater.exe (PID: 3348)
Executable content was dropped or overwritten
  • Avast Driver Updater.exe (PID: 3348)
  • msiexec.exe (PID: 2652)
Adds / modifies Windows certificates
  • MsiExec.exe (PID: 2192)
Searches for installed software
  • Avast Driver Updater.exe (PID: 3348)
Loads dropped or rewritten executable
  • MsiExec.exe (PID: 2192)
Creates files in the program directory
  • msiexec.exe (PID: 2652)
Application launched itself
  • msiexec.exe (PID: 2652)
Creates a software uninstall entry
  • msiexec.exe (PID: 2652)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Static information

TRiD
.exe
|   Win32 Executable MS Visual C++ (generic) (67.4%)
.dll
|   Win32 Dynamic Link Library (generic) (14.2%)
.exe
|   Win32 Executable (generic) (9.7%)
.exe
|   Generic Win/DOS Executable (4.3%)
.exe
|   DOS Executable Generic (4.3%)
EXIF
EXE
MachineType:
Intel 386 or later, and compatibles
TimeStamp:
2018:11:28 16:29:37+01:00
PEType:
PE32
LinkerVersion:
8
CodeSize:
385024
InitializedDataSize:
606208
UninitializedDataSize:
null
EntryPoint:
0x3aa63
OSVersion:
4
ImageVersion:
null
SubsystemVersion:
4
Subsystem:
Windows GUI
FileVersionNumber:
2.23.1.0
ProductVersionNumber:
2.23.1.0
FileFlagsMask:
0x003f
FileFlags:
(none)
FileOS:
Windows NT 32-bit
ObjectFileType:
Executable application
FileSubtype:
null
LanguageCode:
English (U.S.)
CharacterSet:
Unicode
CompanyName:
Slimware Utilities Holdings, Inc.
FileDescription:
Avast Driver Updater Setup Wizard
FileVersion:
2.23.1
InternalName:
LittleInstaller
LegalCopyright:
Copyright 2011-2016 Slimware Utilities Holdings, Inc.
OriginalFileName:
Avast Driver Updater-setup.exe
ProductName:
Avast Driver Updater
ProductVersion:
2.23.1
Summary
Architecture:
IMAGE_FILE_MACHINE_I386
Subsystem:
IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date:
28-Nov-2018 15:29:37
Detected languages
English - United States
Japanese - Japan
Process Default Language
Debug artifacts
E:\BuildAgent\work\652325c68c8b38d0\bin\Release\LittleInstaller.pdb
CompanyName:
Slimware Utilities Holdings, Inc.
FileDescription:
Avast Driver Updater Setup Wizard
FileVersion:
2.23.1
InternalName:
LittleInstaller
LegalCopyright:
Copyright 2011-2016 Slimware Utilities Holdings, Inc.
OriginalFilename:
Avast Driver Updater-setup.exe
ProductName:
Avast Driver Updater
ProductVersion:
2.23.1
DOS Header
Magic number:
MZ
Bytes on last page of file:
0x0090
Pages in file:
0x0003
Relocations:
0x0000
Size of header:
0x0004
Min extra paragraphs:
0x0000
Max extra paragraphs:
0xFFFF
Initial SS value:
0x0000
Initial SP value:
0x00B8
Checksum:
0x0000
Initial IP value:
0x0000
Initial CS value:
0x0000
Overlay number:
0x0000
OEM identifier:
0x0000
OEM information:
0x0000
Address of NE header:
0x000000E8
PE Headers
Signature:
PE
Machine:
IMAGE_FILE_MACHINE_I386
Number of sections:
5
Time date stamp:
28-Nov-2018 15:29:37
Pointer to Symbol Table:
0x00000000
Number of symbols:
0
Size of Optional Header:
0x00E0
Characteristics
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
Sections
Name Virtual Address Virtual Size Raw Size Charateristics Entropy
.text 0x00001000 0x0005DE47 0x0005E000 IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ 6.64575
.rdata 0x0005F000 0x00019C4A 0x0001A000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 4.66359
.data 0x00079000 0x000083DC 0x00005000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE 4.10726
.rsrc 0x00082000 0x00062D9E 0x00063000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ 5.3421
.reloc 0x000E5000 0x0000D1EE 0x0000E000 IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_DISCARDABLE,IMAGE_SCN_MEM_READ 4.12632
Resources
1

2

3

4

7

63

64

65

66

67

68

69

100

101

102

103

104

105

106

108

188

189

190

191

500

501

512

514

526

528

1003

1004

1006

1011

1053

1054

1059

1060

1093

3585

3841

3843

3857

3858

3859

3865

3867

3868

3887

30734

30977

30994

30996

Imports
    PSAPI.DLL

    KERNEL32.dll

    USER32.dll

    GDI32.dll

    COMDLG32.dll

    WINSPOOL.DRV

    ADVAPI32.dll

    SHELL32.dll

    COMCTL32.dll

    SHLWAPI.dll

    ole32.dll

    OLEAUT32.dll

    WS2_32.dll

    CRYPT32.dll (delay-loaded)

Exports

    No exports.

Screenshots

Processes

Total processes
39
Monitored processes
9
Malicious processes
4
Suspicious processes
1

Behavior graph

+
start avastdriverupdater.exe no specs avastdriverupdater.exe msiexec.exe msiexec.exe svchost.exe explorer.exe no specs avast driver updater.exe csrss.exe no specs unsecapp.exe no specs
Specs description
Program did not start
Integrity level elevation
Task сontains an error or was rebooted
Process has crashed
Task contains several apps running
Executable file was dropped
Debug information is available
Process was injected
Network attacks were detected
Application downloaded the executable file
Actions similar to stealing personal data
Behavior similar to exploiting the vulnerability
Inspected object has sucpicious PE structure
File is detected by antivirus software
CPU overrun
RAM overrun
Process starts the services
Process was added to the startup
Behavior similar to spam
Low-level access to the HDD
Probably Tor was used
System was rebooted
Connects to the network
Known threat

Process information

Click at the process to see the details.

