Malware analysis Auslogics_Driver_Updater_v1.26.0.exe Malicious activity

Add for printing

File name:	Auslogics_Driver_Updater_v1.26.0.exe
Full analysis:	https://app.any.run/tasks/8bf97ed6-4d6c-45f8-988a-6b787d49b9e4
Verdict:	Malicious activity
Analysis date:	February 10, 2024, 20:24:13
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:	rurat
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	500133750866AD5A0B9CE3BB639DCBD5
SHA1:	1E9CD82A1ED78796D38356299E5CD2821CEF9C14
SHA256:	B9A0DFE4A7E9E20D7E6191FF9C2DCBCF321D70E66F45C0E3FFAC3CBC29AA75EA
SSDEEP:	98304:2tx6iT2RjOd3uk+6yC+0nb7bTWY4IV1aMyhc+PL/7mj2wkeg+0y/E/TUW0GLsv8L:ouN1mWSiQY+dG6+GFskOr++QEl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 240 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 180 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - Auslogics_Driver_Updater_v1.26.0.exe (PID: 2852)
  - DriverUpdater.exe (PID: 2636)
  - drvinst.exe (PID: 1636)
  - DPINST32.EXE (PID: 2404)
  - drvinst.exe (PID: 1036)
  - DPINST32.EXE (PID: 3504)
  - DPINST32.EXE (PID: 3260)
  - Auslogics_Driver_Updater_v1.26.0.tmp (PID: 2964)
  - drvinst.exe (PID: 2956)
- Rurat mutex has been detected
  - DriverUpdater.exe (PID: 2636)
- Actions looks like stealing of personal data
  - DriverUpdater.exe (PID: 2636)
- Creates a writable file in the system directory
  - drvinst.exe (PID: 1636)
  - drvinst.exe (PID: 1036)
  - drvinst.exe (PID: 2956)
SUSPICIOUS
- Process drops legitimate windows executable
  - Auslogics_Driver_Updater_v1.26.0.tmp (PID: 2964)
  - DriverUpdater.exe (PID: 2636)
  - DPINST32.EXE (PID: 2404)
  - drvinst.exe (PID: 1636)
  - DPINST32.EXE (PID: 3504)
  - drvinst.exe (PID: 1036)
  - DPINST32.EXE (PID: 3260)
  - drvinst.exe (PID: 2956)
- Executable content was dropped or overwritten
  - Auslogics_Driver_Updater_v1.26.0.exe (PID: 2852)
  - DriverUpdater.exe (PID: 2636)
  - DPINST32.EXE (PID: 2404)
  - drvinst.exe (PID: 1636)
  - DPINST32.EXE (PID: 3504)
  - Auslogics_Driver_Updater_v1.26.0.tmp (PID: 2964)
  - drvinst.exe (PID: 1036)
  - DPINST32.EXE (PID: 3260)
  - drvinst.exe (PID: 2956)
- Checks Windows Trust Settings
  - DriverUpdater.exe (PID: 2636)
- Reads security settings of Internet Explorer
  - DriverUpdater.exe (PID: 2636)
- Reads settings of System Certificates
  - DriverUpdater.exe (PID: 2636)
- Process drops SQLite DLL files
  - Auslogics_Driver_Updater_v1.26.0.tmp (PID: 2964)
- Executes as Windows Service
  - VSSVC.exe (PID: 2072)
- Reads the Internet Settings
  - DriverUpdater.exe (PID: 2636)
- Adds/modifies Windows certificates
  - DriverUpdater.exe (PID: 2636)
- Reads the BIOS version
  - DriverUpdater.exe (PID: 2636)
- Searches for installed software
  - DriverUpdater.exe (PID: 2636)
  - dllhost.exe (PID: 2320)
  - Auslogics_Driver_Updater_v1.26.0.tmp (PID: 2964)
- Drops a system driver (possible attempt to evade defenses)
  - DriverUpdater.exe (PID: 2636)
  - DPINST32.EXE (PID: 2404)
  - drvinst.exe (PID: 1636)
  - DPINST32.EXE (PID: 3504)
  - drvinst.exe (PID: 1036)
  - DPINST32.EXE (PID: 3260)
  - drvinst.exe (PID: 2956)