PID
400
CMD
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
Path
C:\Windows\System32\csrss.exe
Indicators
No indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Client Server Runtime Process
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sxssrv.dll
c:\windows\system32\sxs.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cryptbase.dll
c:\program files\avast driver updater\unifiedlogger.dll

PID
844
CMD
C:\Windows\system32\svchost.exe -k netsvcs
Path
C:\Windows\System32\svchost.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Host Process for Windows Services
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\gpsvc.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sysntfy.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\themeservice.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\profsvc.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\winsta.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\dsrole.dll
c:\windows\system32\slc.dll
c:\windows\system32\sens.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\pcwum.dll
c:\windows\system32\shell32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\authz.dll
c:\windows\system32\ubpm.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\devobj.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\fveapi.dll
c:\windows\system32\tbs.dll
c:\windows\system32\fvecerts.dll
c:\windows\system32\logoncli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wiarpc.dll
c:\windows\system32\taskcomp.dll
c:\windows\system32\version.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\netjoin.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\ikeext.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\iphlpsvc.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\srvsvc.dll
c:\windows\system32\browser.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\samcli.dll
c:\windows\system32\sscore.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\resutils.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\nci.dll
c:\windows\system32\propsys.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\spinf.dll
c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\sxs.dll
c:\windows\system32\wbem\ncprov.dll
c:\windows\system32\qmgr.dll
c:\windows\system32\bitsperf.dll
c:\windows\system32\bitsigd.dll
c:\windows\system32\upnp.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ssdpapi.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\esent.dll
c:\windows\system32\winspool.drv
c:\windows\system32\cabinet.dll
c:\windows\system32\mspatcha.dll
c:\windows\system32\psapi.dll
c:\windows\system32\wmsgapi.dll
c:\windows\system32\wer.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\ndiscapcfg.dll
c:\windows\system32\rascfg.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\tcpipcfg.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\es.dll
c:\windows\system32\aelupsvc.dll
c:\windows\system32\windanr.exe
c:\windows\system32\appinfo.dll
c:\users\admin\appdata\local\temp\avastdriverupdater.exe
c:\windows\installer\{8804140c-3144-4075-9526-1c662e26ca17}\icon.exe
c:\program files\avast driver updater\avast driver updater.exe
c:\windows\system32\wbem\unsecapp.exe

PID
116
CMD
C:\Windows\Explorer.EXE
Path
C:\Windows\explorer.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
MEDIUM
Version:
Company
Microsoft Corporation
Description
Windows Explorer
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\duser.dll
c:\windows\system32\dui70.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\slc.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\secur32.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\propsys.dll
c:\windows\system32\cryptbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\profapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\ehstorshell.dll
c:\windows\system32\cscui.dll
c:\windows\system32\cscdll.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\iconcodecservice.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\sndvolsso.dll
c:\windows\system32\hid.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\timedate.cpl
c:\windows\system32\atl.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\userenv.dll
c:\windows\system32\shacct.dll
c:\windows\system32\samlib.dll
c:\windows\system32\samcli.dll
c:\windows\system32\netutils.dll
c:\windows\system32\winanr.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\msftedit.dll
c:\windows\system32\msls31.dll
c:\program files\common files\microsoft shared\ink\tiptsf.dll
c:\windows\system32\authui.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\gameux.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\wer.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\version.dll
c:\windows\system32\msi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\psapi.dll
c:\windows\system32\networkexplorer.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\audioses.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\stobject.dll
c:\windows\system32\batmeter.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\es.dll
c:\windows\system32\prnfldr.dll
c:\windows\system32\winspool.drv
c:\windows\system32\dxp.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\syncreg.dll
c:\windows\ehome\ehsso.dll
c:\windows\system32\netshell.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\alttab.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\filezilla ftp client\fzshellext.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\pnidui.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\wwanapi.dll
c:\windows\system32\wwapi.dll
c:\windows\system32\qagent.dll
c:\windows\system32\srchadmin.dll
c:\windows\system32\sxs.dll
c:\windows\system32\bthprops.cpl
c:\windows\system32\ieframe.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\synccenter.dll
c:\windows\system32\actioncenter.dll
c:\windows\system32\imapi2.dll
c:\windows\system32\hgcpl.dll
c:\windows\system32\provsvc.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\fxsst.dll
c:\windows\system32\fxsapi.dll
c:\windows\system32\fxsresm.dll
c:\windows\system32\wscinterop.dll
c:\windows\system32\wscapi.dll
c:\windows\system32\wscui.cpl
c:\windows\system32\werconcpl.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\wercplsupport.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\hcproviders.dll
c:\program files\internet explorer\ieproxy.dll
c:\windows\system32\mpr.dll
c:\windows\system32\drprov.dll
c:\windows\system32\ntlanman.dll
c:\windows\system32\davclnt.dll
c:\windows\system32\davhlpr.dll
c:\windows\system32\thumbcache.dll
c:\users\admin\appdata\local\temp\avastdriverupdater.exe
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\devrtl.dll
c:\program files\adobe\acrobat reader dc\reader\acrord32.exe
c:\windows\system32\ie4uinit.exe
c:\program files\ccleaner\ccleaner.exe
c:\program files\internet explorer\iexplore.exe
c:\windows\installer\{ac76ba86-7ad7-ffff-7b44-ac0f074e4100}\sc_reader.ico
c:\windows\installer\{8804140c-3144-4075-9526-1c662e26ca17}\icon.exe
c:\windows\system32\imageres.dll
c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\wordicon.exe
c:\program files\videolan\vlc\vlc.exe
c:\program files\windows media player\wmplayer.exe
c:\program files\microsoft\skype for desktop\skype.exe
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\unregmp2.exe
c:\program files\opera\opera.exe
c:\windows\system32\devicecenter.dll
c:\program files\opera\opera.dll
c:\windows\system32\sud.dll
c:\program files\mozilla firefox\firefox.exe
c:\program files\filezilla ftp client\filezilla.exe
c:\windows\system32\miguiresource.dll
c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\outicon.exe
c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\xlicons.exe

PID
2844
CMD
"C:\Users\admin\AppData\Local\Temp\avastdriverupdater.exe"
Path
C:\Users\admin\AppData\Local\Temp\avastdriverupdater.exe
Indicators
No indicators
Parent process
explorer.exe
User
admin
Integrity Level
MEDIUM
Exit code
3221226540
Version:
Company
Slimware Utilities Holdings, Inc.
Description
Avast Driver Updater Setup Wizard
Version
2.23.1
Modules
Image
c:\users\admin\appdata\local\temp\avastdriverupdater.exe
c:\systemroot\system32\ntdll.dll

PID
4036
CMD
"C:\Users\admin\AppData\Local\Temp\avastdriverupdater.exe"
Path
C:\Users\admin\AppData\Local\Temp\avastdriverupdater.exe
Indicators
Parent process
explorer.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Slimware Utilities Holdings, Inc.
Description
Avast Driver Updater Setup Wizard
Version
2.23.1
Modules
Image
c:\users\admin\appdata\local\temp\avastdriverupdater.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\wintrust.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\msi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\oledlg.dll
c:\windows\system32\riched20.dll
c:\windows\system32\version.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\apphelp.dll
c:\program files\avast driver updater\avast driver updater.exe