- Starts a Microsoft application from unusual location
  - DPINST32.EXE (PID: 2404)
  - DPINST32.EXE (PID: 3504)
  - DPINST32.EXE (PID: 3260)
- Creates files in the driver directory
  - drvinst.exe (PID: 1636)
  - drvinst.exe (PID: 1036)
  - drvinst.exe (PID: 2956)
- Reads the Windows owner or organization settings
  - Auslogics_Driver_Updater_v1.26.0.tmp (PID: 2964)
INFO
- Creates a software uninstall entry
  - Auslogics_Driver_Updater_v1.26.0.tmp (PID: 2964)
- Reads the computer name
  - Auslogics_Driver_Updater_v1.26.0.tmp (PID: 2964)
  - DriverUpdater.exe (PID: 2636)
  - DPINST32.EXE (PID: 2404)
  - drvinst.exe (PID: 1636)
  - drvinst.exe (PID: 1036)
  - DPINST32.EXE (PID: 3504)
  - DPINST32.EXE (PID: 3260)
  - drvinst.exe (PID: 2956)
- Create files in a temporary directory
  - Auslogics_Driver_Updater_v1.26.0.exe (PID: 2852)
  - DPINST32.EXE (PID: 2404)
  - DriverUpdater.exe (PID: 2636)
  - DPINST32.EXE (PID: 3504)
  - Auslogics_Driver_Updater_v1.26.0.tmp (PID: 2964)
  - DPINST32.EXE (PID: 3260)
- Checks supported languages
  - Auslogics_Driver_Updater_v1.26.0.exe (PID: 2852)
  - Auslogics_Driver_Updater_v1.26.0.tmp (PID: 2964)
  - DriverUpdater.exe (PID: 2636)
  - DPINST32.EXE (PID: 2404)
  - drvinst.exe (PID: 1636)
  - drvinst.exe (PID: 1036)
  - DPINST32.EXE (PID: 3504)
  - DPINST32.EXE (PID: 3260)
  - drvinst.exe (PID: 2956)
- Reads the software policy settings
  - DriverUpdater.exe (PID: 2636)
- Reads the machine GUID from the registry
  - DriverUpdater.exe (PID: 2636)
  - DPINST32.EXE (PID: 2404)
  - DPINST32.EXE (PID: 3504)
  - DPINST32.EXE (PID: 3260)
- Creates files in the program directory
  - DriverUpdater.exe (PID: 2636)
  - DPINST32.EXE (PID: 2404)
  - DPINST32.EXE (PID: 3504)
  - Auslogics_Driver_Updater_v1.26.0.tmp (PID: 2964)
  - DPINST32.EXE (PID: 3260)
- Process checks computer location settings
  - DriverUpdater.exe (PID: 2636)
- Reads Windows Product ID
  - DriverUpdater.exe (PID: 2636)
- Checks proxy server information
  - DriverUpdater.exe (PID: 2636)
- Creates files or folders in the user directory
  - DriverUpdater.exe (PID: 2636)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Inno Setup installer (81.5)
.exe	\|	Win32 Executable Delphi generic (10.5)
.exe	\|	Win32 Executable (generic) (3.3)
.exe	\|	Win16/32 Executable Delphi generic (1.5)
.exe	\|	Generic Win/DOS Executable (1.4)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2012:10:02 05:04:04+00:00
ImageFileCharacteristics:	No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType:	PE32
LinkerVersion:	2.25
CodeSize:	86016
InitializedDataSize:	109056
UninitializedDataSize:	-
EntryPoint:	0x16478
OSVersion:	5
ImageVersion:	6
SubsystemVersion:	5
Subsystem:	Windows GUI
FileVersionNumber:	1.26.0.0
ProductVersionNumber:	1.26.0.0
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	Neutral
CharacterSet:	Unicode
Comments:	This installation was built with Inno Setup.
CompanyName:	Auslogics Labs Pty Ltd. (RePack by Dodakaedr)
FileDescription:	Auslogics Driver Updater
FileVersion:	1.26.0.0
LegalCopyright:
ProductName:	Auslogics Driver Updater
ProductVersion:	1.26.0.0