PID
2652
CMD
C:\Windows\system32\msiexec.exe /V
Path
C:\Windows\system32\msiexec.exe
Indicators
Parent process
––
User
SYSTEM
Integrity Level
SYSTEM
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\shell32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\msimsg.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\wkscli.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\msisip.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\winsta.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
c:\windows\microsoft.net\framework\v4.0.30319\clr.dll
c:\windows\microsoft.net\framework\v4.0.30319\fusion.dll
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\propsys.dll

PID
2192
CMD
C:\Windows\system32\MsiExec.exe -Embedding D0543834D9D4A57186DF76FCB7F1244E
Path
C:\Windows\system32\MsiExec.exe
Indicators
Parent process
msiexec.exe
User
admin
Integrity Level
HIGH
Exit code
0
Version:
Company
Microsoft Corporation
Description
Windows® installer
Version
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\msiexec.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\sspicli.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mpr.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\winmm.dll
c:\windows\system32\samcli.dll
c:\windows\system32\msacm32.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\devobj.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\wininet.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\installer\msiaa80.tmp
c:\windows\system32\rstrtmgr.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\psapi.dll
c:\windows\installer\msiae4d.tmp
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\credssp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\p2pcollab.dll
c:\windows\system32\qagentrt.dll
c:\windows\system32\fveui.dll
c:\windows\system32\gpapi.dll

PID
3348
CMD
"C:\Program Files\Avast Driver Updater\Avast Driver Updater.exe"
Path
C:\Program Files\Avast Driver Updater\Avast Driver Updater.exe
Indicators
Parent process
avastdriverupdater.exe
User
admin
Integrity Level
HIGH
Version:
Company
AVAST Software
Description
Avast Driver Updater
Version
2.5.5
Modules
Image
c:\program files\avast driver updater\avast driver updater.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ole32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\devobj.dll
c:\windows\system32\version.dll
c:\windows\system32\newdev.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\devrtl.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll
c:\windows\system32\riched20.dll
c:\windows\system32\userenv.dll
c:\windows\system32\profapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wininet.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\webio.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\credssp.dll
c:\windows\system32\wuapi.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wups.dll
c:\windows\system32\wshqos.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\spinf.dll
c:\windows\system32\spfileq.dll
c:\windows\system32\schannel.dll
c:\windows\system32\secur32.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\asycfilt.dll
c:\windows\system32\mstask.dll
c:\windows\system32\mpr.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\nlaapi.dll

PID
2540
CMD
C:\Windows\system32\wbem\unsecapp.exe -Embedding
Path
C:\Windows\system32\wbem\unsecapp.exe
Indicators
No indicators
Parent process
––
User
admin
Integrity Level
HIGH
Version:
Company
Microsoft Corporation
Description
Sink to receive asynchronous callbacks for WMI client application
Version
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Image
c:\windows\system32\wbem\unsecapp.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\wbemcomn.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\sechost.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\cryptbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\cryptsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\rpcrtremote.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll

Registry activity

Total events
1840
Read events
1615
Write events
215
Delete events
10

Modification events

PID
Process
Operation
Key
Name
Value
844
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A93F613E-6F72-43E5-A596-32DE193123D1}
Path
\Avast Driver Updater Startup
844
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A93F613E-6F72-43E5-A596-32DE193123D1}
Hash
4DF77A754C582C2F74A33F7A745A9DEB8D552720022E200BF704ADFEBCB282CA
844
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Driver Updater Startup
Id
{A93F613E-6F72-43E5-A596-32DE193123D1}
844
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Driver Updater Startup
Index
2
844
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A93F613E-6F72-43E5-A596-32DE193123D1}
Triggers
1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00216101484848487E03B961484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007C3E9B4DF44C73593E88FD13E8030000484848481C0000004848484855005300450052002D00500043005C00610064006D0069006E00000048484848380000004848484858020000100E000080F40300FFFFFFFF05000000000000000000000000000000000000000000000000000000000000000000000000000000AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E2F501010052006500730074006100720074000148484848484848
844
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A93F613E-6F72-43E5-A596-32DE193123D1}
DynamicInfo
0300000092E1FF0C56C1D40100000000000000000000000000000000
844
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures
Avast Driver Updater Startup.job
93F4CCB9AE789017BAE1A122E81300751A04D62AF7B4B530549784610ACDFC9EF4E6AE83A33C8524B0D8BC217C9C6FCBF2A4CD31E88F2198D0771785A04A5C5F
844
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures
Avast Driver Updater Startup.job.fp
3870374013
844
svchost.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A93F613E-6F72-43E5-A596-32DE193123D1}
Triggers
1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00216101484848487E03B961484848480048484848484848004848484848484801000000484848481C000000484848480105000000000005150000007C3E9B4DF44C73593E88FD13E8030000484848481C0000004848484855005300450052002D00500043005C00610064006D0069006E00000048484848380000004848484858020000100E000080F40300FFFFFFFF050000000000000000000000000000000000000000000000000000000A0020000000000000000000AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E2F501010000000000000000000000000000000148484848484848
116
explorer.exe
delete key
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
116
explorer.exe
delete key
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F
116
explorer.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts
116
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
LanguageList
en-US
116
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@"%windir%\System32\ie4uinit.exe",-732
Finds and displays information and Web sites on the Internet.
116
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@C:\Windows\System32\ie4uinit.exe,-731
Internet Explorer
116
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@C:\Windows\system32\unregmp2.exe,-4
Windows Media Player
116
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@C:\Windows\system32\DeviceCenter.dll,-1000
Devices and Printers
116
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@C:\Windows\system32\sud.dll,-1
Default Programs
116
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@C:\Windows\explorer.exe,-7021
Help and Support
116
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater\Avast Driver Updater.lnk
1
116
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater\Avast Driver Updater.lnk
1
116
explorer.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@C:\Windows\system32\miguiresource.dll,-201
Task Scheduler
116
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
P:\Hfref\nqzva\NccQngn\Ybpny\Grzc\ninfgqevirehcqngre.rkr
00000000000000000000000000000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
116
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
HRZR_PGYFRFFVBA
000000002E0000003D000000FA3A1500090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802000000000E0000005DEC04007B00440036003500320033003100420030002D0042003200460031002D0034003800350037002D0041003400430045002D004100380045003700430036004500410037004400320037007D005C007400610073006B006D00670072002E0065007800650000003702000008023CE23702350100C082BAD075B048D4750200000001000000A048D4750100000068E23702C5B8D075A848D47501000000C81008000000000090E237026BB9D07500000000350100C001000000B0E23702973CB8779C3CB877F58CF77501000000350100C00000000088E23702FFFFFFFFF8E23702EDE0B47745727800FEFFFFFFC0E237020D6BD075A0E737028CE8370200000000F8E23702973CB8779C3CB877BD8CF775000000008CE83702A0E73702D0E237020100000070E73702EDE0B47745727800FEFFFFFF08E337020D6BD0757E0000008CE8370280E73702F36BD075E186D0752794C6128CE8370210000000570104003E0040008CE83702A0E73702000000000000000000000000000008025CE537020000080254E33702350100C000000000D8E637023200000018000000000000000000000088E3370211000000B8450B00B0450B0032000000D8E63702F0E300009B1EC112A0E3370282919576F0E33702A4E3370227959576000000006C155002CCE33702CD9495766C15500278E43702E0105002E194957600000000E010500278E43702D4E33702090000000B000000DCC402007B00370043003500410034003000450046002D0041003000460042002D0034004200460043002D0038003700340041002D004300300046003200450030004200390046004100380045007D005C00410064006F00620065005C004100630072006F0062006100740020005200650061006400650072002000440043005C005200650061006400650072005C004100630072006F0052006400330032002E0065007800650000000000D09866060000000034E82802C05D5A740200000002000000000C00940F000000E8E82802010000000400000001000000010000006B001001D098660605000000D098660602020000E20101AE2B51EA0088E7280239B58D76E20101AE24E82802130000000400000030000000120000001D000000130000001D0000000E00000012000000020000003200000014000000E387EE7A38E82802F3AE5B7400574100E20101AE010000000000000011000000F0443500E8443500A14A52740000000020E800001F51EA7AD0E728028291917520E828028CD800006B51EA7AE4E72802B69C917590D8D4035C0000000401000084F2280244F228026B4E317411000000F0443500E8443500A8EAD403FA4F31740000000074E80000AB5EEA7A24E828028291917574E8280228E8280227959175000000008CD8D40350E82802CD9491758CD8D403FCE8280200D4D403E19491750000000000D4D403FCE8280258E82802
116
explorer.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count
Zvpebfbsg.NhgbTrarengrq.{RS3R1S44-O266-96R4-3SQO-385RR10Q10R0}
00000000000000000000000000000000000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BF000080BFFFFFFFFF000000000000000000000000
4036
avastdriverupdater.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SlimWare Utilities Inc
MachineID
29B5D6A6F8B4D34CB2A1DD9F564DB159
4036
avastdriverupdater.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SlimWare Utilities Inc\Avast Driver Updater
BuildNumber
1
4036
avastdriverupdater.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
4036
avastdriverupdater.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter
52
2652
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F\52C64B7E
2652
msiexec.exe
delete key
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\5F
2652
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
2652
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback
2652
msiexec.exe
delete key
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
2652
msiexec.exe
delete key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
2652
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000_CLASSES\Local Settings\MuiCache\5F\52C64B7E
LanguageList
en-US
2652
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Owner
5C0A000076FE360256C1D401
2652
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
SessionHash
D91B1B4DADFBDBCF0D39056BAD1312F9F795B0C12C32092518BAD3D494A52EBB
2652
msiexec.exe
write
HKEY_USERS\S-1-5-21-1302019708-1500728564-335382590-1000\Software\Microsoft\RestartManager\Session0000
Sequence
1
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\InProgress
C:\Windows\Installer\19a735.ipi
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\19a736.rbs
30720342
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts
C:\Config.Msi\19a736.rbsLow
53874768
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B356DD3159CB9755E9B262C473CAC1EB
C0414088441357045962C166E262AC71
C:\Program Files\Avast Driver Updater\Avast Driver Updater.exe
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5F389641ADAC1C051856E1C94A563ADA
C0414088441357045962C166E262AC71
C:\Program Files\Avast Driver Updater\UninstallStub.exe
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\40F01DC9F9ADFE05EBAA28171DE89604
C0414088441357045962C166E262AC71
C:\Program Files\Avast Driver Updater\Open-Source Licenses.txt
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6F1C51DF2A075D54BB31B260920C985
C0414088441357045962C166E262AC71
C:\Program Files\Avast Driver Updater\UnifiedLogger.dll
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D94CF4C5104FA8C5B80D73B4CE137F09
C0414088441357045962C166E262AC71
C:\Program Files\Avast Driver Updater\DrvRst.exe
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Program Files\Avast Driver Updater\
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\Windows\Installer\{8804140C-3144-4075-9526-1C662E26CA17}\
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater\
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SlimWare Utilities Inc\Avast Driver Updater\Registration
dmm
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SlimWare Utilities Inc\Avast Driver Updater\Registration
lv
1
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater
Comments
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater
Contact
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater
DisplayIcon
"C:\Program Files\Avast Driver Updater\Avast Driver Updater.exe",0
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater
DisplayName
Avast Driver Updater
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater
DisplayVersion
2.5.5
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater
HelpLink
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater
HelpTelephone
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater
InstallLocation
C:\Program Files\Avast Driver Updater\
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater
InstallSource
C:\Program Files\Downloaded Installers\{8804140c-3144-4075-9526-1c662e26ca17}\
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater
UninstallString
"C:\Program Files\Avast Driver Updater\UninstallStub.exe" --log {8804140c-3144-4075-9526-1c662e26ca17}
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater
Publisher
AVAST Software
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater
Readme
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater
Size
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater
URLInfoAbout
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater
URLUpdateInfo
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater
NoModify
1
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater
NoRepair
1
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater
VersionMajor
2
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater
VersionMinor
5
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
LocalPackage
C:\Windows\Installer\19a737.msi
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
AuthorizedCDFPrefix
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
Comments
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
Contact
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
DisplayVersion
2.5.5
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
HelpLink
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
HelpTelephone
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
InstallDate
20190210
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
InstallLocation
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
InstallSource
C:\Users\Public\Documents\Downloaded Installers\{8804140C-3144-4075-9526-1C662E26CA17}\
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
ModifyPath
MsiExec.exe /X{8804140C-3144-4075-9526-1C662E26CA17}
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
NoModify
1
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
Publisher
AVAST Software
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
Readme
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
Size
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
EstimatedSize
30291
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
SystemComponent
1
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
UninstallString
MsiExec.exe /X{8804140C-3144-4075-9526-1C662E26CA17}
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
URLInfoAbout
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
URLUpdateInfo
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
VersionMajor
2
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
VersionMinor
5
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
WindowsInstaller
1
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
Version
33882117
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
Language
1033
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
AuthorizedCDFPrefix
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
Comments
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
Contact
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
DisplayVersion
2.5.5
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
HelpLink
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
HelpTelephone
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
InstallDate
20190210
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
InstallLocation
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
InstallSource
C:\Users\Public\Documents\Downloaded Installers\{8804140C-3144-4075-9526-1C662E26CA17}\
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
ModifyPath
MsiExec.exe /X{8804140C-3144-4075-9526-1C662E26CA17}
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
NoModify
1
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
Publisher
AVAST Software
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
Readme
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
Size
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
EstimatedSize
30291
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
SystemComponent
1
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
UninstallString
MsiExec.exe /X{8804140C-3144-4075-9526-1C662E26CA17}
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
URLInfoAbout
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
URLUpdateInfo
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
VersionMajor
2
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
VersionMinor
5
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
WindowsInstaller
1
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
Version
33882117
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
Language
1033
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\E265C37BF9206654EA0B50EA65E3F6B7
C0414088441357045962C166E262AC71
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\InstallProperties
DisplayName
Avast Driver Updater
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8804140C-3144-4075-9526-1C662E26CA17}
DisplayName
Avast Driver Updater
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\C0414088441357045962C166E262AC71
Application
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\Features
Application
e7cH)[email protected]@87`+fu6_W)1C4zAu9~2Z)P[m`Tq'JZ4.,$B+7}[email protected]~E'%2fGZNePD2BqaEZ12hE][email protected]
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C0414088441357045962C166E262AC71\Patches
AllPatches
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C0414088441357045962C166E262AC71
ProductName
Avast Driver Updater
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C0414088441357045962C166E262AC71
PackageCode
E95FDDBA643ACF14692C4B1C26B02ED9
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C0414088441357045962C166E262AC71
Language
1033
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C0414088441357045962C166E262AC71
Version
33882117
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C0414088441357045962C166E262AC71
Assignment
1
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C0414088441357045962C166E262AC71
AdvertiseFlags
388
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C0414088441357045962C166E262AC71
ProductIcon
C:\Windows\Installer\{8804140C-3144-4075-9526-1C662E26CA17}\Icon.exe
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C0414088441357045962C166E262AC71
InstanceType
0
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C0414088441357045962C166E262AC71
AuthorizedLUAApp
0
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C0414088441357045962C166E262AC71