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

1036

DrvInst.exe "4" "8" "C:\Users\admin\AppData\Local\Temp\{5ea7d9c3-7d11-3304-1253-211b33776f36}\cpu.inf" "0" "6baea0d2f" "000004D4" "WinSta0\Default" "0000060C" "208" "c:\users\admin\appdata\local\temp\9c70126b-78f9-46ed-b013-eb52c096414e\5d56e097f0885d94fc6cc9ce693f304b"

C:\Windows\System32\drvinst.exe

svchost.exe

User:

SYSTEM

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Driver Installation Module

Exit code:

3758096959

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

1636

DrvInst.exe "4" "8" "C:\Users\admin\AppData\Local\Temp\{3fd8e824-b3d7-74c6-4eaa-ef54cf84083b}\cpu.inf" "0" "6e4f9fd47" "000005E0" "WinSta0\Default" "000004D4" "208" "c:\users\admin\appdata\local\temp\6d32d2e1-a97d-4c13-b0c1-fe7a62cc08bf\421eaac2f006ec1cb9dc61cf77f0d1f1"

C:\Windows\System32\drvinst.exe

svchost.exe

User:

SYSTEM

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Driver Installation Module

Exit code:

3758096959

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

2072

C:\Windows\system32\vssvc.exe

C:\Windows\System32\VSSVC.exe

—

services.exe

User:

SYSTEM

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Microsoft® Volume Shadow Copy Service

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll

2160

"C:\Users\admin\AppData\Local\Temp\Auslogics_Driver_Updater_v1.26.0.exe"

C:\Users\admin\AppData\Local\Temp\Auslogics_Driver_Updater_v1.26.0.exe

—

explorer.exe

User:

admin

Company:

Auslogics Labs Pty Ltd. (RePack by Dodakaedr)

Integrity Level:

MEDIUM

Description:

Auslogics Driver Updater

Exit code:

3221226540

Version:

1.26.0.0

Modules

Images
c:\users\admin\appdata\local\temp\auslogics_driver_updater_v1.26.0.exe
c:\windows\system32\ntdll.dll

2320

C:\Windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}

C:\Windows\System32\dllhost.exe

—

svchost.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

COM Surrogate

Exit code:

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

2404

C:\Users\admin\AppData\Local\Temp\6D32D2E1-A97D-4C13-B0C1-FE7A62CC08BF\DPINST32.EXE

DriverUpdater.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Driver Package Installer

Exit code:

2147549184

Version:

2.1

Modules

Images
c:\users\admin\appdata\local\temp\6d32d2e1-a97d-4c13-b0c1-fe7a62cc08bf\dpinst32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll

2636

"C:\Program Files\Auslogics\Driver Updater\DriverUpdater.exe"

C:\Program Files\Auslogics\Driver Updater\DriverUpdater.exe

Auslogics_Driver_Updater_v1.26.0.tmp

User:

admin

Company:

Auslogics

Integrity Level:

HIGH

Description:

Driver Updater

Exit code:

Version:

1.26.0.0

Modules

Images
c:\program files\auslogics\driver updater\driverupdater.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll

2852

"C:\Users\admin\AppData\Local\Temp\Auslogics_Driver_Updater_v1.26.0.exe"

C:\Users\admin\AppData\Local\Temp\Auslogics_Driver_Updater_v1.26.0.exe

explorer.exe

User:

admin

Company:

Auslogics Labs Pty Ltd. (RePack by Dodakaedr)

Integrity Level:

HIGH

Description:

Auslogics Driver Updater

Exit code:

Version:

1.26.0.0

Modules

Images
c:\users\admin\appdata\local\temp\auslogics_driver_updater_v1.26.0.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

2956

DrvInst.exe "4" "8" "C:\Users\admin\AppData\Local\Temp\{10cf5d1a-ebb9-5d17-05ea-700a9705ca33}\mshdc.inf" "0" "6ed70c233" "0000060C" "WinSta0\Default" "000003F8" "208" "c:\users\admin\appdata\local\temp\3a4e438a-12b3-4f04-91e5-428d5bdbdec4\e718cd850583163909a865eba69d088a"

C:\Windows\System32\drvinst.exe

svchost.exe

User:

SYSTEM

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

Driver Installation Module

Exit code:

3758096959

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

Modules

Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll

2964

"C:\Users\admin\AppData\Local\Temp\is-PIPBN.tmp\Auslogics_Driver_Updater_v1.26.0.tmp" /SL5="$F0170,14265316,196096,C:\Users\admin\AppData\Local\Temp\Auslogics_Driver_Updater_v1.26.0.exe"

C:\Users\admin\AppData\Local\Temp\is-PIPBN.tmp\Auslogics_Driver_Updater_v1.26.0.tmp

Auslogics_Driver_Updater_v1.26.0.exe

User:

admin

Integrity Level:

HIGH

Description:

Setup/Uninstall

Exit code:

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-pipbn.tmp\auslogics_driver_updater_v1.26.0.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll

Add for printing

Total events

23 883

Read events

23 548

Write events

317

Delete events

Modification events


(PID) Process:	(2964) Auslogics_Driver_Updater_v1.26.0.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:	write	Name:	Owner
Value: 940B00006264F5245F5CDA01
(PID) Process:	(2964) Auslogics_Driver_Updater_v1.26.0.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:	write	Name:	SessionHash
Value: B8075BB68B85B30D2629F4FD4B55FC17269CF450E6793081DABF61066B38C99B
(PID) Process:	(2964) Auslogics_Driver_Updater_v1.26.0.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:	write	Name:	Sequence
Value: 1
(PID) Process:	(2964) Auslogics_Driver_Updater_v1.26.0.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:	write	Name:	RegFiles0000
Value: C:\Program Files\Auslogics\Driver Updater\ActionCenterHelper.dll
(PID) Process:	(2964) Auslogics_Driver_Updater_v1.26.0.tmp	Key:	HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:	write	Name:	RegFilesHash
Value: 701CF5997D411C72B2515960B05AB3F81BFBEA6B4EA2E98631116599E5D0E2CD
(PID) Process:	(2964) Auslogics_Driver_Updater_v1.26.0.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\Driver Updater\1.x\Settings
Operation:	write	Name:	General.IsRegistered
Value: 1
(PID) Process:	(2964) Auslogics_Driver_Updater_v1.26.0.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\Driver Updater\1.x\Settings
Operation:	write	Name:	General.Language
Value: RUS
(PID) Process:	(2964) Auslogics_Driver_Updater_v1.26.0.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\Driver Updater\1.x\Settings
Operation:	write	Name:	App.Application.SendInfo
Value: 0
(PID) Process:	(2964) Auslogics_Driver_Updater_v1.26.0.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\Driver Updater\1.x\Settings
Operation:	write	Name:	App.Application.AutostartEnable
Value: 0
(PID) Process:	(2964) Auslogics_Driver_Updater_v1.26.0.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Auslogics\Driver Updater\1.x\Settings
Operation:	write	Name:	Application.IsFirstRun
Value: 0