DeploymentFlags
3
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\E265C37BF9206654EA0B50EA65E3F6B7
C0414088441357045962C166E262AC71
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C0414088441357045962C166E262AC71\SourceList
PackageName
setup.msi
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C0414088441357045962C166E262AC71\SourceList\Net
1
C:\Users\Public\Documents\Downloaded Installers\{8804140C-3144-4075-9526-1C662E26CA17}\
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C0414088441357045962C166E262AC71\SourceList\Media
1
;
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C0414088441357045962C166E262AC71
Clients
:
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\C0414088441357045962C166E262AC71\SourceList
LastUsedSource
n;1;C:\Users\Public\Documents\Downloaded Installers\{8804140C-3144-4075-9526-1C662E26CA17}\
2652
msiexec.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings
StringCacheGeneration
96
2192
MsiExec.exe
delete key
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001
2192
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001
Owner
900800003C58F30256C1D401
2192
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001
SessionHash
8A30468DFA3B65F0E588DD0D978F3753B01A6D9D2D1B8EC781091A32FCE1C809
2192
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001
Sequence
1
2192
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001
RegFiles0000
C:\Program Files\Avast Driver Updater\Avast Driver Updater.exe
2192
MsiExec.exe
write
HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0001
RegFilesHash
9B354AE9974164DA0587E93170046E40D844AD7C1F3F217460DEBCD229C444C5
2192
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\SlimWare Utilities Inc\Avast Driver Updater\Registration
InstallationID
4DF5EC7401885F4F8AEBCAAEC600C7E7
2192
MsiExec.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
LanguageList
en-US
2192
MsiExec.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@%SystemRoot%\system32\p2pcollab.dll,-8042
Peer to Peer Trust
2192
MsiExec.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@%SystemRoot%\system32\qagentrt.dll,-10
System Health Authentication
2192
MsiExec.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@%SystemRoot%\system32\dnsapi.dll,-103
Domain Name System (DNS) Server Trust
2192
MsiExec.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@%SystemRoot%\System32\fveui.dll,-843
BitLocker Drive Encryption
2192
MsiExec.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
@%SystemRoot%\System32\fveui.dll,-844
BitLocker Data Recovery Agent
2192
MsiExec.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\75E0ABB6138512271C04F85FDDDE38E4B7242EFE
Blob
0400000001000000100000009414777E3E5EFD8F30BD41B0CFE7D0300F0000000100000014000000BF4D2C390BBF0AA3A2B7EA2DC751011BF5FD422E090000000100000068000000306606082B0601050507030106082B0601050507030206082B0601050507030306082B0601050507030406082B0601050507030806082B06010505070309060A2B0601040182370A030406082B0601050507030606082B0601050507030706082B060105050802020B000000010000005C00000047006F006F0067006C00650020005400720075007300740020005300650072007600690063006500730020002D00200047006C006F00620061006C005300690067006E00200052006F006F0074002000430041002D005200320000005300000001000000230000003021301F06092B06010401A032010130123010060A2B0601040182373C0101030200C0620000000100000020000000CA42DD41745FD0B81EB902362CF9D8BF719DA1BD1B1EFC946F5B4C99F42C1B9E1400000001000000140000009BE20757671C1EC06A06DE59B49A2DDFDC19862E1D000000010000001000000073621E116224668780B2D2BEE454E52E03000000010000001400000075E0ABB6138512271C04F85FDDDE38E4B7242EFE190000000100000010000000A8827A3CBD2D87D783B59B8062C87E9A2000000001000000BE030000308203BA308202A2A003020102020B0400000000010F8626E60D300D06092A864886F70D0101050500304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E301E170D3036313231353038303030305A170D3231313231353038303030305A304C3120301E060355040B1317476C6F62616C5369676E20526F6F74204341202D20523231133011060355040A130A476C6F62616C5369676E311330110603550403130A476C6F62616C5369676E30820122300D06092A864886F70D01010105000382010F003082010A0282010100A6CF240EBE2E6F28994542C4AB3E21549B0BD37F8470FA12B3CBBF875FC67F86D3B2305CD6FDADF17BDCE5F86096099210F5D053DEFB7B7E7388AC52887B4AA6CA49A65EA8A78C5A11BC7A82EBBE8CE9B3AC962507974A992A072FB41E77BF8A0FB5027C1B96B8C5B93A2CBCD612B9EB597DE2D006865F5E496AB5395E8834ECBC780C0898846CA8CD4BB4A07D0C794DF0B82DCB21CAD56C5B7DE1A02984A1F9D39449CB24629120BCDD0BD5D9CCF9EA270A2B7391C69D1BACC8CBE8E0A0F42F908B4DFBB0361BF6197A85E06DF26113885C9FE0930A51978A5ACEAFABD5F7AA09AA60BDDCD95FDF72A960135E0001C94AFA3FA4EA070321028E82CA03C29B8F0203010001A3819C308199300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E041604149BE20757671C1EC06A06DE59B49A2DDFDC19862E30360603551D1F042F302D302BA029A0278625687474703A2F2F63726C2E676C6F62616C7369676E2E6E65742F726F6F742D72322E63726C301F0603551D230418301680149BE20757671C1EC06A06DE59B49A2DDFDC19862E300D06092A864886F70D01010505000382010100998153871C68978691ECE04AB8440BAB81AC274FD6C1B81C4378B30C9AFCEA2C3C6E611B4D4B29F59F051D26C1B8E983006245B6A90893B9A9334B189AC2F887884EDBDD71341AC154DA463FE0D32AAB6D5422F53A62CD206FBA2989D7DD91EED35CA23EA15B41F5DFE564432DE9D539ABD2A2DFB78BD0C080191C45C02D8CE8F82DA4745649C505B54F15DE6E44783987A87EBBF3791891BBF46F9DC1F08C358C5D01FBC36DB9EF446D7946317E0AFEA982C1FFEFAB6E20C450C95F9D4D9B178C0CE501C9A0416A7353FAA550B46E250FFB4C18F4FD52D98E69B1E8110FDE88D8FB1D49F7AADE95CF2078C26012DB25408C6AFC7E4238406412F79E81E1932E
3348
Avast Driver Updater.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
setupapi.app.log
4096
3348
Avast Driver Updater.exe
write
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SWDUMon
BasePath
3348
Avast Driver Updater.exe
write
HKEY_CLASSES_ROOT\Local Settings\MuiCache\60\52C64B7E
LanguageList
en-US
3348
Avast Driver Updater.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avast Driver Updater_RASAPI32
EnableFileTracing
0
3348
Avast Driver Updater.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avast Driver Updater_RASAPI32
EnableConsoleTracing
0
3348
Avast Driver Updater.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avast Driver Updater_RASAPI32
FileTracingMask
4294901760
3348
Avast Driver Updater.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avast Driver Updater_RASAPI32
ConsoleTracingMask
4294901760
3348
Avast Driver Updater.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avast Driver Updater_RASAPI32
MaxFileSize
1048576
3348
Avast Driver Updater.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avast Driver Updater_RASAPI32
FileDirectory
%windir%\tracing
3348
Avast Driver Updater.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avast Driver Updater_RASMANCS
EnableFileTracing
0
3348
Avast Driver Updater.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avast Driver Updater_RASMANCS
EnableConsoleTracing
0
3348
Avast Driver Updater.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avast Driver Updater_RASMANCS
FileTracingMask
4294901760
3348
Avast Driver Updater.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avast Driver Updater_RASMANCS
ConsoleTracingMask
4294901760
3348
Avast Driver Updater.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avast Driver Updater_RASMANCS
MaxFileSize
1048576
3348
Avast Driver Updater.exe
write
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avast Driver Updater_RASMANCS
FileDirectory
%windir%\tracing
3348
Avast Driver Updater.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0
3348
Avast Driver Updater.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
SavedLegacySettings
4600000069000000010000000000000000000000000000000000000000000000C0E333BBEAB1D301000000000000000000000000020000001700000000000000FE800000000000007D6CB050D9C573F70B000000000000006D00330032005C004D00530049004D004700330032002E0064006C000100000004AA400014AA4000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000C0A8016400000000000000000000000000000000000000000800000000000000805D3F00983740000008000002000000000000600000002060040000B8A94000020000008802000060040000B8A9400004000000F8010000B284000088B64000B84B400043003A000000000000000000000000000000000000000000
3348
Avast Driver Updater.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
UNCAsIntranet
0
3348
Avast Driver Updater.exe
write
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
AutoDetect
1

Files activity

Executable files
8
Suspicious files
11
Text files
12
Unknown types
7

Dropped files

PID
Process
Filename
Type
2652
msiexec.exe
C:\Program Files\Avast Driver Updater\UnifiedLogger.dll
executable
MD5: 8770ee18be66188c8a6eb71a6ee2e9c9
SHA256: 20b133f1b0fc3ca4f02b15f1c271841a91404fad9b42027b465aab96495e4347
3348
Avast Driver Updater.exe
C:\Users\admin\AppData\Local\AVAST Software\Avast Driver Updater\SWDUMon.sys
executable
MD5: 98e6233cf9da80cc661216ecfa190fc0
SHA256: 0220c8e5e070c42711287ec5950be34e8b1f47a021465a065bd61cff9ca12828
2652
msiexec.exe
C:\Windows\Installer\MSIAE4D.tmp
executable
MD5: e707d5722efea405f6f255b107d1bfe5
SHA256: fefa76ca6c6f5f9de7d6523b516fecd5b471f248f2f84e771b0fbddc61bbae56
2652
msiexec.exe
C:\Windows\Installer\{8804140C-3144-4075-9526-1C662E26CA17}\Icon.exe
executable
MD5: b9e03c28965a2e2171115f1b7b433b0c
SHA256: 0fbd58c2b2f1a1a5f2c0f7f2064c65950244d0839bb90657e2ba82e2497f1dbc
2652
msiexec.exe
C:\Program Files\Avast Driver Updater\UninstallStub.exe
executable
MD5: 40cc0fd9735cf1ac4b95711a3d053063
SHA256: b84795a7d795c9a8fb655489bf8b189d72f9b3e48752455947c3050b8155a013
2652
msiexec.exe
C:\Program Files\Avast Driver Updater\DrvRst.exe
executable
MD5: 709b3f1d688f1f30577649d8629f7b8d
SHA256: fe917ba496cfa69e340bfd72975913c478c15898c6994d3e0c904d5f080e85e0
2652
msiexec.exe
C:\Program Files\Avast Driver Updater\Avast Driver Updater.exe
executable
MD5: fe934877a93386ea7a344c68a643c447
SHA256: 6baac60a703445e78ed0f55c032fbdf3b03692e61bd1fe8d6ad1243e240ea46e
3348
Avast Driver Updater.exe
C:\Windows\system32\DRIVERS\SWDUMon.sys
executable
MD5: 98e6233cf9da80cc661216ecfa190fc0
SHA256: 0220c8e5e070c42711287ec5950be34e8b1f47a021465a065bd61cff9ca12828
3348
Avast Driver Updater.exe
C:\Users\admin\AppData\Local\AVAST Software\Avast Driver Updater\settings.db-journal
––
MD5:  ––
SHA256:  ––
3348
Avast Driver Updater.exe
C:\Windows\system32\DRIVERS\SETE0A2.tmp
––
MD5:  ––
SHA256:  ––
3348
Avast Driver Updater.exe
C:\Windows\Tasks\Avast Driver Updater Startup.job
binary
MD5: 1f6de376e93759d968641c05f4d8cc82
SHA256: bd9ec6923716f3b191223a3ad6d20a5707fa8120d23881122a5b14066bbafb99
3348
Avast Driver Updater.exe
C:\Users\admin\AppData\Local\AVAST Software\Avast Driver Updater\SWDUMon.cat
cat
MD5: c13b56db283c7c5dfffd1317fb289650
SHA256: f862d7fdca5e974c77669c180551a979a34acde2abbb966a24acfa2e14719be7
3348
Avast Driver Updater.exe
C:\Users\admin\AppData\Local\AVAST Software\Avast Driver Updater\SWDUMon.inf
ini
MD5: de5d177a31729acdd6d8f8cbf2fca0f0
SHA256: 55af7630c99b0b52141dd6d5f8070c5634fb3932c8198d97d6ac42d345a5e522
844
svchost.exe
C:\Windows\appcompat\programs\RecentFileCache.bcf
txt
MD5: 325492cc11a69fe95d956301a3199ff0
SHA256: 9e98f1cc03e2c18751fdb26b3a9246d859981926f8d6bc4e5c7d753cf8c9babd
844
svchost.exe
C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_90059c37-1320-41a4-b58d-2b75a9850d2f
binary
MD5: 83efac43dd6a4f45d47ab1c6432e8974
SHA256: 814ad74bc6694f385b396f5c8b2bfd321b835af25d0b67498137f16862927ae4
2652
msiexec.exe
C:\Windows\Installer\19a735.ipi
binary
MD5: 50b3e360b76a630023dba61ed5e44137
SHA256: 4ca6cafa9cd277f092ef0625aa3d89e5b4060a5db064e96c10f4536018f2bfc1
2652
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DF701448E786B07082.TMP
––
MD5:  ––
SHA256:  ––
2652
msiexec.exe
C:\Config.Msi\19a736.rbs
––
MD5:  ––
SHA256:  ––
2652
msiexec.exe
C:\Windows\Installer\19a737.msi
––
MD5:  ––
SHA256:  ––
2652
msiexec.exe
C:\Users\Public\Desktop\Avast Driver Updater.lnk
lnk
MD5: 2d3a7ff34faa272b36d51663d74e3bb7
SHA256: f192eeee2ff5705c3b2111127dfccf6b9050b89e3fe5667b43e105d8b3c3a9cc
2652
msiexec.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater\Avast Driver Updater Help.lnk
lnk
MD5: 3c4bdeb2e0beb327f074fb3c5b24baa5
SHA256: 306ca61abb54a3b32a0f78ee88ce6125484eac88fca55aabd588df71b88c9287
2652
msiexec.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Driver Updater\Avast Driver Updater.lnk
lnk
MD5: 53cddb87254c8facb8d64c743f911768
SHA256: a9dc9b66f681ac465a9ca8b0ccf5f54f3eda7cf7dc1a236469a3844335bd5611
3348
Avast Driver Updater.exe
C:\Windows\Tasks\Avast Driver Updater Startup.job
binary
MD5: 3b2f55ace3ebc67edd0ff88bba728d15
SHA256: cc05e6ecde449d45b925ea7fe960bc453c371ca565b0a3d7a7c5d09f22104d2c
2652
msiexec.exe
C:\Program Files\Avast Driver Updater\Open-Source Licenses.txt
text
MD5: 2e39a7eb31cea878e849582cb252b7fe
SHA256: 2bc0390d55803c28a92a2166bba711c4da6a1e55098d27dae91f1f84f468b219
844
svchost.exe
C:\Windows\appcompat\programs\RecentFileCache.bcf
txt
MD5: f21900c7a25f863c30d1d846ea91370b
SHA256: 19e89ac099570546b4fb964a14d5e70b72ab17b892739ffe1a6111ad8404641f
844
svchost.exe
C:\Windows\appcompat\programs\RecentFileCache.bcf
txt
MD5: de017b7d0bbd9884b8ec7c0a88e34c91
SHA256: 718ce7faa05d8c002dfe845068342a79651144d6e9bac762c934c4c096fe1683
3348
Avast Driver Updater.exe
C:\Users\admin\AppData\Local\AVAST Software\Avast Driver Updater\supdates.db-journal
––
MD5:  ––
SHA256:  ––
3348
Avast Driver Updater.exe
C:\Windows\INF\setupapi.app.log
text
MD5: a9ebfb1275f3e61e23ffc5f56edef01b
SHA256: 39bdbc0988af3b7817e66bf8c3367819b0f1fdd9946f5de57f4081736c32e0f8
2652
msiexec.exe
C:\Windows\Installer\MSIABF8.tmp
binary
MD5: 116041e911aab1d52d3855f3c0963140
SHA256: c33eb8dcd7948d208c0881e9292baf1189bf5423023278caa7f45770cdc6f72b
2652
msiexec.exe
C:\Windows\Installer\19a735.ipi
binary
MD5: 3dc1cb885a45f52869bfde2141de5439
SHA256: 844861c848c90c6258b5a1340bd5314211039d2398482f8420b1545641262d50
2652
msiexec.exe
C:\Users\admin\AppData\Local\Temp\~DF28DA16B75A7A6DC8.TMP
––
MD5:  ––
SHA256:  ––
2652
msiexec.exe
C:\Windows\Installer\MSIAA80.tmp
––
MD5:  ––
SHA256:  ––
2652
msiexec.exe
C:\Users\admin\AppData\Local\Temp\TarA928.tmp
––
MD5:  ––
SHA256:  ––
2652
msiexec.exe
C:\Users\admin\AppData\Local\Temp\CabA927.tmp
––
MD5:  ––
SHA256:  ––
2652
msiexec.exe
C:\Windows\Installer\19a733.msi
––
MD5:  ––
SHA256:  ––
4036
avastdriverupdater.exe
C:\Users\Public\Documents\Downloaded Installers\{8804140C-3144-4075-9526-1C662E26CA17}\setup.msi
––
MD5:  ––
SHA256:  ––
4036
avastdriverupdater.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
binary
MD5: e72f3ef3cf8db199d5f911685ef59226
SHA256: 0c566a3ac9245a5918a1b739ca7aeb68312c95e175d49d1e6d0174045b8a3fe4
4036
avastdriverupdater.exe
C:\Users\admin\AppData\Local\Temp\TarA508.tmp
––
MD5:  ––
SHA256:  ––
4036
avastdriverupdater.exe
C:\Users\admin\AppData\Local\Temp\CabA507.tmp
––
MD5:  ––
SHA256:  ––
4036
avastdriverupdater.exe
C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
compressed
MD5: bb377df27a55c05bb3793cd1e125c869
SHA256: 3c4ec495f17d21cc236bc7238bc02728bd945c07157fbf875cac340269afc207
4036
avastdriverupdater.exe
C:\Users\admin\AppData\Local\Temp\TarA46A.tmp
––
MD5:  ––
SHA256:  ––
4036
avastdriverupdater.exe
C:\Users\admin\AppData\Local\Temp\CabA469.tmp
––
MD5:  ––
SHA256:  ––
4036
avastdriverupdater.exe
C:\Users\admin\AppData\Local\Temp\TarA439.tmp
––
MD5:  ––
SHA256:  ––
4036
avastdriverupdater.exe
C:\Users\admin\AppData\Local\Temp\CabA438.tmp
––
MD5:  ––
SHA256:  ––
4036
avastdriverupdater.exe
C:\Users\admin\AppData\Local\Temp\TarA427.tmp
––
MD5:  ––
SHA256:  ––
4036
avastdriverupdater.exe
C:\Users\admin\AppData\Local\Temp\CabA426.tmp
––
MD5:  ––
SHA256:  ––
4036
avastdriverupdater.exe
C:\Users\admin\AppData\Local\Temp\swu9977.tmp.msi
––
MD5:  ––
SHA256:  ––
4036
avastdriverupdater.exe
C:\Users\admin\AppData\Local\Temp\swu9977.tmp
––
MD5:  ––
SHA256:  ––
844
svchost.exe
C:\Windows\System32\Tasks\Avast Driver Updater Startup
xml
MD5: 383ad901f2ef298cfa892a72a0ca69c3
SHA256: 091ec8d1a226f1bb637d50042675c00bd335efdc71be3ab91e78dc324d52fd10

Find more information of the staic content and download it at the full report

Network activity

HTTP(S) requests
4
TCP/UDP connections
6
DNS requests
5
Threats
0

HTTP requests

PID Process Method HTTP Code IP URL CN Type Size Reputation
4036 avastdriverupdater.exe POST 404 52.1.73.23:80 http://apps-api.slimwareutilities.com/rpc/installer-data-update US
text
html
malicious
4036 avastdriverupdater.exe GET 200 13.32.24.232:80 http://download.driverupdate.net/downloads/avast/AvastDriverUpdater-setup.msi.bz2 US
compressed
whitelisted
4036 avastdriverupdater.exe GET 200 93.184.221.240:80 http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab US
compressed
whitelisted
3348 Avast Driver Updater.exe POST 200 52.1.73.23:80 http://apps-api.slimwareutilities.com/rpc/version-info US
text
text
malicious

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID Process IP ASN CN Reputation
4036 avastdriverupdater.exe 52.1.73.23:80 Amazon.com, Inc. US unknown
4036 avastdriverupdater.exe 13.32.24.232:80 Amazon.com, Inc. US unknown
4036 avastdriverupdater.exe 93.184.221.240:80 MCI Communications Services, Inc. d/b/a Verizon Business US whitelisted
2192 MsiExec.exe 216.58.207.78:443 Google Inc. US whitelisted
3348 Avast Driver Updater.exe 216.58.207.78:443 Google Inc. US whitelisted
3348 Avast Driver Updater.exe 52.1.73.23:80 Amazon.com, Inc. US unknown

DNS requests

Domain IP Reputation
apps-api.slimwareutilities.com 52.1.73.23
34.236.28.239
52.73.56.201
malicious
download.driverupdate.net 13.32.24.232
13.32.24.140
13.32.24.230
13.32.24.219
whitelisted
www.download.windowsupdate.com 93.184.221.240
whitelisted
www.google-analytics.com 216.58.207.78
whitelisted

Threats

No threats detected.

Debug output strings

Process Message
avastdriverupdater.exe Loading C:\Windows\system32\WINHTTP.DLL
avastdriverupdater.exe Loading C:\Windows\system32\WINHTTP.DLL
avastdriverupdater.exe Loading C:\Windows\system32\WINHTTP.DLL
avastdriverupdater.exe Loading C:\Windows\system32\WINHTTP.DLL
avastdriverupdater.exe Loading C:\Windows\system32\WINHTTP.DLL
avastdriverupdater.exe Loading C:\Windows\system32\WINHTTP.DLL
avastdriverupdater.exe Loading C:\Windows\system32\WINHTTP.DLL
avastdriverupdater.exe Loading C:\Windows\system32\WINHTTP.DLL
avastdriverupdater.exe Loading C:\Windows\system32\WINHTTP.DLL
avastdriverupdater.exe Loading C:\Windows\system32\WINHTTP.DLL
avastdriverupdater.exe Loading C:\Windows\system32\WINHTTP.DLL
avastdriverupdater.exe Loading C:\Windows\system32\WINHTTP.DLL
avastdriverupdater.exe Loading C:\Windows\system32\WINHTTP.DLL
avastdriverupdater.exe Loading C:\Windows\system32\WINHTTP.DLL
avastdriverupdater.exe Loading C:\Windows\system32\WINHTTP.DLL