Add for printing

Executable files

165

Suspicious files

Text files

Unknown types

Dropped files

PID	Process	Filename		Type
2964	Auslogics_Driver_Updater_v1.26.0.tmp	C:\Users\admin\AppData\Local\Temp\is-7QGU3.tmp\_isetup\_shfoldr.dll		executable
		MD5:92DC6EF532FBB4A5C3201469A5B5EB63	SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
2964	Auslogics_Driver_Updater_v1.26.0.tmp	C:\Users\admin\AppData\Local\Temp\is-7QGU3.tmp\eng.jpg		image
		MD5:4AD999118697C0735EED9B5437E2DDD9	SHA256:EE6D8D45A073FF7C69012CF34B1FA4DAFED071E709F64143D57A42BE5BB6E7F4
2964	Auslogics_Driver_Updater_v1.26.0.tmp	C:\Users\admin\AppData\Local\Temp\is-7QGU3.tmp\iswin7logo.dll		executable
		MD5:7363A2A5949C9F613CDE458B89DEECB5	SHA256:196390762F6393024E0C5D33B037D497C5A8CFDD6C406719C05B0081D7E45CB5
2964	Auslogics_Driver_Updater_v1.26.0.tmp	C:\Users\admin\AppData\Local\Temp\is-7QGU3.tmp\Installer net.png		image
		MD5:1C5BFE3B17AE62449E5F9E42B762F33B	SHA256:567A2D3CEA865F672B63E6FF44FC7091173A79FA840C9D20286ECD5429029823
2964	Auslogics_Driver_Updater_v1.26.0.tmp	C:\Users\admin\AppData\Local\Temp\is-7QGU3.tmp\icon.png		image
		MD5:056DF69E2101DD1B0370B4021E17818F	SHA256:F6B3BB237018BC9F0845CC8693638CD375F6B9E9CE57B3723E5A078F50D04012
2964	Auslogics_Driver_Updater_v1.26.0.tmp	C:\Users\admin\AppData\Local\Temp\is-7QGU3.tmp\botva2.dll		executable
		MD5:EF899FA243C07B7B82B3A45F6EC36771	SHA256:DA7D0368712EE419952EB2640A65A7F24E39FB7872442ED4D2EE847EC4CFDE77
2852	Auslogics_Driver_Updater_v1.26.0.exe	C:\Users\admin\AppData\Local\Temp\is-PIPBN.tmp\Auslogics_Driver_Updater_v1.26.0.tmp		executable
		MD5:36A104C924469DB12D4741A397D39181	SHA256:4F35E3A48E3BDAD3A7CEB88C2FF257F77484FD6DB03C686877CF44A2E2B2095D
2964	Auslogics_Driver_Updater_v1.26.0.tmp	C:\Program Files\Auslogics\Driver Updater\is-0E9U9.tmp		executable
		MD5:134440801ED952214A66D40E33128A92	SHA256:0CD832F8BF3F2306C9CC7879FE507B49426CDAF32D850B1045D835DC84C74150
2964	Auslogics_Driver_Updater_v1.26.0.tmp	C:\Users\admin\AppData\Local\Temp\is-7QGU3.tmp\stac.png		image
		MD5:EAEC12CF0E741D23CBF1A100E7DEE23E	SHA256:B38E0315691ADF47090665EC21AEE0C0CB5014246CFE0EDF0C1F1FF36C45D2AC
2964	Auslogics_Driver_Updater_v1.26.0.tmp	C:\Users\admin\AppData\Local\Temp\is-7QGU3.tmp\Portable.png		image
		MD5:89475A0F65E50EE9C484967EBC348AB7	SHA256:5F9CA566D37E1F25D19BBF5F885862808CB6B3D1A4DBCCA5AF812A58AE6FEDF9

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
488	lsass.exe	GET	304	87.248.204.0:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?144111b1a3e00b48	unknown	—	—	unknown
488	lsass.exe	GET	200	18.173.185.228:80	http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D	unknown	binary	1.49 Kb	unknown
488	lsass.exe	GET	200	18.173.185.228:80	http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkzUBtJnwJkc3SmanzgxeYU%3D	unknown	binary	1.37 Kb	unknown
488	lsass.exe	GET	200	18.66.183.220:80	http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEA%2BHrpGtSM2fvOAqp0nhJVM%3D	unknown	binary	471 b	unknown
488	lsass.exe	GET	200	108.138.34.63:80	http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D	unknown	binary	2.02 Kb	unknown
2636	DriverUpdater.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAsllCLO2YEqFaBOmVKKDvo%3D	unknown	binary	471 b	unknown
2636	DriverUpdater.exe	GET	200	192.229.221.95:80	http://status.rapidssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRJiUKgT2m88fZ4nxc1Lu6M%2FjvkagQUDNtsgkkPSmcKuBTuesRIUojrVjgCEAdpVDZkciT8g1iEeh8ZYO0%3D	unknown	binary	471 b	unknown
1080	svchost.exe	GET	200	87.248.204.0:80	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0754c686571bd23f	unknown	compressed	65.2 Kb	unknown

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
4	System	192.168.100.255:138	—	—	—	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
2636	DriverUpdater.exe	44.241.182.253:443	auslgics.com	AMAZON-02	US	unknown
488	lsass.exe	87.248.204.0:80	ctldl.windowsupdate.com	LLNW	US	unknown
488	lsass.exe	108.138.34.63:80	o.ss2.us	AMAZON-02	US	unknown
488	lsass.exe	18.173.185.228:80	ocsp.rootg2.amazontrust.com	—	US	unknown
488	lsass.exe	18.66.183.220:80	ocsp.r2m03.amazontrust.com	AMAZON-02	US	unknown
2636	DriverUpdater.exe	51.81.185.149:443	du.auslogics.com	OVH SAS	US	unknown
2636	DriverUpdater.exe	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	whitelisted

DNS requests

Domain	IP	Reputation
auslgics.com	44.241.182.253 44.238.167.29	unknown
ctldl.windowsupdate.com	87.248.204.0	whitelisted
o.ss2.us	108.138.34.63 108.138.34.92 108.138.34.188 108.138.34.140	whitelisted
ocsp.rootg2.amazontrust.com	18.173.185.228	whitelisted
ocsp.rootca1.amazontrust.com	18.173.185.228	shared
ocsp.r2m03.amazontrust.com	18.66.183.220	unknown
du.auslogics.com	51.81.185.149	unknown
ocsp.digicert.com	192.229.221.95	whitelisted
status.rapidssl.com	192.229.221.95	shared
du-static.auslogics.com	108.138.36.121 108.138.36.32 108.138.36.81 108.138.36.17	unknown

Threats

Found threats are available for the paid subscriptions

1 ETPRO signatures available at the full report

Add for printing

No debug info

General Info

Auslogics_Driver_Updater_v1.26.0.exe

500133750866AD5A0B9CE3BB639DCBD5

1E9CD82A1ED78796D38356299E5CD2821CEF9C14

B9A0DFE4A7E9E20D7E6191FF9C2DCBCF321D70E66F45C0E3FFAC3CBC29AA75EA

98304:2tx6iT2RjOd3uk+6yC+0nb7bTWY4IV1aMyhc+PL/7mj2wkeg+0y/E/TUW0GLsv8L:ouN1mWSiQY+dG6+GFskOr++QEl

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

Rurat mutex has been detected

Actions looks like stealing of personal data

Creates a writable file in the system directory

SUSPICIOUS

Process drops legitimate windows executable

Executable content was dropped or overwritten

Checks Windows Trust Settings

Reads security settings of Internet Explorer

Reads settings of System Certificates

Process drops SQLite DLL files

Executes as Windows Service

Reads the Internet Settings

Adds/modifies Windows certificates

Reads the BIOS version

Searches for installed software

Drops a system driver (possible attempt to evade defenses)

Starts a Microsoft application from unusual location

Creates files in the driver directory

Reads the Windows owner or organization settings

INFO

Creates a software uninstall entry

Reads the computer name

Create files in a temporary directory

Checks supported languages

Reads the software policy settings

Reads the machine GUID from the registry

Creates files in the program directory

Process checks computer location settings

Reads Windows Product ID

Checks proxy server information

Creates files or folders in the user directory

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections