Edit tour

Windows Analysis Report
SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe
Analysis ID:	1493279
MD5:	aae583df54127e3d818b7fcb22cd6eeb
SHA1:	e5e1385917b0890a4848404a7abaec83c57dc6bb
SHA256:	b49426fdfdb854ffe38e429ae3f4fa6c2b29c4f4b902ce23ba83c7e09ebbed7b
Tags:	exe
Infos:

Detection

Score:	40
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Compliance

Score:	34
Range:	0 - 100

Signatures

Suricata IDS alerts for network traffic

Found API chain indicative of debugger detection

Found evasive API chain (may stop execution after checking system information)

Installs Task Scheduler Managed Wrapper

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Query firmware table information (likely to detect VMs)

Sigma detected: Dot net compiler compiles file from suspicious location

Uses netsh to modify the Windows network and firewall settings

Abnormal high CPU Usage

Adds / modifies Windows certificates

Allocates memory with a write watch (potentially for evading sandboxes)

Checks for available system drives (often done to infect USB drives)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Compiles C# or VB.Net code

Contains capabilities to detect virtual machines

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to shutdown / reboot the system

Contains long sleeps (>= 3 min)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates driver files

Creates files inside the system directory

Creates or modifies windows services

Deletes files inside the Windows folder

Detected potential crypto function

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Enables driver privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

May sleep (evasive loops) to hinder dynamic analysis

Modifies existing windows services

Queries disk information (often used to detect virtual machines)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Stores files to the Windows start menu directory

Stores large binary data to the registry

Suricata IDS alerts with low severity for network traffic

Too many similar processes found

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara detected Keylogger Generic

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe (PID: 7424 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe" MD5: AAE583DF54127E3D818B7FCB22CD6EEB)

DriverSupport.exe (PID: 7720 cmdline: "C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:"" MD5: 4FDEDFFF4D3DAE398264E0338D536F3B)

ngen.exe (PID: 7796 cmdline: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe" install "C:\Program Files (x86)\Driver Support\DriverSupport.exe" /silent MD5: C163A1EF951B090FC27B78BF3D850394)

conhost.exe (PID: 7808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mscorsvw.exe (PID: 7860 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 210 -Pipe 218 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 7948 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b4 -InterruptEvent 0 -NGENProcess 290 -Pipe 2a8 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 8056 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 294 -InterruptEvent 0 -NGENProcess 2b4 -Pipe 28c -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 8116 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c4 -InterruptEvent 0 -NGENProcess 294 -Pipe 2c8 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 8156 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 210 -InterruptEvent 0 -NGENProcess 2c4 -Pipe 29c -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 7200 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 294 -Pipe 2c4 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 2568 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2cc -InterruptEvent 0 -NGENProcess 294 -Pipe 2b4 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 6496 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 0 -NGENProcess 21c -Pipe 2e0 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 5172 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2dc -InterruptEvent 0 -NGENProcess 2d8 -Pipe 2f4 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 7312 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 300 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 294 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 7492 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 2d0 -Pipe 2fc -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 1696 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 314 -Pipe 294 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 5716 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2f0 -Pipe 21c -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 2724 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 0 -NGENProcess 308 -Pipe 2d0 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 7584 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 30c -Pipe 300 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 932 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 0 -NGENProcess 30c -Pipe 320 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 1236 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 31c -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 7540 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 2e8 -Pipe 290 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 1432 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 210 -InterruptEvent 0 -NGENProcess 2a0 -Pipe 304 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 7756 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 0 -NGENProcess 2d8 -Pipe 2e4 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 4088 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 2a0 -Pipe 2b8 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 7912 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 268 -InterruptEvent 0 -NGENProcess 2e8 -Pipe 214 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 5676 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 224 -InterruptEvent 0 -NGENProcess 210 -Pipe 2d8 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 6864 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 30c -Pipe 224 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 7984 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 2dc -Pipe 2f0 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 6184 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 30c -Pipe 324 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 8076 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 310 -Pipe 318 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 5184 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 314 -InterruptEvent 0 -NGENProcess 310 -Pipe 32c -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

ngen.exe (PID: 8172 cmdline: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe" install "C:\Program Files (x86)\Driver Support\DriverSupport.Updater.exe" /silent MD5: C163A1EF951B090FC27B78BF3D850394)

conhost.exe (PID: 8180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mscorsvw.exe (PID: 1544 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 20c -Pipe 218 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

mscorsvw.exe (PID: 1068 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 2b4 -Pipe 2c4 -Comment "NGen Worker Process" MD5: D7365B80E8951DDC95F3A8E3AC01D37D)

DriverSupport.exe (PID: 7344 cmdline: "C:\Program Files (x86)\Driver Support\DriverSupport.exe" /action:LaunchScanResultURL /applicationMode:systemTray /showWelcome:false /tid: /sid: /iid: /resultFilter:outofdate /useFastScan:true /scanSystem:true /scanUnplugged:false /sap:true /dialogStatus:true /scanVeloxum:true /hasVeloxum:true /startingDDIP:HomeNoResults /navigateToDDIP:Results /epid:7720 MD5: B817A3469F1909432A76C6FEAA8F2B91)

dllhost.exe (PID: 824 cmdline: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} MD5: 08EB78E5BE019DF044C26B14703BD1FA)

csc.exe (PID: 4592 cmdline: "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xdix_tkb.cmdline" MD5: 953344403C93E6FBB8C573273D645242)

conhost.exe (PID: 7348 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cvtres.exe (PID: 7232 cmdline: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESE380.tmp" "c:\Users\user\AppData\Local\Temp\CSCE37F.tmp" MD5: 3FDA06F8AA40293397F58A687EEABC1F)

csc.exe (PID: 1988 cmdline: "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1cwryiam.cmdline" MD5: 953344403C93E6FBB8C573273D645242)

conhost.exe (PID: 2252 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cvtres.exe (PID: 5664 cmdline: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESEA18.tmp" "c:\Users\user\AppData\Local\Temp\CSCEA17.tmp" MD5: 3FDA06F8AA40293397F58A687EEABC1F)

netsh.exe (PID: 7604 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 7616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 7592 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 7584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

csc.exe (PID: 7588 cmdline: "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\omwb8eue.cmdline" MD5: 953344403C93E6FBB8C573273D645242)

conhost.exe (PID: 5212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cvtres.exe (PID: 5928 cmdline: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESF478.tmp" "c:\Users\user\AppData\Local\Temp\CSCF467.tmp" MD5: 3FDA06F8AA40293397F58A687EEABC1F)

netsh.exe (PID: 7564 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/uxstate/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 7648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 5168 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/uxstate/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 3468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 7652 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/license/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 7668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 3104 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/license/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 1668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 4408 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/driverscan/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 4908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 5916 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/driverscan/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 1712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 2484 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/license/status/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 2188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 7532 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/license/status/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 7436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 7352 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/tests/progress/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 7780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 5804 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/tests/progress/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 7932 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 7712 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/media/status/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 7860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 7776 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/media/status/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 8036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 3796 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/system/data/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 3520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 7876 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/system/data/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 6320 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 7888 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/client/status/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 6468 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 4088 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/client/status/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 7944 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/client/reboot/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 6908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 7924 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/client/reboot/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 7968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 6416 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/client/apiinfo/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 7112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 6200 cmdline: "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/client/apiinfo/ sddl=D:(A;;GX;;;S-1-1-0) MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

conhost.exe (PID: 6164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

csc.exe (PID: 2000 cmdline: "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\nujzoc0o.cmdline" MD5: 953344403C93E6FBB8C573273D645242)

conhost.exe (PID: 332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cvtres.exe (PID: 5664 cmdline: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESFB3E.tmp" "c:\Users\user\AppData\Local\Temp\CSCFB3D.tmp" MD5: 3FDA06F8AA40293397F58A687EEABC1F)

csc.exe (PID: 1988 cmdline: "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j12i-fj-.cmdline" MD5: 953344403C93E6FBB8C573273D645242)

conhost.exe (PID: 7492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cvtres.exe (PID: 1144 cmdline: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESFF74.tmp" "c:\Users\user\AppData\Local\Temp\CSCFF64.tmp" MD5: 3FDA06F8AA40293397F58A687EEABC1F)

csc.exe (PID: 6480 cmdline: "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2qmjnycu.cmdline" MD5: 953344403C93E6FBB8C573273D645242)

conhost.exe (PID: 7976 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cvtres.exe (PID: 4420 cmdline: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES57F.tmp" "c:\Users\user\AppData\Local\Temp\CSC57E.tmp" MD5: 3FDA06F8AA40293397F58A687EEABC1F)

csc.exe (PID: 6820 cmdline: "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eudbxj3q.cmdline" MD5: 953344403C93E6FBB8C573273D645242)

conhost.exe (PID: 1432 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cvtres.exe (PID: 4908 cmdline: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESE2A.tmp" "c:\Users\user\AppData\Local\Temp\CSCE29.tmp" MD5: 3FDA06F8AA40293397F58A687EEABC1F)

powershell.exe (PID: 5576 cmdline: "C:\Windows\system32\WindowsPowerShell\v1.0\Powershell.exe" CheckNetIsolation LoopbackExempt -a -n='Microsoft.MicrosoftEdge_8wekyb3d8bbwe' MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 5016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

CheckNetIsolation.exe (PID: 7980 cmdline: "C:\Windows\system32\CheckNetIsolation.exe" LoopbackExempt -a -n=Microsoft.MicrosoftEdge_8wekyb3d8bbwe MD5: 03CF7163B4837A001BD4667A8880D6CD)

Agent.CPU.exe (PID: 8184 cmdline: "C:\Program Files (x86)\Driver Support\Agent.CPU.exe" MD5: 00A9A57A40D73E4F3C27F57933CCDC43)

csc.exe (PID: 1228 cmdline: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\pxf0sjbm.cmdline" MD5: 2B9482EB5D3AF71029277E18F6C656C0)

conhost.exe (PID: 7812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cvtres.exe (PID: 6908 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES22CB.tmp" "c:\Users\user\AppData\Local\Temp\CSC22CA.tmp" MD5: E118330B4629B12368D91B9DF6488BE0)

csc.exe (PID: 5124 cmdline: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\136audgz.cmdline" MD5: 2B9482EB5D3AF71029277E18F6C656C0)

conhost.exe (PID: 2380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cvtres.exe (PID: 6972 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2433.tmp" "c:\Users\user\AppData\Local\Temp\CSC2422.tmp" MD5: E118330B4629B12368D91B9DF6488BE0)

csc.exe (PID: 7160 cmdline: "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2czp_euq.cmdline" MD5: 953344403C93E6FBB8C573273D645242)

conhost.exe (PID: 7660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cvtres.exe (PID: 7816 cmdline: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES34AD.tmp" "c:\Users\user\AppData\Local\Temp\CSC34AC.tmp" MD5: 3FDA06F8AA40293397F58A687EEABC1F)

csc.exe (PID: 7112 cmdline: "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eqfsbx8e.cmdline" MD5: 953344403C93E6FBB8C573273D645242)

conhost.exe (PID: 8052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cvtres.exe (PID: 1544 cmdline: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3895.tmp" "c:\Users\user\AppData\Local\Temp\CSC3894.tmp" MD5: 3FDA06F8AA40293397F58A687EEABC1F)

csc.exe (PID: 8132 cmdline: "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\uy5zsjsg.cmdline" MD5: 953344403C93E6FBB8C573273D645242)

conhost.exe (PID: 7576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cvtres.exe (PID: 2664 cmdline: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES39FD.tmp" "c:\Users\user\AppData\Local\Temp\CSC39FC.tmp" MD5: 3FDA06F8AA40293397F58A687EEABC1F)

csc.exe (PID: 6072 cmdline: "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eg-h6dx3.cmdline" MD5: 953344403C93E6FBB8C573273D645242)

conhost.exe (PID: 7992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

svchost.exe (PID: 7504 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

DriverSupport.exe (PID: 7936 cmdline: "C:\Program Files (x86)\Driver Support\DriverSupport.exe" /applicationMode:systemTray /showWelcome:false MD5: B817A3469F1909432A76C6FEAA8F2B91)

DriverSupport.exe (PID: 8188 cmdline: "C:\Program Files (x86)\Driver Support\DriverSupport.exe" /showWelcome:false /action:checkRuleManifests /applicationMode:current MD5: B817A3469F1909432A76C6FEAA8F2B91)

DriverSupport.exe (PID: 2492 cmdline: "C:\Program Files (x86)\Driver Support\DriverSupport.exe" /showWelcome:false /action:scheduledScan /applicationMode:current MD5: B817A3469F1909432A76C6FEAA8F2B91)

DriverSupport.exe (PID: 7900 cmdline: "C:\Program Files (x86)\Driver Support\DriverSupport.exe" /showWelcome:false /action:checkForUpdate /applicationMode:current MD5: B817A3469F1909432A76C6FEAA8F2B91)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author
C:\Program Files (x86)\Driver Support\Common.dll	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP959E.tmp\Common.dll	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
C:\Users\user\AppData\Local\Temp\nsz71DA.tmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000027.00000002.3680270900.0000000014BF6000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000072.00000002.2413421231.0000000005102000.00000002.00000001.01000000.00000022.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000072.00000002.2419305324.0000000069898000.00000020.00000001.01000000.00000025.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: DriverSupport.exe PID: 7720	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: DriverSupport.exe PID: 7344	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: Agent.CPU.exe PID: 8184	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author
114.2.Agent.CPU.exe.5100000.5.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
39.2.DriverSupport.exe.14bf88e8.16.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
4.2.DriverSupport.exe.31e19c3.47.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
39.2.DriverSupport.exe.144a7300.30.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
39.2.DriverSupport.exe.144a7300.30.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
114.2.Agent.CPU.exe.697d0000.14.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
39.2.DriverSupport.exe.14bf88e8.16.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
4.2.DriverSupport.exe.31c5e53.4.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
4.2.DriverSupport.exe.31f2e47.34.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
39.2.DriverSupport.exe.1442de50.21.raw.unpack	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Click to see the 5 entries

Sigma Signatures

Sigma detected: Dynamic CSharp Compile Artefact

Source: File created

Author: frack113: Data: EventID: 11, Image: C:\Program Files (x86)\Driver Support\DriverSupport.exe, ProcessId: 7344, TargetFilename: C:\Users\user\AppData\Local\Temp\xdix_tkb.cmdline

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\system32\WindowsPowerShell\v1.0\Powershell.exe" CheckNetIsolation LoopbackExempt -a -n='Microsoft.MicrosoftEdge_8wekyb3d8bbwe', CommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\Powershell.exe" CheckNetIsolation LoopbackExempt -a -n='Microsoft.MicrosoftEdge_8wekyb3d8bbwe', CommandLine|base64offset|contains: "%j, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Program Files (x86)\Driver Support\DriverSupport.exe" /action:LaunchScanResultURL /applicationMode:systemTray /showWelcome:false /tid: /sid: /iid: /resultFilter:outofdate /useFastScan:true /scanSystem:true /scanUnplugged:false /sap:true /dialogStatus:true /scanVeloxum:true /hasVeloxum:true /startingDDIP:HomeNoResults /navigateToDDIP:Results /epid:7720, ParentImage: C:\Program Files (x86)\Driver Support\DriverSupport.exe, ParentProcessId: 7344, ParentProcessName: DriverSupport.exe, ProcessCommandLine: "C:\Windows\system32\WindowsPowerShell\v1.0\Powershell.exe" CheckNetIsolation LoopbackExempt -a -n='Microsoft.MicrosoftEdge_8wekyb3d8bbwe', ProcessId: 5576, ProcessName: powershell.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7504, ProcessName: svchost.exe

Data Obfuscation

Sigma detected: Dot net compiler compiles file from suspicious location

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xdix_tkb.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xdix_tkb.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe, ParentCommandLine: "C:\Program Files (x86)\Driver Support\DriverSupport.exe" /action:LaunchScanResultURL /applicationMode:systemTray /showWelcome:false /tid: /sid: /iid: /resultFilter:outofdate /useFastScan:true /scanSystem:true /scanUnplugged:false /sap:true /dialogStatus:true /scanVeloxum:true /hasVeloxum:true /startingDDIP:HomeNoResults /navigateToDDIP:Results /epid:7720, ParentImage: C:\Program Files (x86)\Driver Support\DriverSupport.exe, ParentProcessId: 7344, ParentProcessName: DriverSupport.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xdix_tkb.cmdline", ProcessId: 4592, ProcessName: csc.exe

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.4 - Destination IP: 13.84.181.47

Timestamp:	2024-08-15T11:49:07.240955+0200
SID:	2803305
Severity:	3
Source Port:	49763
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Common Downloader Header Pattern H - Source IP: 192.168.2.4 - Destination IP: 13.84.181.47

Timestamp:	2024-08-15T11:49:20.505083+0200
SID:	2803305
Severity:	3
Source Port:	49782
Destination Port:	443
Protocol:	TCP
Classtype:	Unknown Traffic

ETPRO MALWARE Win32/Agent.QP Requesting Payload - Source IP: 192.168.2.4 - Destination IP: 152.199.19.161

Timestamp:	2024-08-15T11:48:00.127862+0200
SID:	2833314
Severity:	1
Source Port:	49738
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Compliance

Uses 32bit PE files

Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 13.107.246.73:443 -> 192.168.2.4:49755 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.246.73:443 -> 192.168.2.4:49754 version: TLS 1.0

Creates a software uninstall entry

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverSupport

Jump to behavior

PE / OLE file has a valid certificate

Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Static PE information: certificate valid

Uses new MSVCR Dlls

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Binary contains paths to debug symbols

Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\fr\Agent.Common.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Common.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014BF6000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, Agent.CPU.exe, 00000072.00000002.2413421231.0000000005102000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\DriverDetective\Client.ThemePack\DriverSupport\obj\Release\ThemePack.DriverSupport.pdb,3 source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3871585270.000000002129A000.00000002.00000001.01000000.00000034.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.Updater.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /.C:\Users\user\AppData\Local\Temp\aj-eeo8o.pdbP source: DriverSupport.exe, 00000027.00000002.3632606934.0000000004942000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\cpuid\applications\CPUIDSDK\makefiles\win32_dll\vc2008\Release\cpuidsdk.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417375507.0000000010096000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: t.pdb source: DriverSupport.exe, 0000006A.00000002.2500095990.0000000001DE9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\es\Agent.Communication.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\RuleEngine.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3845152659.000000001D7F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.Communication.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.Common.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013E67000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, Agent.CPU.exe, 00000072.00000002.2427225820.0000000069F1A000.00000020.00000001.01000000.00000023.sdmp, Agent.CPU.exe, 00000072.00000002.2412808249.0000000004E12000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\pt-BR\Agent.Communication.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\DriverDetective\ExceptionLogging\obj\Release\ExceptionLogging.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, Agent.CPU.exe, Agent.CPU.exe, 00000072.00000002.2412573540.0000000004D62000.00000002.00000001.01000000.00000021.sdmp, Agent.CPU.exe, 00000072.00000002.2430705312.000000006F816000.00000020.00000001.01000000.00000026.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\es\Agent.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\pt-BR\Agent.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\de\Agent.Common.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\pt-BR\Agent.Updater.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\fr\Agent.Common.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws\RuleEngine.pdbpdbine.pdb source: DriverSupport.exe, 00000027.00000002.3845152659.000000001D7F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws\Common.pdbpdbmon.pdbEC source: DriverSupport.exe, 00000068.00000002.2515211784.0000000002186000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\pt-BR\Agent.Common.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\pt-BR\Agent.Communication.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\pt-BR\Agent.Common.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\pt-BR\Agent.Updater.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.Communication.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\es\Agent.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /.C:\Users\user\AppData\Local\Temp\a9l5a1sr.pdbp~ source: DriverSupport.exe, 00000027.00000002.3632606934.00000000047F8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\DriverDetective\Client.ThemePack\DriverSupport\obj\Release\ThemePack.DriverSupport.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3871585270.000000002129A000.00000002.00000001.01000000.00000034.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /.C:\Users\user\AppData\Local\Temp\-nsuveg8.pdbp~ source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\de\Agent.Updater.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Common.pdb\Micros source: DriverSupport.exe, 00000068.00000002.2515211784.0000000002186000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\fr\Agent.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\de\Agent.Communication.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\Application Blocks\ObjectBuilder\obj\Release\Microsoft.Practices.ObjectBuilder.pdbL source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3906729718.0000000023AB2000.00000002.00000001.01000000.0000003A.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\fr\Agent.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\dll\Common.pdb source: DriverSupport.exe, 00000027.00000002.3632214229.00000000022B6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006B.00000002.2518778946.0000000001F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\DriverDetective\Client.ExceptionLogging\obj\Release\Agent.ExceptionLogging.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\it\Agent.Updater.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /.C:\Users\user\AppData\Local\Temp\vmwxj0vz.pdbp~ source: DriverSupport.exe, 00000027.00000002.3632606934.0000000004942000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\WK\NsisDotNetChecker\plugin\Release\DotNetChecker.pdb source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\es\Agent.Updater.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\it\Agent.Updater.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\Visual Studio 2010\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3870779447.0000000021102000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\Application Blocks\Common\obj\Release\Microsoft.Practices.EnterpriseLibrary.Common.pdb(C source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003591000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3843998573.000000001D712000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.CPU.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014BF6000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000000.2362385656.0000000000272000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\it\Agent.Common.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Common.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014BF6000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2413421231.0000000005102000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: C:\Program Files (x86)\Driver Support\Common.pdb;.J source: DriverSupport.exe, 00000068.00000002.2515211784.0000000002186000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\RuleEngine.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3845152659.000000001D7F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\Application Blocks\ActivationProcessors\obj\Release\Microsoft.ApplicationBlocks.Updater.ActivationProcessors.pdb,I source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\es\Agent.Updater.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\cpuid\applications\cpuidsdk\driver\sys_cpuz_143\objfre_wxp_x86\i386\cpuz143_x32.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001650B000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417618642.00000000100BC000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\fr\Agent.Communication.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\fr\Agent.Communication.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Program Files (x86)\Driver Support\RuleEngine.pdb source: DriverSupport.exe, 00000027.00000002.3845152659.000000001D7F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Agent.Common.pdb source: DriverSupport.exe, 00000027.00000002.3632214229.00000000022B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\de\Agent.Updater.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: amBuild\Agent.Common.pdb`!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ source: DriverSupport.exe, 00000027.00000002.3632214229.00000000022B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\Application Blocks\ActivationProcessors\obj\Release\Microsoft.ApplicationBlocks.Updater.ActivationProcessors.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\DriverDetective\ISUninstall\obj\Release\ISUninstall.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Common.pdbg 8, GII source: DriverSupport.exe, 00000068.00000002.2515211784.0000000002186000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\es\Agent.Common.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /.C:\Users\user\AppData\Local\Temp\dftx7twl.pdbp~ source: DriverSupport.exe, 00000027.00000002.3632606934.00000000048E3000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\it\Agent.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\symbols\dll\Common.pdbLI source: DriverSupport.exe, 00000066.00000002.2518714155.0000000001E66000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006A.00000002.2521403993.0000000002386000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006B.00000002.2518778946.0000000001F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\cpuid\applications\cpuidsdk\driver\sys_cpuz_143\objfre_win7_ia64\ia64\cpuz143_ia64.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001650B000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417618642.00000000100BC000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\it\Agent.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.Common.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013E67000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2412808249.0000000004E12000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\fr\Agent.Updater.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\symbols\dll\RuleEngine.pdb source: DriverSupport.exe, 00000027.00000002.3845152659.000000001D7F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Common.pdb source: DriverSupport.exe, 00000027.00000002.3632214229.00000000022B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Program Files (x86)\Driver Support\Common.pdbyst source: DriverSupport.exe, 00000066.00000002.2518714155.0000000001E66000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006A.00000002.2521403993.0000000002386000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006B.00000002.2518778946.0000000001F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\de\Agent.Common.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\symbols\dll\Common.pdb4 source: DriverSupport.exe, 00000068.00000002.2515211784.0000000002186000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\Application Blocks\Common\obj\Release\Microsoft.Practices.EnterpriseLibrary.Common.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003591000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3843998573.000000001D712000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\es\Agent.Communication.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws\dll\Agent.Communication.pdb source: DriverSupport.exe, 00000027.00000002.3632214229.00000000022B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\dll\Common.pdb7 source: DriverSupport.exe, 0000006A.00000002.2521403993.0000000002386000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Common.pdbive=C: source: DriverSupport.exe, 00000066.00000002.2518714155.0000000001E66000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006A.00000002.2521403993.0000000002386000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006B.00000002.2518778946.0000000001F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /.C:\Users\user\AppData\Local\Temp\a9l5a1sr.pdbP source: DriverSupport.exe, 00000027.00000002.3632606934.00000000046DC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\Application Blocks\Updater\obj\Release\Microsoft.ApplicationBlocks.Updater.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003571000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3876714906.0000000021462000.00000002.00000001.01000000.00000036.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\it\Agent.Communication.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: t.pdbo source: DriverSupport.exe, 00000066.00000002.2500952321.0000000001A23000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\it\Agent.Common.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\dll\Common.pdb+ source: DriverSupport.exe, 00000066.00000002.2518714155.0000000001E66000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\it\Agent.Communication.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: forms\TeamBuild\Agent.Communication.pdb source: DriverSupport.exe, 00000027.00000002.3632214229.00000000022B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\pt-BR\Agent.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /.C:\Users\user\AppData\Local\Temp\vmwxj0vz.pdbP source: DriverSupport.exe, 00000027.00000002.3632606934.00000000048E3000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\fr\Agent.Updater.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\Application Blocks\Downloaders\obj\Release\Microsoft.ApplicationBlocks.Updater.Downloaders.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003591000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\es\Agent.Common.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws\Common.pdbpdbmon.pdb\P source: DriverSupport.exe, 00000066.00000002.2518714155.0000000001E66000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006A.00000002.2521403993.0000000002386000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006B.00000002.2518778946.0000000001F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\dll\RuleEngine.pdb source: DriverSupport.exe, 00000027.00000002.3845152659.000000001D7F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.Updater.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.CPU.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014BF6000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000000.2362385656.0000000000272000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\de\Agent.Communication.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\cpuid\applications\cpuidsdk\driver\sys_cpuz_143\objfre_win7_amd64\amd64\cpuz143_x64.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001650B000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417618642.00000000100BC000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: /.C:\Users\user\AppData\Local\Temp\aj-eeo8o.pdbp~ source: DriverSupport.exe, 00000027.00000002.3632606934.0000000004995000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\Application Blocks\ObjectBuilder\obj\Release\Microsoft.Practices.ObjectBuilder.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3906729718.0000000023AB2000.00000002.00000001.01000000.0000003A.sdmp
Source:	Binary string: /.C:\Users\user\AppData\Local\Temp\dftx7twl.pdbP source: DriverSupport.exe, 00000027.00000002.3632606934.0000000004880000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Common.pdbh=%Prog source: DriverSupport.exe, 00000066.00000002.2518714155.0000000001E66000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006A.00000002.2521403993.0000000002386000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006B.00000002.2518778946.0000000001F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\Application Blocks\Cryptography\obj\Release\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035B5000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3844786117.000000001D7A2000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: C:\Windows\dll\Common.pdbBz source: DriverSupport.exe, 00000068.00000002.2515211784.0000000002186000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\RuleEngine.pdb, source: DriverSupport.exe, 00000027.00000002.3632214229.00000000022B6000.00000004.00000020.00020000.00000000.sdmp

Spreading

Checks for available system drives (often done to infect USB drives)

Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: y:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: x:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: w:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: v:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: u:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: t:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: s:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: r:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: q:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: p:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: o:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: n:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: m:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: l:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: k:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: j:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: i:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: h:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: g:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: f:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: e:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: d:
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	File opened: c:

Creates COM task schedule object (often to register a task for autostart)

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Code function: 0_2_00406167 FindFirstFileA,FindClose,	0_2_00406167
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Code function: 0_2_00405705 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405705
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Code function: 0_2_00402688 FindFirstFileA,	0_2_00402688
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Code function: 4_2_00406167 FindFirstFileA,FindClose,	4_2_00406167
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Code function: 4_2_00405705 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	4_2_00405705
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Code function: 4_2_00402688 FindFirstFileA,	4_2_00402688

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\NULL
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\NULL
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File opened: C:\Users\user\AppData\Local\Temp\acrocef_low\NULL
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat

Software Vulnerabilities

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe

Code function: 4x nop then mov word ptr [ebp+30h], 000Bh

39_2_00007FFD9C63A7AB

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2833314 - Severity 1 - ETPRO MALWARE Win32/Agent.QP Requesting Payload : 192.168.2.4:49738 -> 152.199.19.161:80

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET /drivers/46ba61258d89448bb7bc738033772e67/vmware2.png HTTP/1.1Host: driversupport-fms.azureedge.netConnection: Close
Source: global traffic	HTTP traffic detected: GET /drivers/51e8f6c34f7e075d1cf1648791da3acc/VMware1.png HTTP/1.1Host: driversupport-fms.azureedge.netConnection: Close
Source: global traffic	HTTP traffic detected: GET /driverdetective/dd.html HTTP/1.1Host: downloads.drivershq.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /DriverSupport/SmartClient/Branch15/DriverSupportManifest.xml HTTP/1.1Host: downloads.drivershq.comConnection: Keep-Alive

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49763 -> 13.84.181.47:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49782 -> 13.84.181.47:443

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown	HTTPS traffic detected: 13.107.246.73:443 -> 192.168.2.4:49755 version: TLS 1.0
Source: unknown	HTTPS traffic detected: 13.107.246.73:443 -> 192.168.2.4:49754 version: TLS 1.0

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /drivers/46ba61258d89448bb7bc738033772e67/vmware2.png HTTP/1.1Host: driversupport-fms.azureedge.netConnection: Close
Source: global traffic	HTTP traffic detected: GET /drivers/51e8f6c34f7e075d1cf1648791da3acc/VMware1.png HTTP/1.1Host: driversupport-fms.azureedge.netConnection: Close
Source: global traffic	HTTP traffic detected: GET /driverdetective/dd.html HTTP/1.1Host: downloads.drivershq.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /DriverSupport/SmartClient/Branch15/DriverSupportManifest.xml HTTP/1.1Host: downloads.drivershq.comConnection: Keep-Alive

Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: '&https://www.facebook.com/driversupport equals www.facebook.com (Facebook)
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: mg-7y9_gA1MJhttps://www.youtube.com/v/mg-7y9_gA1M equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: cdn.driversupport.com
Source: global traffic	DNS traffic detected: DNS query: webservices.drivershq.com
Source: global traffic	DNS traffic detected: DNS query: front.activeoptimization.com
Source: global traffic	DNS traffic detected: DNS query: downloads.drivershq.com

Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000032.00000002.2275997950.000001A37338F000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000032.00000002.2271285267.00000040D86F4000.00000004.00000010.00020000.00000000.sdmp, netsh.exe, 00000032.00000003.2270472910.000001A37338A000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000032.00000002.2274692358.000001A373340000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000032.00000002.2276286827.000001A373685000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:65411/
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000059.00000003.2271273868.0000023BFD906000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000059.00000002.2272921881.0000023BFD8B0000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000059.00000002.2273279129.0000023BFDB15000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000059.00000002.2272009207.000000447A5F4000.00000004.00000010.00020000.00000000.sdmp, netsh.exe, 00000059.00000002.2273098725.0000023BFD906000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:65411/client/apiinfo/
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000054.00000002.2275003113.000000D313DE4000.00000004.00000010.00020000.00000000.sdmp, netsh.exe, 00000054.00000002.2278331975.000002580E8A6000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000054.00000002.2277478641.000002580E850000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000054.00000003.2273819277.000002580E8A6000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000054.00000002.2279160590.000002580EA95000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:65411/client/reboot/
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 0000004F.00000002.2279446490.000001A3DC525000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000004F.00000002.2278750698.000001A3DC3C6000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000004F.00000003.2274278503.000001A3DC3C6000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000004F.00000003.2274102882.000001A3DC3EB000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000004F.00000002.2278149455.000001A3DC3A0000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000004F.00000002.2279268738.000001A3DC3EE000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000004F.00000002.2275652470.0000000CFA524000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:65411/client/status/
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 0000003E.00000002.2276140419.0000018DA8D9D000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000003E.00000002.2275042327.0000018DA8D50000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000003E.00000003.2271865172.0000018DA8D97000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000003E.00000002.2276727389.0000018DA8EA5000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000003E.00000002.2273137738.0000006C13704000.00000004.00000010.00020000.00000000.sdmp, netsh.exe, 0000003E.00000003.2271865172.0000018DA8DA6000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000003E.00000002.2276140419.0000018DA8DA6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:65411/driverscan/
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 0000003B.00000002.2274464249.000001CE8DCC0000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000003B.00000002.2275518680.000001CE8DD0D000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000003B.00000002.2273281437.0000009AB35B4000.00000004.00000010.00020000.00000000.sdmp, netsh.exe, 0000003B.00000003.2271870276.000001CE8DD07000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000003B.00000002.2276421353.000001CE8DFF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:65411/license/
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000041.00000002.2278052885.0000018109EF0000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000041.00000003.2273808650.0000018109F16000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000041.00000002.2279171714.0000018109F3C000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000041.00000002.2275470367.0000004E5EF64000.00000004.00000010.00020000.00000000.sdmp, netsh.exe, 00000041.00000002.2279436116.000001810A015000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000041.00000003.2274338375.0000018109F3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:65411/license/status/
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 0000004A.00000002.2277020098.0000016E18F9B000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000004A.00000002.2275743781.0000016E18F50000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000004A.00000003.2272775334.0000016E18F64000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000004A.00000002.2277647255.0000016E19235000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000004A.00000002.2274009220.000000202B5F4000.00000004.00000010.00020000.00000000.sdmp, netsh.exe, 0000004A.00000003.2273451439.0000016E18F99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:65411/media/status/
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000004566000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:65411/media/status/media/status127.0.0.1:65411iPTE
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 0000004D.00000002.2271963377.000001A658AD5000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000004D.00000002.2271440744.000001A658910000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000004D.00000002.2271020221.0000005ECAF64000.00000004.00000010.00020000.00000000.sdmp, netsh.exe, 0000004D.00000002.2271885501.000001A65895E000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000004D.00000003.2270475573.000001A658958000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:65411/system/data/
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.000000000499D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000043D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:65411/tests/progress
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000046.00000002.2276874782.00000250E0310000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000046.00000002.2278055089.00000250E0360000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000046.00000003.2273700307.00000250E035A000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000046.00000002.2279085161.00000250E05D5000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000046.00000002.2275199773.000000E973954000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:65411/tests/progress/
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000037.00000002.2277752083.000001FD3A09F000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000037.00000003.2271970234.000001FD3A098000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000037.00000003.2273726945.000001FD3A076000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000037.00000002.2276440962.000001FD3A050000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000037.00000002.2278246636.000001FD3A335000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000037.00000002.2277327668.000001FD3A076000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000037.00000002.2274195066.000000B9CC5C4000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:65411/uxstate/
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://3WEBSERVICES.DRIVERSHQ.COMCTEST1V2.WEBSERVICES.DRIVERSHQ.COM=TEST-WEBSERVICES.DRIVERSHQ.COM
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://account.driversupport.com/kb?articleID=501F00000006JAB
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://account.driversupport.com/kb?articleID=501F00000006Jim
Source: DriverSupport.exe, 00000004.00000002.2301036855.00000000027F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://account.driversupport.com/support/contact?wlid=30
Source: DriverSupport.exe, 00000004.00000002.2301036855.00000000027F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://account.driversupport.com/support/contact?wlid=30HelpTelephone512.373.3518URLInfoAbouthttp://
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://apps.driversupport.com
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001650B000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001662A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417618642.00000000100BC000.00000002.00000001.01000000.00000028.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001650B000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001662A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417618642.00000000100BC000.00000002.00000001.01000000.00000028.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000028C0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000015862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.driversupport.com
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000028C0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000015862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.driversupport.com/builds/v10/nsis/asy/DriverSupport.exe
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000028C0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000015862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.driversupport.com/builds/v10/nsis/bppcv9/DriverSupport.exe
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000028C0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000015862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.driversupport.com/builds/v10/nsis/driversupport/DriverSupport.exe
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000028C0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000015862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.driversupport.com/builds/v10/nsis/dsmedia/DriverSupport.exe
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000028C0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000015862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.driversupport.com/builds/v10/nsis/gdn/DriverSupport.exe
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000028C0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000015862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.driversupport.com/builds/v10/nsis/gppc/DriverSupport.exe
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000028C0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000015862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.driversupport.com/builds/v10/nsis/media2/DriverSupport.exe
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000028C0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000015862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.driversupport.com/builds/v10/nsis/nss/DriverSupport.exe
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000028C0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000015862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.driversupport.com/builds/v10/nsis/portal/DriverSupport.exe
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943615665.0000000002862000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1935069798.0000000000870000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1934325882.0000000000870000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cdn.driversupport.com/builds/v10/nsis/portal/DriverSupportApp.exe
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000028C0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000015862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.driversupport.com/builds/v10/nsis/yahoo/DriverSupport.exe
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000046BC000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000046DC000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000047F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cdn.driversupport.com/builds/v10/smartclient/v10.1.6.14
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1931053273.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035B5000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002AFD000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003571000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001650B000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001662A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417618642.00000000100BC000.00000002.00000001.01000000.00000028.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001650B000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001662A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417618642.00000000100BC000.00000002.00000001.01000000.00000028.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001650B000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001662A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417618642.00000000100BC000.00000002.00000001.01000000.00000028.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001650B000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001662A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417618642.00000000100BC000.00000002.00000001.01000000.00000028.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0B
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000028C0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000015862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://download.driversupport.com/lp/ds/altlp2
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000028C0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000015862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://download.driversupport.com/lp/ds/falcon
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000028C0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000015862000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://download.driversupport.com/lp/ds/falcondevice
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000046BC000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://downloads.drivershq.com
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe	String found in binary or memory: http://downloads.drivershq.com/DriverDetective/SmartClient/manifest.xml
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://downloads.drivershq.com/DriverDetective/SmartClient/manifest.xml)UpdaterConfiguration
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013E67000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2427225820.0000000069F1A000.00000020.00000001.01000000.00000023.sdmp, Agent.CPU.exe, 00000072.00000002.2412808249.0000000004E12000.00000002.00000001.01000000.0000001F.sdmp	String found in binary or memory: http://downloads.drivershq.com/DriverDetective/SmartClient/manifest.xmlM
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000046BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://downloads.drivershq.com/DriverSupport/SmartClient/Branch15/DriverSupportManifest.xml
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000046BC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://downloads.drivershq.com/DriverSupport/SmartClient/Branch15/DriverSupportManifest.xml=b77a5c56
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3871585270.000000002129A000.00000002.00000001.01000000.00000034.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://downloads.drivershq.com/DriverSupport/SmartClient/Branch15/DriverSupportManifest.xmlBSJB
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://downloads.drivershq.com/driverdetective/dd.html
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe	String found in binary or memory: http://downloads.drivershq.com/driverdetective/driverdetective.exe
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013E67000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2427225820.0000000069F1A000.00000020.00000001.01000000.00000023.sdmp, Agent.CPU.exe, 00000072.00000002.2412808249.0000000004E12000.00000002.00000001.01000000.0000001F.sdmp	String found in binary or memory: http://downloads.drivershq.com/driverdetective/driverdetective.exe3support
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3871585270.000000002129A000.00000002.00000001.01000000.00000034.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://driversupport.com
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://driversupport.com/home/eula/
Source: DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://localhost.fiddler:
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://localhost;http://apps.driversupport.comEhttp://test-apps.driversupport.com
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://my.proxyserver.com
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://na7.salesforce.com/sol/public/solutionbrowser.jsp?cid=02nA0000000Q7Bh&orgId=00DA0000000IfrC
Source: DriverSupport.exe, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000000.1933003986.0000000000409000.00000008.00000001.01000000.0000000D.sdmp, DriverSupport.exe, 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000000.1760414603.0000000000409000.00000008.00000001.01000000.00000003.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000000.1933003986.0000000000409000.00000008.00000001.01000000.0000000D.sdmp, DriverSupport.exe, 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001650B000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001662A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417618642.00000000100BC000.00000002.00000001.01000000.00000028.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001650B000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001662A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417618642.00000000100BC000.00000002.00000001.01000000.00000028.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1931053273.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035B5000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002AFD000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003571000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://poll2.driversupport.com/2011/12/miscservice.asmx
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp, DriverSupport.exe, 00000027.00000002.3905352253.00000000239A0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3896271975.0000000023780000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3907185547.0000000023AF0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10&
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10-
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/103
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/107
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/109
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp, DriverSupport.exe, 00000027.00000002.3908600622.0000000023BC0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:action:True:
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:actionController:True:/Read28_actionController
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:actions
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:actions:True:
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:component:True:
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000004255000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:condition
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000004255000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp, DriverSupport.exe, 00000027.00000002.3920083301.0000000024D50000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:condition:True:
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000004255000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:condition:True:Xw
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:conditions:True:#Read23_conditions
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:conditionsShttp://rtm.drivershq.types/2011/10:events
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:environmentPropertyContainerBase:True:
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:environmentPropertyContainerBaseahttp://rtm.drivershq.types/2011/
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3896108246.0000000023760000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:event:True:
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:eventController:True:-Read29_eventController
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:events:True:
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:globalActions:True:)Read41_globalActions
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:globalActionsuhttp://rtm.drivershq.types/2011/10:globalEnvironmen
Source: DriverSupport.exe, 00000027.00000002.3893438720.0000000022F40000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:globalEnvironmentEvents:True:;Read1_globalEnvironmentEvents=Write
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:globalEnvironmentEvents:True:=Read42_globalEnvironmentEvents
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp, DriverSupport.exe, 00000027.00000002.3905352253.00000000239A0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:globalEnvironmentProperties
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:globalEnvironmentProperties:True:ERead43_globalEnvironmentPropert
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:globalEnvironmentProviders
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:globalEnvironmentProviders:True:CRead44_globalEnvironmentProvider
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:globalRules:True:%Read46_globalRules
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:globalRulesP
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:globalRuleschttp://rtm.drivershq.types/2011/10:globalTriggers-:Co
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:globalTriggers:True:
Source: DriverSupport.exe, 00000027.00000002.3632606934.000000000423E000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3896271975.0000000023780000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:parameters
Source: DriverSupport.exe, 00000027.00000002.3632606934.000000000423E000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3896271975.0000000023780000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:parameters:True:
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:properties:True:#Read25_properties
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:propertiesYhttp://rtm.drivershq.types/2011/10:providersQhttp://rt
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:property:True:
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:propertyController:True:3Read30_propertyController
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:provider:True:
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:providerController:True:3Read31_providerController
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:providers:True:
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:rtmBase:True:
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3907419391.0000000023B20000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:rule:True:
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:ruleComponent:True:)Read52_ruleComponent
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:ruleHistory
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:ruleHistory:True:%Read45_ruleHistory
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:ruleHistoryController:True:
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:ruleHistoryController:True:9Read32_ruleHistoryControllersDriversH
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:ruleHistoryController:True:Xw
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:ruleTriggered:True:)Read59_ruleTriggered
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:ruleX57
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:rules:True:
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3907599176.0000000023B40000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10:trigger:True:
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10;
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10=
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10?
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10A
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10B
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10C
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10D
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10E
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10F
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10I
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10K
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10N
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10O
Source: DriverSupport.exe, 00000027.00000002.3907419391.0000000023B20000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10Ohttp://rtm.drivershq.types/2011/10:rule
Source: DriverSupport.exe, 00000027.00000002.3896108246.0000000023760000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10Qhttp://rtm.drivershq.types/2011/10:event
Source: DriverSupport.exe, 00000027.00000002.3893438720.0000000022F40000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://rtm.drivershq.types/2011/10uhttp://rtm.drivershq.types/2011/10:globalEnvironmentEvents
Source: DriverSupport.exe, 00000027.00000002.3877243246.0000000021585000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3846059460.000000001DE0B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.sym
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1931053273.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035B5000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002AFD000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003571000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/pca3-g5.crl0
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1931053273.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1933899350.00000000008CB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1938941989.00000000008CB000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035B5000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003571000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1931053273.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1933899350.00000000008CB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1938941989.00000000008CB000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035B5000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003571000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcd.com06
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1931053273.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035B5000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002AFD000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003571000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcd.com0_
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.000000000459A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.000000000462F000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000004673000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000004880000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000043D8000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000004519000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000045B5000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014879000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.000000000466A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001477F000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000044F5000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000048AC000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000045D4000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013E67000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2427225820.0000000069F1A000.00000020.00000001.01000000.00000023.sdmp, Agent.CPU.exe, 00000072.00000002.2412808249.0000000004E12000.00000002.00000001.01000000.0000001F.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/3soap:Envelope/soap:Header
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://secure.driversupport.com
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://secure.driversupport.comIhttp://test-secure.driversupport.com
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001650B000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001662A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417618642.00000000100BC000.00000002.00000001.01000000.00000028.sdmp	String found in binary or memory: http://sf.symcb.com/sf.crl0f
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001650B000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001662A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417618642.00000000100BC000.00000002.00000001.01000000.00000028.sdmp	String found in binary or memory: http://sf.symcb.com/sf.crt0
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001650B000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001662A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417618642.00000000100BC000.00000002.00000001.01000000.00000028.sdmp	String found in binary or memory: http://sf.symcd.com0&
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1931053273.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035B5000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002AFD000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003571000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sw.symcb.com/sw.crl0
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1931053273.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035B5000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002AFD000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003571000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sw.symcd.com0
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1931053273.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035B5000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002AFD000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003571000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sw1.symcb.com/sw.crt0
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://test-apps.driversupport.com
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://test-secure.driversupport.com
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://test-webservices.drivershq.com/2011/12/miscservice.asmx
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1931053273.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035B5000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003571000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: DriverSupport.exe, 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003591000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014BF6000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013E67000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3836203209.000000001D35E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016931000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016643000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1931053273.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035B5000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003571000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002AFD000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1931053273.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035B5000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002AFD000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003571000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1931053273.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035B5000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002AFD000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003571000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1931053273.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035B5000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003571000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://us.norton.com/nortonlive/pccu/free-pc-checkup.jsp?nls=pcdhq
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001477F000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000048AC000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000062.00000002.2299815958.00000000004A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetAlternateDriverUpdates
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetAlternativeDriverUpdatesA
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetDriverAndSoftwareUpdates
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetDriverFileDownload
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetDriverFileDownloadApplication
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetDriverFileDownloadMigration
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetDriverFileDownloadMigrationApplicati
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetDriverInfo
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetDriverUpdates
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.000000000423E000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000043D8000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetDriverUpdatesUserData
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetMigrationUpdates
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetPNPDriverUpdates
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetSoftwareFileDownload
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetSoftwareFileDownloadApplication
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetSoftwareFileDownloadMigration
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetSoftwareFileDownloadMigrationApplica
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetSoftwareInfo
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetSoftwareSupportMetaDataApplication
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetSoftwareUpdates
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetSupportMetaData
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetSupportMetaDataApplication
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000044F5000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/GetSupportMetaDataApplicationByDevice
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/MonitorLoadBalancedScan
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/MonitorScan
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/TrackDriverUpdated
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/TrackDriverUpdatedByGUID
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/TrackWUDriverDownload
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/TrackWUDriverUpdated
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/TrackWUScan
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice/ValidateRegistrationKey
Source: DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000043D8000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300781068.00000000020D9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000062.00000002.2300829561.00000000020E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:EncryptionHeader
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:EncryptionHeader.
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:FaultCode
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:FaultDataAGetWhiteLabelMetaDataAllRespo
Source: DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:FaultDataIGetDriverFileDownloadMigratio
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:FaultMessage
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetAlternateDriverUpdatesResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetAlternateDriverUpdatesResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetAlternativeDriverUpdatesAResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetAlternativeDriverUpdatesAResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetDriverAndSoftwareUpdatesResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetDriverAndSoftwareUpdatesResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300829561.00000000020E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetDriverFileDownloadApplicationRespons
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300829561.00000000020E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetDriverFileDownloadApplicationResult
Source: DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetDriverFileDownloadMigrationApplicati
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetDriverFileDownloadMigrationResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetDriverFileDownloadMigrationResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300781068.00000000020D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetDriverFileDownloadResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300781068.00000000020D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetDriverFileDownloadResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300781068.00000000020D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetDriverInfoResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300781068.00000000020D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetDriverInfoResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetDriverUpdatesResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetDriverUpdatesResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300829561.00000000020E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetDriverUpdatesUserDataResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300829561.00000000020E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetDriverUpdatesUserDataResult
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetDriverUpdatesUserDataResultp~
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetMigrationUpdatesResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetMigrationUpdatesResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetPNPDriverUpdatesResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetPNPDriverUpdatesResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetSoftwareFileDownloadApplicationRespo
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetSoftwareFileDownloadApplicationResul
Source: DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetSoftwareFileDownloadMigrationApplica
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetSoftwareFileDownloadMigrationRespons
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetSoftwareFileDownloadMigrationResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetSoftwareFileDownloadResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetSoftwareFileDownloadResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300781068.00000000020D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetSoftwareInfoResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300781068.00000000020D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetSoftwareInfoResult
Source: DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetSoftwareSupportMetaDataApplicationRe
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300781068.00000000020D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetSoftwareUpdatesResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300781068.00000000020D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetSoftwareUpdatesResult
Source: DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000043D8000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetSupportMetaDataApplicationByDeviceRe
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetSupportMetaDataApplicationResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetSupportMetaDataApplicationResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300781068.00000000020D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetSupportMetaDataResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300781068.00000000020D9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:GetSupportMetaDataResult
Source: DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000043D8000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300781068.00000000020D9000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000062.00000002.2300829561.00000000020E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:KeyFaultHeader
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:MonitorLoadBalancedScanResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:MonitorLoadBalancedScanResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:MonitorScanResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:MonitorScanResult
Source: DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300829561.00000000020E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:RegistrationHeader
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:RegistrationKey
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300829561.00000000020E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:TrackDriverUpdatedByGUIDResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:TrackDriverUpdatedResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:TrackWUDriverDownloadResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300829561.00000000020E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:TrackWUDriverUpdatedResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300829561.00000000020E2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:TrackWUScanResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:UUID
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:ValidateRegistrationKeyResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservice:ValidateRegistrationKeyResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateserviceT
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateserviceTU
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateserviceU
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservicel
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/driverupdateservicep~
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/exceptionservice
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/exceptionservice/WriteLogEntry
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/exceptionservice:EncryptionHeader
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/exceptionservice:WriteLogEntryResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/exceptionservice:WriteLogEntryResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/exceptionserviceT
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/exceptionserviceTU
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/exceptionserviceX
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice/GetFamilyModels
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice/GetMachineImageContent
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice/GetMachineIntelligence
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice/GetMachineIntelligence1
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice/GetMachineIntelligence2
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice/GetMachineIntelligenceByModelID
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice/GetManufacturerFamilies
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice/GetManufacturers
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice/GetMotherboardManufacturers
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice/GetMotherboardModels
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice/GetMotherboardSeries
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice/InsertBaseboard
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice/InsertComputerSystemProduct
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice/InsertMBAssociation
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice/InsertWMIAssociation
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice/InsertWMIAssociation1
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice/SearchModel
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice/SearchMotherboard
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:EncryptionHeader
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetFamilyModelsResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetFamilyModelsResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetMachineImageContentResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetMachineImageContentResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetMachineIntelligence1Response
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetMachineIntelligence1Result
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetMachineIntelligence2Response
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetMachineIntelligence2Result
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetMachineIntelligenceByModelIDResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetMachineIntelligenceByModelIDResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetMachineIntelligenceResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetMachineIntelligenceResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetManufacturerFamiliesResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetManufacturerFamiliesResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetManufacturersResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetManufacturersResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetMotherboardManufacturersResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetMotherboardManufacturersResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetMotherboardModelsResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetMotherboardModelsResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetMotherboardSeriesResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:GetMotherboardSeriesResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.000000000499D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:InsertBaseboardResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.000000000499D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:InsertComputerSystemProductResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:InsertMBAssociationResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:InsertWMIAssociation1Response
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:InsertWMIAssociationResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:SearchModelResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:SearchModelResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:SearchMotherboardResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerservice:SearchMotherboardResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerserviceT
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerserviceTU
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/manufacturerserviceU
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000045EB000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3845344887.000000001DB00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.000000000462F000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000004673000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000043D8000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000004519000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000045B5000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.000000000466A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000045D4000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000065.00000002.2317774355.0000000000544000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000065.00000002.2318647851.00000000021A0000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000065.00000002.2317820161.000000000054B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice%GetAccountActivity;IsRuleEngineManifestOutOfDat
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/CheckForClientActivation
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetAccountActivity
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetAffiliatePromotion
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetCALs
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetLandingPageData
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetLocalizedNews
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetMarketingURI
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetNetworkProviderResourceFile
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetNews
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetPriceConfig
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetPromotion
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetQuestionTypes
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetResourceFilesByParent
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetResultDialogData
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetRuleEngineManifest
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetSlideshowUrl
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetUninstallUrl
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetUserAccountInfo
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetUserEmailName
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetWhiteLabelMetaData
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/GetWhiteLabelMetaDataAll
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/InsertClientLog
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/InsertDownloadTIDTracking
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/InsertInstallShieldSummary
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/InsertInstallShieldTracking
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/InsertInstallTracking
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/InsertQuestion
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/InsertRuleAnalytics
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/InsertSupportCall
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000004602000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.000000000462F000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000004519000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000045D4000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/IsRuleEngineManifestOutOfDate
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/RegisterClientActivationListener
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/RegisterClientActivationPopup
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/UnRegisterClientActivationListener
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/ValidateClientActivation
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/ValidateThirdPartyInstall
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/VeloxumClientDataReady
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/VeloxumClientDataReady2
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice/WaitForClientActivation
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000004551000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000045BE000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000004602000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000045EB000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.000000000462F000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000004673000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000045B5000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.000000000466A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000045D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice0
Source: DriverSupport.exe, 00000027.00000002.3845344887.000000001DB00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000043D8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice::False:http://webservices.drivershq.com/2011/12
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013DF5000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:CheckForClientActivationResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013DF5000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:CheckForClientActivationResult
Source: DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013DF5000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000065.00000002.2318647851.00000000021A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:EncryptionHeader
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:FaultCode
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:FaultData
Source: DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:FaultData1GetLandingPageDataResult1GetUserEmail
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:FaultMessage
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetAccountActivityResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetAccountActivityResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetAffiliatePromotionResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetAffiliatePromotionResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetCALsResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetCALsResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetLandingPageDataResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetLandingPageDataResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetLocalizedNewsResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetLocalizedNewsResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013DF5000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetMarketingURIResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013DF5000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetMarketingURIResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013DF5000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetNetworkProviderResourceFileResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013DF5000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetNetworkProviderResourceFileResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetNewsResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetNewsResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetPriceConfigResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetPriceConfigResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000065.00000002.2318647851.00000000021A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetPromotionResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000065.00000002.2318647851.00000000021A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetPromotionResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetQuestionTypesResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetQuestionTypesResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetResourceFilesByParentResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetResourceFilesByParentResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetResultDialogDataResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetResultDialogDataResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetRuleEngineManifestResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetRuleEngineManifestResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetSlideshowUrlResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetSlideshowUrlResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetUninstallUrlResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetUninstallUrlResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetUserAccountInfoResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetUserAccountInfoResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetUserEmailNameResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetUserEmailNameResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetWhiteLabelMetaDataAllResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetWhiteLabelMetaDataAllResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetWhiteLabelMetaDataResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:GetWhiteLabelMetaDataResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:InsertClientLogResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:InsertDownloadTIDTrackingResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:InsertInstallShieldSummaryResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:InsertInstallShieldTrackingResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.000000000499D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000065.00000002.2318647851.00000000021A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:InsertInstallTrackingResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:InsertQuestionResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:InsertRuleAnalyticsResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013DF5000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:InsertSupportCallResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000045BE000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000065.00000002.2318647851.00000000021A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:IsRuleEngineManifestOutOfDateResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000065.00000002.2318647851.00000000021A0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:IsRuleEngineManifestOutOfDateResult
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000045BE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:IsRuleEngineManifestOutOfDateResultP
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:KeyFaultHeader
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:RegisterClientActivationListenerResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:RegisterClientActivationListenerResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:RegisterClientActivationPopupResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3845344887.000000001DB00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:RegistrationHeader
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3845344887.000000001DB00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:RegistrationKey
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3845344887.000000001DB00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:UUID
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:UnRegisterClientActivationListenerResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:UnRegisterClientActivationListenerResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:ValidateClientActivationResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:ValidateClientActivationResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:ValidateThirdPartyInstallResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:ValidateThirdPartyInstallResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:VeloxumClientDataReady2Response
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:VeloxumClientDataReady2Result
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:VeloxumClientDataReadyResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:VeloxumClientDataReadyResult
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:WaitForClientActivationResponse
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscservice:WaitForClientActivationResult
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscserviceS
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscserviceT
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscserviceTU
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscserviceXk
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://webservices.drivershq.com/2011/12/miscserviceY
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.codeproject.com/KB/cs/mrg_loadingcircle.aspx
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.codeproject.com/csharp/julijanpiechart.asp
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001650B000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001662A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417618642.00000000100BC000.00000002.00000001.01000000.00000028.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe	String found in binary or memory: http://www.drivershq.com
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.drivershq.com/Help.asp
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.drivershq.com/Legal.asp
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.drivershq.com/localresource6DownloadResourceManager.dat
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.drivershq.com/premiumsupport?src=DD
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013E67000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2427225820.0000000069F1A000.00000020.00000001.01000000.00000023.sdmp, Agent.CPU.exe, 00000072.00000002.2412808249.0000000004E12000.00000002.00000001.01000000.0000001F.sdmp	String found in binary or memory: http://www.drivershq.com7PC
Source: DriverSupport.exe, 00000004.00000002.2301036855.00000000027F3000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.driversupport.com
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943615665.0000000002862000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1846062288.0000000004CF1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1842008269.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1868494205.00000000008B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1868516374.00000000008BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1841585877.0000000004CDD000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301036855.00000000027F3000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.driversupport.com/
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1934882600.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1938616883.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943615665.0000000002862000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1934325882.000000000089F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1934630656.00000000008AC000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301036855.00000000027F3000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.driversupport.com/home/privacypolicy
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943615665.0000000002862000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301036855.00000000027F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.driversupport.com/home/privacypolicyLinkInstFiles
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1934882600.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1938616883.00000000008AD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1934325882.000000000089F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1934630656.00000000008AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.driversupport.com/home/privacypolicyicyq
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.driversupport.com/howitworks/
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.driversupport.comp~
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943615665.0000000002862000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1846062288.0000000004CF1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1842008269.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1868494205.00000000008B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1868516374.00000000008BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1841585877.0000000004CDD000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301036855.00000000027F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.loc.gov/copyright/
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.regnow.com/contact.html
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apps.driversupport.com
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://apps.driversupport.comAhttps://secure.driversupport.com9http://www.driversupport.com
Source: DriverSupport.exe, 00000027.00000002.3877243246.0000000021585000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1931053273.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1933899350.00000000008CB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1938941989.00000000008CB000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035B5000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002AFD000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003571000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013E67000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016931000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3836203209.000000001D345000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016643000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3848225161.000000001DE3E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3627855368.0000000001BE2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3846059460.000000001DE0B000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3836203209.000000001D2F0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001662A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3627855368.0000000001C1C000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3627855368.0000000001B86000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016690000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000066.00000002.2500952321.00000000019E0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000066.00000002.2500952321.0000000001A27000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000066.00000002.2518032868.0000000001D5C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1931053273.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035B5000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002AFD000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003571000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0)
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1931053273.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1933899350.00000000008CB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1938941989.00000000008CB000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000035B5000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003571000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0.
Source: DriverSupport.exe, 00000027.00000002.3680270900.0000000014904000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014899000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014879000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001477F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://driversupport-fms.azureedge.net/drivers/46ba61258d89448bb7bc738033772e67/vmware2.png
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://driversupport-fms.azureedge.net/drivers/46ba61258d89448bb7bc738033772e67/vmware2.png$
Source: DriverSupport.exe, 00000027.00000002.3680270900.0000000014904000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014899000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014879000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001477F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://driversupport-fms.azureedge.net/drivers/51e8f6c34f7e075d1cf1648791da3acc/VMware1.png
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://driversupport-fms.azureedge.net/drivers/51e8f6c34f7e075d1cf1648791da3acc/VMware1.png$
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013E67000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, Agent.CPU.exe, 00000072.00000002.2427225820.0000000069F1A000.00000020.00000001.01000000.00000023.sdmp, Agent.CPU.exe, 00000072.00000002.2412808249.0000000004E12000.00000002.00000001.01000000.0000001F.sdmp	String found in binary or memory: https://secure.drivershq.com/Registration/Default.aspx
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013E67000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, Agent.CPU.exe, 00000072.00000002.2427225820.0000000069F1A000.00000020.00000001.01000000.00000023.sdmp, Agent.CPU.exe, 00000072.00000002.2412808249.0000000004E12000.00000002.00000001.01000000.0000001F.sdmp	String found in binary or memory: https://secure.drivershq.com/Registration/Default.aspx?AffiliateID=
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://secure.drivershq.com/SignIn.aspx
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://secure.drivershq.com/default.aspx
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://secure.drivershq.com/default.aspx%?StatusCode=4&Key=%?StatusCode=2&Key=
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://secure.driversupport.com
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://secure.driversupport.com/Account/account/details
Source: DriverSupport.exe, 00000004.00000002.2301036855.00000000027F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.driversupport.com/account/account/login
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943615665.0000000002862000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1846062288.0000000004CF1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1842008269.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1868494205.00000000008B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1868516374.00000000008BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1841585877.0000000004CDD000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301036855.00000000027F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.driversupport.com/account/account/login).
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943615665.0000000002862000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1846062288.0000000004CF1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1842008269.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1868494205.00000000008B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1868516374.00000000008BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1841585877.0000000004CDD000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301036855.00000000027F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.driversupport.com/account/support/contact
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webservices.drivershq.com/2011/12/DriverUpdateService.asmx
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webservices.drivershq.com/2011/12/DriverUpdateService.asmx?
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://webservices.drivershq.com/2011/12/ExceptionService.asmx
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webservices.drivershq.com/2011/12/MiscService.asmx
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013E67000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2427225820.0000000069F1A000.00000020.00000001.01000000.00000023.sdmp, Agent.CPU.exe, 00000072.00000002.2412808249.0000000004E12000.00000002.00000001.01000000.0000001F.sdmp	String found in binary or memory: https://webservices.drivershq.com/2011/12/XSD/schema.xsd
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, ngen.exe, 00000005.00000002.2193928040.0000000000526000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000004673000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DA1000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000047F8000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000066.00000002.2519113658.0000000003A51000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000066.00000002.2500952321.0000000001A5F000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000068.00000002.2521078917.0000000003FF1000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 0000006B.00000002.2498759309.00000000018E2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006B.00000002.2519608762.00000000039B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webservices.drivershq.com/2011/12/Youtube/YouTubePlayer.html
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webservices.drivershq.com/2011/12/Youtube/YouTubePlayer.html?
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webservices.drivershq.com/2011/12/manufacturerservice.asmx
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webservices.drivershq.com/2011/12/manufacturerservice.asmxG
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000045BE000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000004602000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.000000000462F000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000004519000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://webservices.drivershq.comp~
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001650B000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001662A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417618642.00000000100BC000.00000002.00000001.01000000.00000028.sdmp	String found in binary or memory: https://www.digicert.com/CPS0~
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013E67000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, Agent.CPU.exe, 00000072.00000002.2427225820.0000000069F1A000.00000020.00000001.01000000.00000023.sdmp, Agent.CPU.exe, 00000072.00000002.2412808249.0000000004E12000.00000002.00000001.01000000.0000001F.sdmp	String found in binary or memory: https://www.driversupport.com/uninstall/
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.driversupport.com/uninstall/p
Source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/v/mg-7y9_gA1M

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Code function: 0_2_004051BA GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_004051BA

Yara detected Keylogger Generic

Source: Yara match	File source: 114.2.Agent.CPU.exe.5100000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.DriverSupport.exe.14bf88e8.16.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.DriverSupport.exe.31e19c3.47.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.DriverSupport.exe.144a7300.30.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.DriverSupport.exe.144a7300.30.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 114.2.Agent.CPU.exe.697d0000.14.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.DriverSupport.exe.14bf88e8.16.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.DriverSupport.exe.31c5e53.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.DriverSupport.exe.31f2e47.34.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 39.2.DriverSupport.exe.1442de50.21.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000027.00000002.3680270900.0000000014BF6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000072.00000002.2413421231.0000000005102000.00000002.00000001.01000000.00000022.sdmp, type: MEMORY
Source: Yara match	File source: 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000072.00000002.2419305324.0000000069898000.00000020.00000001.01000000.00000025.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: DriverSupport.exe PID: 7720, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: DriverSupport.exe PID: 7344, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: Agent.CPU.exe PID: 8184, type: MEMORYSTR
Source: Yara match	File source: C:\Program Files (x86)\Driver Support\Common.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP959E.tmp\Common.dll, type: DROPPED
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\nsz71DA.tmp, type: DROPPED

DDoS

Too many similar processes found

Source: netsh.exe	Process created: 47
Source: conhost.exe	Process created: 40
Source: mscorsvw.exe	Process created: 60

System Summary

Abnormal high CPU Usage

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe

Process Stats: CPU usage > 49%

Contains functionality to call native functions

Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe

Code function: 114_2_10044D65 NtQuerySystemInformation,

114_2_10044D65

Contains functionality to communicate with device drivers

Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe

Code function: 114_2_1004C4E9: DeviceIoControl,CloseHandle,GetLastError,

114_2_1004C4E9

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Code function: 0_2_0040322B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		0_2_0040322B
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Code function: 4_2_0040322B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		4_2_0040322B

Creates driver files

Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe

File created: C:\Windows\temp\cpuz143\cpuz143_x64.sys

Creates files inside the system directory

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.lock	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.lock	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.log	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	File created: C:\Windows\Microsoft.NET\ngennicupdatelock.dat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.lock	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index20.dat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent\a69ce6357fb391c421cd72a75fdbf42d	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index21.dat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Common	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Common\f79e1ab6f1786caa351ee0d2384ee6a4	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index22.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\90c1fadfe8510201a762a907c7eb1faf
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index23.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\4d51fef9118100446bd1838c1f081755
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index24.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\ExceptionLogging
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\ExceptionLogging\7fb38a2727987d2842924921a2567970
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index25.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\919121cf5560278d8dc871928c969480
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index26.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\e3fa6c30d72ec45df2e5f5f297b83cec
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index27.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\f9006ce65a14801ded8b839fab9bfebd
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index28.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\469c8b7e2a8a123322bdacbd7ba00a8c
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index29.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\2c05915f5623d1aa5bb4121a26b16a00
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index2a.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b284ad5164c9539ce7375228dee925fa
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index2b.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b4dea039a943da5c4afe75ae1e9ed665
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index2c.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\23f2e1e196f71523e1ef513e643c983f
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index2d.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\4bb73c27f8c6af54ed5fa349a7845bad
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index2e.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\0665e4875d42b99f24e22762d9d60c42
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index2f.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\9b51a87621e285c977664835b5f3cf4b
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index30.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\00d15e9c35244f43c7b8bf36d1bb48cc
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index31.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Common
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Common\dde70247168d305464eb486f7dd1b054
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index32.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.WUApiLib
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.WUApiLib\bcb74b2753db931431b4a9f9edf4bb8f
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index33.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Communication
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Communication\5fd1c8175527ba0537d0a88e78239ef3
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index34.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Win32.Tas#
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Win32.Tas#\37eb33caafd5db73e68082c81ef1e0a5
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index35.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\RuleEngine
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\RuleEngine\4bdb76de6604335296474f74c4cbb6c4
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index36.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\de965ec14a73eae5d33502aa55ac30b0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index37.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\457dd1c25d156d9b39e0252ed2359a45
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index38.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\263781c7aacc93a3afa893720adb71f2
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index39.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\17326adb8598b7c3c8750b4023fdc64e
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index3a.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\9c372fb846c16447196f1cb1f4290dae
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.lock
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.lock
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngenrootstorelock.dat
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	File created: C:\Windows\Microsoft.NET\ngennicupdatelock.dat
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.lock
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\index3b.dat
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Updater
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Updater\37537651740f30dd38deda45befbd304
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File created: C:\Windows\assembly\Desktop.ini
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File created: C:\Windows\INF\c_processor.PNF
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File created: C:\Windows\INF\c_monitor.PNF
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File created: C:\Windows\INF\c_volume.PNF
Source: C:\Windows\System32\svchost.exe	File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Deletes files inside the Windows folder

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

File deleted: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8254.tmp

Jump to behavior

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Code function: 0_2_004049F9	0_2_004049F9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Code function: 0_2_004064AE	0_2_004064AE
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Code function: 4_2_004049F9	4_2_004049F9
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Code function: 4_2_004064AE	4_2_004064AE
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9BD90B48	39_2_00007FFD9BD90B48
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9BD9431D	39_2_00007FFD9BD9431D
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C1231E4	39_2_00007FFD9C1231E4
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C12C704	39_2_00007FFD9C12C704
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C25D44D	39_2_00007FFD9C25D44D
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9BFEC449	39_2_00007FFD9BFEC449
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C93093F	39_2_00007FFD9C93093F
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C930885	39_2_00007FFD9C930885
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C597492	39_2_00007FFD9C597492
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C596DE2	39_2_00007FFD9C596DE2
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C59E009	39_2_00007FFD9C59E009
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Code function: 114_2_054A8355	114_2_054A8355
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Code function: 114_2_054A2B2A	114_2_054A2B2A
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Code function: 114_2_100454DF	114_2_100454DF
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Code function: 114_2_1007ED20	114_2_1007ED20
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Code function: 114_2_1006902F	114_2_1006902F
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Code function: 114_2_1004E02D	114_2_1004E02D

Enables driver privileges

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe

Process token adjusted: Load Driver

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameClient.Install9.exeD vs SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002A8E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamensArray.dllJ vs SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameDriverSupport.exe> vs SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamensArray.dllJ vs SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Uses 32bit PE files

Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 0.2.SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe.29fcea4.6.raw.unpack, Install.cs	Security API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
Source: 0.2.SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe.29fcea4.6.raw.unpack, Install.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe.29fcea4.6.raw.unpack, IOUtility.cs	Security API names: System.IO.FileInfo.SetAccessControl(System.Security.AccessControl.FileSecurity)
Source: 0.2.SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe.29fcea4.6.raw.unpack, IOUtility.cs	Security API names: DriversHQ.Common.IOUtility.DirectorySetAccessControl(System.IO.DirectoryInfo, System.Security.AccessControl.FileSystemRights)
Source: 0.2.SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe.29fcea4.6.raw.unpack, IOUtility.cs	Security API names: DriversHQ.Common.IOUtility.DirectorySetAccessControl(string)
Source: 0.2.SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe.29fcea4.6.raw.unpack, IOUtility.cs	Security API names: System.IO.FileInfo.GetAccessControl()
Source: 0.2.SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe.29fcea4.6.raw.unpack, IOUtility.cs	Security API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
Source: 0.2.SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe.29fcea4.6.raw.unpack, IOUtility.cs	Security API names: DriversHQ.Common.IOUtility.DirectorySetAccessControl(System.IO.DirectoryInfo)
Source: 0.2.SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe.29fcea4.6.raw.unpack, IOUtility.cs	Security API names: System.IO.DirectoryInfo.GetAccessControl()
Source: 0.2.SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe.29fcea4.6.raw.unpack, IOUtility.cs	Security API names: DriversHQ.Common.IOUtility.FileSetAccessControlInternal(System.IO.FileInfo, System.Security.AccessControl.FileSystemRights)
Source: 0.2.SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe.29fcea4.6.raw.unpack, IOUtility.cs	Security API names: DriversHQ.Common.IOUtility.FileSetAccessControlInternal(System.IO.FileInfo)
Source: 0.2.SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe.29fcea4.6.raw.unpack, IOUtility.cs	Security API names: DriversHQ.Common.IOUtility.FileSetAccessControl(System.IO.FileInfo, System.Security.AccessControl.FileSystemRights)
Source: 0.2.SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe.29fcea4.6.raw.unpack, IOUtility.cs	Security API names: DriversHQ.Common.IOUtility.FileSetAccessControl(System.IO.FileInfo)
Source: 0.2.SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe.29fcea4.6.raw.unpack, ComputerInfo.cs	Security API names: IOUtility.FileSetAccessControl

Source: classification engine

Classification label: mal40.expl.evad.winEXE@249/359@14/3

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Code function: 0_2_0040322B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		0_2_0040322B
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Code function: 4_2_0040322B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,		4_2_0040322B

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Code function: 0_2_00404486 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_00404486

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Code function: 0_2_0040205E CoCreateInstance,MultiByteToWideChar,

0_2_0040205E

Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe

Code function: 114_2_10071978 CreateDirectoryA,GetLastError,_strcpy_s,_strlen,CreateFileA,CreateFileA,CloseHandle,_strcpy_s,GetModuleHandleA,GetLastError,FindResourceA,LoadResource,LockResource,SizeofResource,CreateFileA,GetLastError,DeleteFileA,CreateFileA,GetTempPathA,CreateFileA,GetTempPathA,WriteFile,GetLastError,CloseHandle,

114_2_10071978

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

File created: C:\Program Files (x86)\Driver Support

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7584:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\DriverSupport.exe-Mutex-{D249E700-A24F-481C-ABB9-A9A4DB25952E}
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8180:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7648:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7492:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5212:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7976:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7348:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8036:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6164:120:WilError_03
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\CProgramFilesx86DriverSupportDriverSupportexe
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7780:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2252:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6908:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:332:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7808:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1712:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:404:120:WilError_03
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\Access_PCI
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7932:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6320:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3468:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6468:120:WilError_03
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\cpuz143
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7968:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7112:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5016:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1668:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7616:120:WilError_03
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\DRIVERSUPPORT.EXE
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4908:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3520:120:WilError_03
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe-Mutex-{D249E700-A24F-481C-ABB9-A9A4DB25952E}
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\_CPUIDSDK
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\Access_APIC_Clk_Measure
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2188:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7436:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7668:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7860:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1432:120:WilError_03

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

File created: C:\Users\user\AppData\Local\Temp\nst2E49.tmp

Jump to behavior

Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select UniqueId From Win32_Processor
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorId From Win32_Processor
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: Agent.CPU.exe	String found in binary or memory: /stop
Source: Agent.CPU.exe	String found in binary or memory: /stop
Source: Agent.CPU.exe	String found in binary or memory: <PrivateImplementationDetails>{985B36C9-CA59-41E3-ADD7-4BEA4D2A011D}

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Process created: C:\Users\user\AppData\Local\Temp\DriverSupport.exe "C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:""
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe" install "C:\Program Files (x86)\Driver Support\DriverSupport.exe" /silent
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 210 -Pipe 218 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b4 -InterruptEvent 0 -NGENProcess 290 -Pipe 2a8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 294 -InterruptEvent 0 -NGENProcess 2b4 -Pipe 28c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c4 -InterruptEvent 0 -NGENProcess 294 -Pipe 2c8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 210 -InterruptEvent 0 -NGENProcess 2c4 -Pipe 29c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 294 -Pipe 2c4 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2cc -InterruptEvent 0 -NGENProcess 294 -Pipe 2b4 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 0 -NGENProcess 21c -Pipe 2e0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2dc -InterruptEvent 0 -NGENProcess 2d8 -Pipe 2f4 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 300 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 294 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 2d0 -Pipe 2fc -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 314 -Pipe 294 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2f0 -Pipe 21c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 0 -NGENProcess 308 -Pipe 2d0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 30c -Pipe 300 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 0 -NGENProcess 30c -Pipe 320 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 31c -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 2e8 -Pipe 290 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 210 -InterruptEvent 0 -NGENProcess 2a0 -Pipe 304 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 0 -NGENProcess 2d8 -Pipe 2e4 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 2a0 -Pipe 2b8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 268 -InterruptEvent 0 -NGENProcess 2e8 -Pipe 214 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 224 -InterruptEvent 0 -NGENProcess 210 -Pipe 2d8 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 30c -Pipe 224 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 2dc -Pipe 2f0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 30c -Pipe 324 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 310 -Pipe 318 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 314 -InterruptEvent 0 -NGENProcess 310 -Pipe 32c -Comment "NGen Worker Process"
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe" install "C:\Program Files (x86)\Driver Support\DriverSupport.Updater.exe" /silent
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 20c -Pipe 218 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 2b4 -Pipe 2c4 -Comment "NGen Worker Process"
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Process created: C:\Program Files (x86)\Driver Support\DriverSupport.exe "C:\Program Files (x86)\Driver Support\DriverSupport.exe" /action:LaunchScanResultURL /applicationMode:systemTray /showWelcome:false /tid: /sid: /iid: /resultFilter:outofdate /useFastScan:true /scanSystem:true /scanUnplugged:false /sap:true /dialogStatus:true /scanVeloxum:true /hasVeloxum:true /startingDDIP:HomeNoResults /navigateToDDIP:Results /epid:7720
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xdix_tkb.cmdline"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESE380.tmp" "c:\Users\user\AppData\Local\Temp\CSCE37F.tmp"
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1cwryiam.cmdline"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESEA18.tmp" "c:\Users\user\AppData\Local\Temp\CSCEA17.tmp"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\omwb8eue.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/uxstate/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/uxstate/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/license/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/license/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/driverscan/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/driverscan/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/license/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/license/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/tests/progress/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/tests/progress/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/media/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/media/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/system/data/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/system/data/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/client/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/client/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/client/reboot/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/client/reboot/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/client/apiinfo/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/client/apiinfo/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\netsh.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESF478.tmp" "c:\Users\user\AppData\Local\Temp\CSCF467.tmp"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\nujzoc0o.cmdline"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESFF74.tmp" "c:\Users\user\AppData\Local\Temp\CSCFF64.tmp"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2qmjnycu.cmdline"
Source: unknown	Process created: C:\Program Files (x86)\Driver Support\DriverSupport.exe "C:\Program Files (x86)\Driver Support\DriverSupport.exe" /applicationMode:systemTray /showWelcome:false
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Program Files (x86)\Driver Support\DriverSupport.exe "C:\Program Files (x86)\Driver Support\DriverSupport.exe" /showWelcome:false /action:checkRuleManifests /applicationMode:current
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES57F.tmp" "c:\Users\user\AppData\Local\Temp\CSC57E.tmp"
Source: unknown	Process created: C:\Program Files (x86)\Driver Support\DriverSupport.exe "C:\Program Files (x86)\Driver Support\DriverSupport.exe" /showWelcome:false /action:scheduledScan /applicationMode:current
Source: unknown	Process created: C:\Program Files (x86)\Driver Support\DriverSupport.exe "C:\Program Files (x86)\Driver Support\DriverSupport.exe" /showWelcome:false /action:checkForUpdate /applicationMode:current
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eudbxj3q.cmdline"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESE2A.tmp" "c:\Users\user\AppData\Local\Temp\CSCE29.tmp"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\system32\WindowsPowerShell\v1.0\Powershell.exe" CheckNetIsolation LoopbackExempt -a -n='Microsoft.MicrosoftEdge_8wekyb3d8bbwe'
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\CheckNetIsolation.exe "C:\Windows\system32\CheckNetIsolation.exe" LoopbackExempt -a -n=Microsoft.MicrosoftEdge_8wekyb3d8bbwe
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Program Files (x86)\Driver Support\Agent.CPU.exe "C:\Program Files (x86)\Driver Support\Agent.CPU.exe"
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\pxf0sjbm.cmdline"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES22CB.tmp" "c:\Users\user\AppData\Local\Temp\CSC22CA.tmp"
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\136audgz.cmdline"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES2433.tmp" "c:\Users\user\AppData\Local\Temp\CSC2422.tmp"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2czp_euq.cmdline"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES34AD.tmp" "c:\Users\user\AppData\Local\Temp\CSC34AC.tmp"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eqfsbx8e.cmdline"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES3895.tmp" "c:\Users\user\AppData\Local\Temp\CSC3894.tmp"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\uy5zsjsg.cmdline"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES39FD.tmp" "c:\Users\user\AppData\Local\Temp\CSC39FC.tmp"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eg-h6dx3.cmdline"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Process created: C:\Users\user\AppData\Local\Temp\DriverSupport.exe "C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:""	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe" install "C:\Program Files (x86)\Driver Support\DriverSupport.exe" /silent	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe" install "C:\Program Files (x86)\Driver Support\DriverSupport.Updater.exe" /silent	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Process created: C:\Program Files (x86)\Driver Support\DriverSupport.exe "C:\Program Files (x86)\Driver Support\DriverSupport.exe" /action:LaunchScanResultURL /applicationMode:systemTray /showWelcome:false /tid: /sid: /iid: /resultFilter:outofdate /useFastScan:true /scanSystem:true /scanUnplugged:false /sap:true /dialogStatus:true /scanVeloxum:true /hasVeloxum:true /startingDDIP:HomeNoResults /navigateToDDIP:Results /epid:7720	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 210 -Pipe 218 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b4 -InterruptEvent 0 -NGENProcess 290 -Pipe 2a8 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 294 -InterruptEvent 0 -NGENProcess 2b4 -Pipe 28c -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c4 -InterruptEvent 0 -NGENProcess 294 -Pipe 2c8 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 210 -InterruptEvent 0 -NGENProcess 2c4 -Pipe 29c -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 294 -Pipe 2c4 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2cc -InterruptEvent 0 -NGENProcess 294 -Pipe 2b4 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 0 -NGENProcess 21c -Pipe 2e0 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2dc -InterruptEvent 0 -NGENProcess 2d8 -Pipe 2f4 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 300 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 294 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 2d0 -Pipe 2fc -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 314 -Pipe 294 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2f0 -Pipe 21c -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 0 -NGENProcess 308 -Pipe 2d0 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 30c -Pipe 300 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 0 -NGENProcess 30c -Pipe 320 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 31c -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 2e8 -Pipe 290 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 210 -InterruptEvent 0 -NGENProcess 2a0 -Pipe 304 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 0 -NGENProcess 2d8 -Pipe 2e4 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 2a0 -Pipe 2b8 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 268 -InterruptEvent 0 -NGENProcess 2e8 -Pipe 214 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 224 -InterruptEvent 0 -NGENProcess 210 -Pipe 2d8 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 30c -Pipe 224 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 2dc -Pipe 2f0 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 30c -Pipe 324 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 310 -Pipe 318 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 314 -InterruptEvent 0 -NGENProcess 310 -Pipe 32c -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 20c -Pipe 218 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 2b4 -Pipe 2c4 -Comment "NGen Worker Process"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xdix_tkb.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1cwryiam.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\omwb8eue.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/uxstate/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/uxstate/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/license/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/license/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/driverscan/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/driverscan/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/license/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/license/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/tests/progress/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/tests/progress/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/media/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/media/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/system/data/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/system/data/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/client/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/client/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/client/reboot/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/client/reboot/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/client/apiinfo/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/client/apiinfo/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\nujzoc0o.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1cwryiam.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2qmjnycu.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eudbxj3q.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\system32\WindowsPowerShell\v1.0\Powershell.exe" CheckNetIsolation LoopbackExempt -a -n='Microsoft.MicrosoftEdge_8wekyb3d8bbwe'
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Program Files (x86)\Driver Support\Agent.CPU.exe "C:\Program Files (x86)\Driver Support\Agent.CPU.exe"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2czp_euq.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\uy5zsjsg.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eg-h6dx3.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/client/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/driverscan/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2czp_euq.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/tests/progress/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESE380.tmp" "c:\Users\user\AppData\Local\Temp\CSCE37F.tmp"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESEA18.tmp" "c:\Users\user\AppData\Local\Temp\CSCEA17.tmp"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESF478.tmp" "c:\Users\user\AppData\Local\Temp\CSCF467.tmp"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESFB3E.tmp" "c:\Users\user\AppData\Local\Temp\CSCFB3D.tmp"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESFF74.tmp" "c:\Users\user\AppData\Local\Temp\CSCFF64.tmp"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES57F.tmp" "c:\Users\user\AppData\Local\Temp\CSC57E.tmp"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESE2A.tmp" "c:\Users\user\AppData\Local\Temp\CSCE29.tmp"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\CheckNetIsolation.exe "C:\Windows\system32\CheckNetIsolation.exe" LoopbackExempt -a -n=Microsoft.MicrosoftEdge_8wekyb3d8bbwe
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\pxf0sjbm.cmdline"
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\136audgz.cmdline"

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Section loaded: fusion.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: riched20.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: usp10.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msls31.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: riched20.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: usp10.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msls31.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: riched20.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: usp10.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msls31.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: riched20.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: usp10.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msls31.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: riched20.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: usp10.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msls31.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: riched20.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: usp10.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msls31.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: riched20.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: usp10.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msls31.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: riched20.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: usp10.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msls31.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: riched20.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: usp10.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msls31.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: riched20.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: usp10.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: msls31.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe

File written: C:\Windows\assembly\Desktop.ini

Found GUI installer (many successful clicks)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Automated click: OK
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Automated click: Next >
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Automated click: Agree Install

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Uses Microsoft Silverlight

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Creates a software uninstall entry

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverSupport

Jump to behavior

PE / OLE file has a valid certificate

Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Static PE information: certificate valid

Uses new MSVCR Dlls

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Binary contains paths to debug symbols

Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\fr\Agent.Common.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Common.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014BF6000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, Agent.CPU.exe, 00000072.00000002.2413421231.0000000005102000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\DriverDetective\Client.ThemePack\DriverSupport\obj\Release\ThemePack.DriverSupport.pdb,3 source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3871585270.000000002129A000.00000002.00000001.01000000.00000034.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.Updater.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /.C:\Users\user\AppData\Local\Temp\aj-eeo8o.pdbP source: DriverSupport.exe, 00000027.00000002.3632606934.0000000004942000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\cpuid\applications\CPUIDSDK\makefiles\win32_dll\vc2008\Release\cpuidsdk.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417375507.0000000010096000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: t.pdb source: DriverSupport.exe, 0000006A.00000002.2500095990.0000000001DE9000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\es\Agent.Communication.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\RuleEngine.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3845152659.000000001D7F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.Communication.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.Common.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013E67000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, Agent.CPU.exe, 00000072.00000002.2427225820.0000000069F1A000.00000020.00000001.01000000.00000023.sdmp, Agent.CPU.exe, 00000072.00000002.2412808249.0000000004E12000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\pt-BR\Agent.Communication.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\DriverDetective\ExceptionLogging\obj\Release\ExceptionLogging.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034F9000.00000004.00000020.00020000.00000000.sdmp, Agent.CPU.exe, Agent.CPU.exe, 00000072.00000002.2412573540.0000000004D62000.00000002.00000001.01000000.00000021.sdmp, Agent.CPU.exe, 00000072.00000002.2430705312.000000006F816000.00000020.00000001.01000000.00000026.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\es\Agent.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\pt-BR\Agent.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\de\Agent.Common.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\pt-BR\Agent.Updater.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\fr\Agent.Common.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws\RuleEngine.pdbpdbine.pdb source: DriverSupport.exe, 00000027.00000002.3845152659.000000001D7F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws\Common.pdbpdbmon.pdbEC source: DriverSupport.exe, 00000068.00000002.2515211784.0000000002186000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\pt-BR\Agent.Common.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\pt-BR\Agent.Communication.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\pt-BR\Agent.Common.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\pt-BR\Agent.Updater.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.Communication.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\es\Agent.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /.C:\Users\user\AppData\Local\Temp\a9l5a1sr.pdbp~ source: DriverSupport.exe, 00000027.00000002.3632606934.00000000047F8000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\DriverDetective\Client.ThemePack\DriverSupport\obj\Release\ThemePack.DriverSupport.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3871585270.000000002129A000.00000002.00000001.01000000.00000034.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: /.C:\Users\user\AppData\Local\Temp\-nsuveg8.pdbp~ source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\de\Agent.Updater.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Common.pdb\Micros source: DriverSupport.exe, 00000068.00000002.2515211784.0000000002186000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\fr\Agent.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\de\Agent.Communication.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\Application Blocks\ObjectBuilder\obj\Release\Microsoft.Practices.ObjectBuilder.pdbL source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3906729718.0000000023AB2000.00000002.00000001.01000000.0000003A.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\fr\Agent.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\dll\Common.pdb source: DriverSupport.exe, 00000027.00000002.3632214229.00000000022B6000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006B.00000002.2518778946.0000000001F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\DriverDetective\Client.ExceptionLogging\obj\Release\Agent.ExceptionLogging.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\it\Agent.Updater.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /.C:\Users\user\AppData\Local\Temp\vmwxj0vz.pdbp~ source: DriverSupport.exe, 00000027.00000002.3632606934.0000000004942000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: C:\WK\NsisDotNetChecker\plugin\Release\DotNetChecker.pdb source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\es\Agent.Updater.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\it\Agent.Updater.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\Visual Studio 2010\Projects\TaskService\obj\Release\Microsoft.Win32.TaskScheduler.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3870779447.0000000021102000.00000002.00000001.01000000.00000033.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\Application Blocks\Common\obj\Release\Microsoft.Practices.EnterpriseLibrary.Common.pdb(C source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003591000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3843998573.000000001D712000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.CPU.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014BF6000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000000.2362385656.0000000000272000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\it\Agent.Common.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Common.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014BF6000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2413421231.0000000005102000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: C:\Program Files (x86)\Driver Support\Common.pdb;.J source: DriverSupport.exe, 00000068.00000002.2515211784.0000000002186000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\RuleEngine.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3845152659.000000001D7F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\Application Blocks\ActivationProcessors\obj\Release\Microsoft.ApplicationBlocks.Updater.ActivationProcessors.pdb,I source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\es\Agent.Updater.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\cpuid\applications\cpuidsdk\driver\sys_cpuz_143\objfre_wxp_x86\i386\cpuz143_x32.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001650B000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417618642.00000000100BC000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\fr\Agent.Communication.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\fr\Agent.Communication.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Program Files (x86)\Driver Support\RuleEngine.pdb source: DriverSupport.exe, 00000027.00000002.3845152659.000000001D7F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Agent.Common.pdb source: DriverSupport.exe, 00000027.00000002.3632214229.00000000022B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\de\Agent.Updater.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: amBuild\Agent.Common.pdb`!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_ source: DriverSupport.exe, 00000027.00000002.3632214229.00000000022B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\Application Blocks\ActivationProcessors\obj\Release\Microsoft.ApplicationBlocks.Updater.ActivationProcessors.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\DriverDetective\ISUninstall\obj\Release\ISUninstall.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003550000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Common.pdbg 8, GII source: DriverSupport.exe, 00000068.00000002.2515211784.0000000002186000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\es\Agent.Common.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /.C:\Users\user\AppData\Local\Temp\dftx7twl.pdbp~ source: DriverSupport.exe, 00000027.00000002.3632606934.00000000048E3000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\it\Agent.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\symbols\dll\Common.pdbLI source: DriverSupport.exe, 00000066.00000002.2518714155.0000000001E66000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006A.00000002.2521403993.0000000002386000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006B.00000002.2518778946.0000000001F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\cpuid\applications\cpuidsdk\driver\sys_cpuz_143\objfre_win7_ia64\ia64\cpuz143_ia64.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001650B000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417618642.00000000100BC000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\it\Agent.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.Common.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013E67000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2412808249.0000000004E12000.00000002.00000001.01000000.0000001F.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\fr\Agent.Updater.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\symbols\dll\RuleEngine.pdb source: DriverSupport.exe, 00000027.00000002.3845152659.000000001D7F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Common.pdb source: DriverSupport.exe, 00000027.00000002.3632214229.00000000022B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Program Files (x86)\Driver Support\Common.pdbyst source: DriverSupport.exe, 00000066.00000002.2518714155.0000000001E66000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006A.00000002.2521403993.0000000002386000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006B.00000002.2518778946.0000000001F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\de\Agent.Common.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002BB6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\symbols\dll\Common.pdb4 source: DriverSupport.exe, 00000068.00000002.2515211784.0000000002186000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\Application Blocks\Common\obj\Release\Microsoft.Practices.EnterpriseLibrary.Common.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003591000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3843998573.000000001D712000.00000002.00000001.01000000.00000030.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\es\Agent.Communication.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002D47000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws\dll\Agent.Communication.pdb source: DriverSupport.exe, 00000027.00000002.3632214229.00000000022B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\dll\Common.pdb7 source: DriverSupport.exe, 0000006A.00000002.2521403993.0000000002386000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\Common.pdbive=C: source: DriverSupport.exe, 00000066.00000002.2518714155.0000000001E66000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006A.00000002.2521403993.0000000002386000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006B.00000002.2518778946.0000000001F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /.C:\Users\user\AppData\Local\Temp\a9l5a1sr.pdbP source: DriverSupport.exe, 00000027.00000002.3632606934.00000000046DC000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\Application Blocks\Updater\obj\Release\Microsoft.ApplicationBlocks.Updater.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003571000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3876714906.0000000021462000.00000002.00000001.01000000.00000036.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\it\Agent.Communication.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: t.pdbo source: DriverSupport.exe, 00000066.00000002.2500952321.0000000001A23000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\it\Agent.Common.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002E9B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\dll\Common.pdb+ source: DriverSupport.exe, 00000066.00000002.2518714155.0000000001E66000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\it\Agent.Communication.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: forms\TeamBuild\Agent.Communication.pdb source: DriverSupport.exe, 00000027.00000002.3632214229.00000000022B6000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\pt-BR\Agent.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002EB2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /.C:\Users\user\AppData\Local\Temp\vmwxj0vz.pdbP source: DriverSupport.exe, 00000027.00000002.3632606934.00000000048E3000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\fr\Agent.Updater.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002DF1000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\Application Blocks\Downloaders\obj\Release\Microsoft.ApplicationBlocks.Updater.Downloaders.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000003591000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\es\Agent.Common.resources.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002D30000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: ws\Common.pdbpdbmon.pdb\P source: DriverSupport.exe, 00000066.00000002.2518714155.0000000001E66000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006A.00000002.2521403993.0000000002386000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006B.00000002.2518778946.0000000001F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\dll\RuleEngine.pdb source: DriverSupport.exe, 00000027.00000002.3845152659.000000001D7F0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.Updater.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Agent.CPU.pdbBSJB source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014BF6000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000000.2362385656.0000000000272000.00000002.00000001.01000000.0000001E.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\de\Agent.Communication.resources.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\cpuid\applications\cpuidsdk\driver\sys_cpuz_143\objfre_win7_amd64\amd64\cpuz143_x64.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000034C7000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001653D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001650B000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2417618642.00000000100BC000.00000002.00000001.01000000.00000028.sdmp
Source:	Binary string: /.C:\Users\user\AppData\Local\Temp\aj-eeo8o.pdbp~ source: DriverSupport.exe, 00000027.00000002.3632606934.0000000004995000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\Application Blocks\ObjectBuilder\obj\Release\Microsoft.Practices.ObjectBuilder.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3906729718.0000000023AB2000.00000002.00000001.01000000.0000003A.sdmp
Source:	Binary string: /.C:\Users\user\AppData\Local\Temp\dftx7twl.pdbP source: DriverSupport.exe, 00000027.00000002.3632606934.0000000004880000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\BuildAgents\5\DriversHQ\Driver Detective New Results\BuildType\..\src\..\bin\Mixed Platforms\TeamBuild\Common.pdbh=%Prog source: DriverSupport.exe, 00000066.00000002.2518714155.0000000001E66000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006A.00000002.2521403993.0000000002386000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 0000006B.00000002.2518778946.0000000001F56000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\BuildAgents\5\DriversHQ\Driver Detective New Results\src\DriverDetective-NewResults\Application Blocks\Cryptography\obj\Release\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.pdb source: DriverSupport.exe, 00000004.00000002.2301192070.00000000035B5000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3844786117.000000001D7A2000.00000002.00000001.01000000.00000031.sdmp
Source:	Binary string: C:\Windows\dll\Common.pdbBz source: DriverSupport.exe, 00000068.00000002.2515211784.0000000002186000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\RuleEngine.pdb, source: DriverSupport.exe, 00000027.00000002.3632214229.00000000022B6000.00000004.00000020.00020000.00000000.sdmp

Data Obfuscation

Compiles C# or VB.Net code

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xdix_tkb.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1cwryiam.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\omwb8eue.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\nujzoc0o.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2qmjnycu.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eudbxj3q.cmdline"
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\pxf0sjbm.cmdline"
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\136audgz.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2czp_euq.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eqfsbx8e.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\uy5zsjsg.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eg-h6dx3.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xdix_tkb.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1cwryiam.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\omwb8eue.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\nujzoc0o.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1cwryiam.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2qmjnycu.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eudbxj3q.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2czp_euq.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\uy5zsjsg.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eg-h6dx3.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2czp_euq.cmdline"
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\pxf0sjbm.cmdline"
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\136audgz.cmdline"

Contains functionality to dynamically determine API calls

Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe

Code function: 114_2_1004C0B7 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SetupDiGetClassDevsA,_malloc,CreateFileA,_strcpy_s,_strcpy_s,_strcpy_s,_strcpy_s,_strlen,_strcpy_s,CloseHandle,SetupDiDestroyDeviceInfoList,FreeLibrary,

114_2_1004C0B7

Uses code obfuscation techniques (call, push, ret)

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9BB5F8D3 push cs; retn 0000h	39_2_00007FFD9BB5F8E5
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9BCF5F87 push cs; retn 0000h	39_2_00007FFD9BCF5F8D
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9BCF7278 push ebp; iretd	39_2_00007FFD9BCF728F
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9BCF7502 push ebp; iretd	39_2_00007FFD9BCF7503
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9BDA3431 push cs; retn 0000h	39_2_00007FFD9BDA3435
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9BDA50D1 push cs; retn 0000h	39_2_00007FFD9BDA50D5
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9BDA4091 push cs; retn 0000h	39_2_00007FFD9BDA40A5
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9BDA803F push cs; retn 0000h	39_2_00007FFD9BDA8051
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9BE35A9E push esi; retf	39_2_00007FFD9BE35A9F
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9BE32A22 pushad ; iretd	39_2_00007FFD9BE32A39
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9BEDAE76 push cs; retn 0000h	39_2_00007FFD9BEDAE91
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9BED3486 push edx; retf	39_2_00007FFD9BED349D
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C074C99 push cs; retn 0000h	39_2_00007FFD9C074C9D
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C081FDF push cs; retn 0000h	39_2_00007FFD9C081FF1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C080A10 push cs; retn 0000h	39_2_00007FFD9C080A21
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C13522D push cs; retn 0000h	39_2_00007FFD9C135231
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C135E8F push esp; iretd	39_2_00007FFD9C135EA9
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C12E779 push cs; retn 0000h	39_2_00007FFD9C12E799
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C1D9D34 push E8000015h; ret	39_2_00007FFD9C1D9D39
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C30FCC2 push esp; ret	39_2_00007FFD9C30FE69
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C30FD99 push esp; ret	39_2_00007FFD9C30FE69
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C50AAC4 push E8000001h; ret	39_2_00007FFD9C50AAE9
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C595794 push E8000017h; retf	39_2_00007FFD9C595799
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C7890AD push cs; retn 0000h	39_2_00007FFD9C7890B1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C7861DD push cs; retn 0000h	39_2_00007FFD9C7861ED
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C784989 push cs; retn 0000h	39_2_00007FFD9C78498D
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C7859CF push cs; retn 0000h	39_2_00007FFD9C7859DD
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C7855CE push cs; retn 0000h	39_2_00007FFD9C7855E1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C78573B push cs; retn 0000h	39_2_00007FFD9C78574D
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C7F406C push cs; retn 0000h	39_2_00007FFD9C7F4089
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Code function: 39_2_00007FFD9C7F0261 push cs; retn 0000h	39_2_00007FFD9C7F0275

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC614.tmp\Agent.Common.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD47B.tmp\Microsoft.Practices.ObjectBuilder.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\00d15e9c35244f43c7b8bf36d1bb48cc\ICSharpCode.SharpZipLib.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCA1B.tmp\Agent.Communication.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAFDC.tmp\System.DirectoryServices.Protocols.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA2FC.tmp\ExceptionLogging.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	File created: C:\Users\user\AppData\Local\Temp\xdix_tkb.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	File created: C:\Users\user\AppData\Local\Temp\eudbxj3q.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\System.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	File created: C:\Users\user\AppData\Local\Temp\1cwryiam.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\263781c7aacc93a3afa893720adb71f2\Microsoft.Practices.ObjectBuilder.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAD6B.tmp\Microsoft.VisualC.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCDC5.tmp\RuleEngine.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Win32.Tas#\37eb33caafd5db73e68082c81ef1e0a5\Microsoft.Win32.TaskScheduler.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCCDA.tmp\Microsoft.Win32.TaskScheduler.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP959E.tmp\Common.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPACCF.tmp\Microsoft.Vsa.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	File created: C:\Users\user\AppData\Local\Temp\nujzoc0o.dll	Jump to dropped file
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File created: C:\Users\user\AppData\Local\Temp\tmp1BE5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\cpuidsdk.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\Agent.Communication.XmlSerializers.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.Downloaders.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\ThemePack.DriverSupport.dll	Jump to dropped file
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File created: C:\ProgramData\Driver Support\Driver Support\DDRM\74ffc5230a2a4b1e8207edf131738e1e.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\Agent.ExceptionLogging.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\Interop.WUApiLib.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\17326adb8598b7c3c8750b4023fdc64e\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\RuleEngine.XmlSerializers.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\Uninstall.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPADF8.tmp\System.EnterpriseServices.Wrapper.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\Agent.ExceptionLogging.XmlSerializers.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD259.tmp\Microsoft.ApplicationBlocks.Updater.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\9c372fb846c16447196f1cb1f4290dae\XPBurnComponent.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\ExceptionLogging\7fb38a2727987d2842924921a2567970\ExceptionLogging.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC97F.tmp\Interop.WUApiLib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	File created: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	File created: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\System.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b4dea039a943da5c4afe75ae1e9ed665\System.DirectoryServices.Protocols.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC076.tmp\System.Drawing.Design.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\9b51a87621e285c977664835b5f3cf4b\System.Web.RegularExpressions.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\Agent.Common.XmlSerializers.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	File created: C:\Users\user\AppData\Local\Temp\omwb8eue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA906.tmp\Microsoft.JScript.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\RuleEngine.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD5D3.tmp\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Updater\37537651740f30dd38deda45befbd304\Agent.Updater.ni.exe (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPADF8.tmp\System.EnterpriseServices.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	File created: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD353.tmp\Microsoft.Practices.EnterpriseLibrary.Common.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\469c8b7e2a8a123322bdacbd7ba00a8c\Microsoft.Vsa.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b284ad5164c9539ce7375228dee925fa\System.EnterpriseServices.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC410.tmp\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\Linker.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB2F9.tmp\System.Design.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC142.tmp\System.Data.OracleClient.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Communication\5fd1c8175527ba0537d0a88e78239ef3\Agent.Communication.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Common\f79e1ab6f1786caa351ee0d2384ee6a4\Common.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\Agent.Common.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	File created: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\nsisdl.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\919121cf5560278d8dc871928c969480\System.Runtime.Serialization.Formatters.Soap.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.ActivationProcessors.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent\a69ce6357fb391c421cd72a75fdbf42d\Agent.ni.exe (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	File created: C:\Users\user\AppData\Local\Temp\2qmjnycu.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA3A7.tmp\System.Runtime.Serialization.Formatters.Soap.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\RuleEngine\4bdb76de6604335296474f74c4cbb6c4\RuleEngine.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA146.tmp\System.Security.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b284ad5164c9539ce7375228dee925fa\System.EnterpriseServices.Wrapper.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\23f2e1e196f71523e1ef513e643c983f\System.Design.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\2c05915f5623d1aa5bb4121a26b16a00\Microsoft.VisualC.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\Common.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\f9006ce65a14801ded8b839fab9bfebd\Microsoft.JScript.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\457dd1c25d156d9b39e0252ed2359a45\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Common.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\Agent.Communication.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\ISUninstall.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8254.tmp\Agent.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\4d51fef9118100446bd1838c1f081755\System.Security.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\Microsoft.Win32.TaskScheduler.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9C74.tmp\System.Data.SqlXml.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDBAF.tmp\Agent.Updater.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.WUApiLib\bcb74b2753db931431b4a9f9edf4bb8f\Interop.WUApiLib.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\de965ec14a73eae5d33502aa55ac30b0\Microsoft.ApplicationBlocks.Updater.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	File created: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\Linker.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\4bb73c27f8c6af54ed5fa349a7845bad\System.Drawing.Design.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\90c1fadfe8510201a762a907c7eb1faf\System.Data.SqlXml.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	File created: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD6CD.tmp\XPBurnComponent.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\ThreadTimer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\DriverSupport.Updater.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	File created: C:\Users\user\AppData\Local\Temp\j12i-fj-.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Common\dde70247168d305464eb486f7dd1b054\Agent.Common.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\0665e4875d42b99f24e22762d9d60c42\System.Data.OracleClient.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\XPBurnComponent.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\Microsoft.Practices.ObjectBuilder.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	File created: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\LangDLL.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA4E0.tmp\System.Deployment.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\e3fa6c30d72ec45df2e5f5f297b83cec\System.Deployment.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC307.tmp\System.Web.RegularExpressions.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\WinShell.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\nsExec.dll	Jump to dropped file

Drops PE files to the application program directory (C:\ProgramData)

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe

File created: C:\ProgramData\Driver Support\Driver Support\DDRM\74ffc5230a2a4b1e8207edf131738e1e.exe

Jump to dropped file

Drops PE files to the windows directory (C:\Windows)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD5D3.tmp\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC614.tmp\Agent.Common.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD47B.tmp\Microsoft.Practices.ObjectBuilder.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Updater\37537651740f30dd38deda45befbd304\Agent.Updater.ni.exe (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\00d15e9c35244f43c7b8bf36d1bb48cc\ICSharpCode.SharpZipLib.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPADF8.tmp\System.EnterpriseServices.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCA1B.tmp\Agent.Communication.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD353.tmp\Microsoft.Practices.EnterpriseLibrary.Common.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\469c8b7e2a8a123322bdacbd7ba00a8c\Microsoft.Vsa.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b284ad5164c9539ce7375228dee925fa\System.EnterpriseServices.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC410.tmp\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAFDC.tmp\System.DirectoryServices.Protocols.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA2FC.tmp\ExceptionLogging.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB2F9.tmp\System.Design.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC142.tmp\System.Data.OracleClient.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Communication\5fd1c8175527ba0537d0a88e78239ef3\Agent.Communication.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Common\f79e1ab6f1786caa351ee0d2384ee6a4\Common.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\263781c7aacc93a3afa893720adb71f2\Microsoft.Practices.ObjectBuilder.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAD6B.tmp\Microsoft.VisualC.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCDC5.tmp\RuleEngine.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\919121cf5560278d8dc871928c969480\System.Runtime.Serialization.Formatters.Soap.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Win32.Tas#\37eb33caafd5db73e68082c81ef1e0a5\Microsoft.Win32.TaskScheduler.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCCDA.tmp\Microsoft.Win32.TaskScheduler.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent\a69ce6357fb391c421cd72a75fdbf42d\Agent.ni.exe (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP959E.tmp\Common.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA3A7.tmp\System.Runtime.Serialization.Formatters.Soap.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\RuleEngine\4bdb76de6604335296474f74c4cbb6c4\RuleEngine.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA146.tmp\System.Security.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPACCF.tmp\Microsoft.Vsa.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b284ad5164c9539ce7375228dee925fa\System.EnterpriseServices.Wrapper.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\23f2e1e196f71523e1ef513e643c983f\System.Design.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\2c05915f5623d1aa5bb4121a26b16a00\Microsoft.VisualC.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\f9006ce65a14801ded8b839fab9bfebd\Microsoft.JScript.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\457dd1c25d156d9b39e0252ed2359a45\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\17326adb8598b7c3c8750b4023fdc64e\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8254.tmp\Agent.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\4d51fef9118100446bd1838c1f081755\System.Security.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9C74.tmp\System.Data.SqlXml.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPADF8.tmp\System.EnterpriseServices.Wrapper.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD259.tmp\Microsoft.ApplicationBlocks.Updater.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDBAF.tmp\Agent.Updater.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.WUApiLib\bcb74b2753db931431b4a9f9edf4bb8f\Interop.WUApiLib.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\de965ec14a73eae5d33502aa55ac30b0\Microsoft.ApplicationBlocks.Updater.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\9c372fb846c16447196f1cb1f4290dae\XPBurnComponent.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\ExceptionLogging\7fb38a2727987d2842924921a2567970\ExceptionLogging.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\4bb73c27f8c6af54ed5fa349a7845bad\System.Drawing.Design.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\90c1fadfe8510201a762a907c7eb1faf\System.Data.SqlXml.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC97F.tmp\Interop.WUApiLib.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD6CD.tmp\XPBurnComponent.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Common\dde70247168d305464eb486f7dd1b054\Agent.Common.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\0665e4875d42b99f24e22762d9d60c42\System.Data.OracleClient.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b4dea039a943da5c4afe75ae1e9ed665\System.DirectoryServices.Protocols.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC076.tmp\System.Drawing.Design.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\9b51a87621e285c977664835b5f3cf4b\System.Web.RegularExpressions.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\e3fa6c30d72ec45df2e5f5f297b83cec\System.Deployment.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA4E0.tmp\System.Deployment.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC307.tmp\System.Web.RegularExpressions.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA906.tmp\Microsoft.JScript.dll	Jump to dropped file

Boot Survival

Installs Task Scheduler Managed Wrapper

Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Program Files (x86)\Driver Support\Microsoft.Win32.TaskScheduler.dll			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCCDA.tmp\Microsoft.Win32.TaskScheduler.dll

Creates or modifies windows services

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0\Linkage

Modifies existing windows services

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe

Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Memory Cache 4.0\Linkage

Stores files to the Windows start menu directory

Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support\Driver Support.lnk	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support\Uninstall Driver Support.lnk	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe

Code function: 114_2_100454DF LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,GetCurrentThread,SetThreadDescription,GetSystemInfo,GetNativeSystemInfo,GetLastError,QueryPerformanceFrequency,CreateThread,_swprintf,SetThreadDescription,SetThreadGroupAffinity,GetLastError,GetLastError,SetThreadPriority,GetCurrentProcess,GetProcessAffinityMask,SetProcessAffinityMask,CreateThread,SetThreadAffinityMask,SetThreadPriority,ResumeThread,WaitForSingleObject,CloseHandle,CreateThread,SetThreadDescription,SetThreadGroupAffinity,GetLastError,GetLastError,SetThreadAffinityMask,SetThreadPriority,CreateThread,_swprintf,SetThreadDescription,SetThreadGroupAffinity,GetLastError,GetLastError,SetThreadAffinityMask,SetThreadPriority,CreateThread,_swprintf,SetThreadDescription,SetThreadGroupAffinity,GetLastError,GetLastError,SetThreadAffinityMask,SetThreadPriority,ResumeThread,ResumeThread,

114_2_100454DF

Stores large binary data to the registry

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots\C:/Program Files (x86)/Driver Support/DriverSupport.exe\0 ImageList

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking system information)

Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe

Evasive API call chain: NtQuerySystemInformation,DecisionNodes,Sleep

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Query firmware table information (likely to detect VMs)

Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	System information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	System information queried: FirmwareTableInformation

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Memory allocated: 1CC0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Memory allocated: 3DA0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Memory allocated: 1BDA0000 memory commit \| memory reserve \| memory write watch
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Memory allocated: 1CA0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Memory allocated: 3A50000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Memory allocated: 1BA50000 memory commit \| memory reserve \| memory write watch
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Memory allocated: 2140000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Memory allocated: 3FF0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Memory allocated: 1BFF0000 memory commit \| memory reserve \| memory write watch
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Memory allocated: 1F60000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Memory allocated: 4070000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Memory allocated: 1C070000 memory commit \| memory reserve \| memory write watch
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Memory allocated: 1B20000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Memory allocated: 39B0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Memory allocated: 1B9B0000 memory commit \| memory reserve \| memory write watch
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Memory allocated: B10000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Memory allocated: 28B0000 memory reserve \| memory write watch
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Memory allocated: 48B0000 memory commit \| memory reserve \| memory write watch

Contains capabilities to detect virtual machines

Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe

File opened / queried: scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}

Contains long sleeps (>= 3 min)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Thread delayed: delay time: 922337203685477

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Window / User API: threadDelayed 361	Jump to behavior
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Window / User API: threadDelayed 1155
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Window / User API: threadDelayed 7507
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1017
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2446

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD47B.tmp\Microsoft.Practices.ObjectBuilder.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC614.tmp\Agent.Common.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\00d15e9c35244f43c7b8bf36d1bb48cc\ICSharpCode.SharpZipLib.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCA1B.tmp\Agent.Communication.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAFDC.tmp\System.DirectoryServices.Protocols.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA2FC.tmp\ExceptionLogging.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\xdix_tkb.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\eudbxj3q.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\System.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\1cwryiam.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\263781c7aacc93a3afa893720adb71f2\Microsoft.Practices.ObjectBuilder.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAD6B.tmp\Microsoft.VisualC.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCDC5.tmp\RuleEngine.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Win32.Tas#\37eb33caafd5db73e68082c81ef1e0a5\Microsoft.Win32.TaskScheduler.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCCDA.tmp\Microsoft.Win32.TaskScheduler.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP959E.tmp\Common.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPACCF.tmp\Microsoft.Vsa.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nujzoc0o.dll	Jump to dropped file
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\tmp1BE5.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\cpuidsdk.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\Agent.Communication.XmlSerializers.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.Downloaders.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\ThemePack.DriverSupport.dll	Jump to dropped file
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Dropped PE file which has not been started: C:\ProgramData\Driver Support\Driver Support\DDRM\74ffc5230a2a4b1e8207edf131738e1e.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\Agent.ExceptionLogging.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\Interop.WUApiLib.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\17326adb8598b7c3c8750b4023fdc64e\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\Uninstall.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\RuleEngine.XmlSerializers.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPADF8.tmp\System.EnterpriseServices.Wrapper.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\Agent.ExceptionLogging.XmlSerializers.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD259.tmp\Microsoft.ApplicationBlocks.Updater.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\9c372fb846c16447196f1cb1f4290dae\XPBurnComponent.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\ExceptionLogging\7fb38a2727987d2842924921a2567970\ExceptionLogging.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC97F.tmp\Interop.WUApiLib.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\UserInfo.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\System.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b4dea039a943da5c4afe75ae1e9ed665\System.DirectoryServices.Protocols.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC076.tmp\System.Drawing.Design.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\9b51a87621e285c977664835b5f3cf4b\System.Web.RegularExpressions.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\Agent.Common.XmlSerializers.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\omwb8eue.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA906.tmp\Microsoft.JScript.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD5D3.tmp\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\RuleEngine.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Updater\37537651740f30dd38deda45befbd304\Agent.Updater.ni.exe (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD353.tmp\Microsoft.Practices.EnterpriseLibrary.Common.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC410.tmp\ICSharpCode.SharpZipLib.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\469c8b7e2a8a123322bdacbd7ba00a8c\Microsoft.Vsa.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b284ad5164c9539ce7375228dee925fa\System.EnterpriseServices.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\Linker.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC142.tmp\System.Data.OracleClient.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB2F9.tmp\System.Design.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Communication\5fd1c8175527ba0537d0a88e78239ef3\Agent.Communication.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Common\f79e1ab6f1786caa351ee0d2384ee6a4\Common.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\nsisdl.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\Agent.Common.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\919121cf5560278d8dc871928c969480\System.Runtime.Serialization.Formatters.Soap.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.ActivationProcessors.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2qmjnycu.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent\a69ce6357fb391c421cd72a75fdbf42d\Agent.ni.exe (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA3A7.tmp\System.Runtime.Serialization.Formatters.Soap.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\RuleEngine\4bdb76de6604335296474f74c4cbb6c4\RuleEngine.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b284ad5164c9539ce7375228dee925fa\System.EnterpriseServices.Wrapper.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\23f2e1e196f71523e1ef513e643c983f\System.Design.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\2c05915f5623d1aa5bb4121a26b16a00\Microsoft.VisualC.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\f9006ce65a14801ded8b839fab9bfebd\Microsoft.JScript.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\Common.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\457dd1c25d156d9b39e0252ed2359a45\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Common.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\Agent.Communication.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\ISUninstall.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8254.tmp\Agent.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\4d51fef9118100446bd1838c1f081755\System.Security.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\Microsoft.Win32.TaskScheduler.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9C74.tmp\System.Data.SqlXml.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDBAF.tmp\Agent.Updater.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.WUApiLib\bcb74b2753db931431b4a9f9edf4bb8f\Interop.WUApiLib.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\de965ec14a73eae5d33502aa55ac30b0\Microsoft.ApplicationBlocks.Updater.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\Linker.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\4bb73c27f8c6af54ed5fa349a7845bad\System.Drawing.Design.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\90c1fadfe8510201a762a907c7eb1faf\System.Data.SqlXml.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD6CD.tmp\XPBurnComponent.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\ThreadTimer.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\DriverSupport.Updater.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\j12i-fj-.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Common\dde70247168d305464eb486f7dd1b054\Agent.Common.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\0665e4875d42b99f24e22762d9d60c42\System.Data.OracleClient.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\XPBurnComponent.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Program Files (x86)\Driver Support\Microsoft.Practices.ObjectBuilder.dll	Jump to dropped file
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\LangDLL.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC307.tmp\System.Web.RegularExpressions.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA4E0.tmp\System.Deployment.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\e3fa6c30d72ec45df2e5f5f297b83cec\System.Deployment.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\WinShell.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\nsExec.dll	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe TID: 7748	Thread sleep count: 154 > 30	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 7920	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 7988	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 8104	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 8152	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 7188	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 3168	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 6924	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 2540	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 7244	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 5672	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 7204	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 7536	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 5428	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 7616	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 3020	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 3052	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 4408	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 1668	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 7424	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 7776	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 7904	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 3896	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 6512	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 7968	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 7160	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 6900	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 8096	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 8152	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 7200	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe TID: 5608	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe TID: 2112	Thread sleep time: -10145709240540247s >= -30000s
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe TID: 3288	Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe TID: 2112	Thread sleep time: -112605s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 7496	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe TID: 5964	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe TID: 4812	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe TID: 5776	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe TID: 2720	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe TID: 3584	Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe TID: 5316	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe TID: 1360	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe TID: 8176	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7644	Thread sleep count: 1017 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7584	Thread sleep count: 2446 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 940	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe TID: 1244	Thread sleep time: -922337203685477s >= -30000s

Queries disk information (often used to detect virtual machines)

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Model From Win32_BaseBoard
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Manufacturer From Win32_BaseBoard
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name From Win32_BaseBoard
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select SerialNumber From Win32_BaseBoard
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Caption,Description,InstallDate,Manufacturer,Model,Name,OtherIdentifyingInfo,PartNumber,Product,SerialNumber,SKU,SlotLayout,Tag,Version from Win32_Baseboard
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Version from Win32_BIOS
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Description from Win32_BIOS
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ReleaseDate from Win32_BIOS
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Manufacturer from Win32_BIOS
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select SerialNumber from Win32_BIOS
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select SMBIOSBIOSVersion from Win32_BIOS
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select SMBIOSMajorVersion from Win32_BIOS
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select SMBIOSMinorVersion from Win32_BIOS
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select SMBIOSPresent from Win32_BIOS
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Caption,Description,IdentifyingNumber,Name,SKUNumber,UUID,Vendor,Version from Win32_ComputerSystemProduct
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select PartOfDomain from Win32_ComputerSystem
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select UniqueId From Win32_Processor
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select ProcessorId From Win32_Processor
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File Volume queried: \Device\CdRom0\ FullSizeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File Volume queried: \Device\CdRom0\ FullSizeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File Volume queried: \Device\CdRom0\ FullSizeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File Volume queried: C:\ FullSizeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File Volume queried: \Device\CdRom0\ FullSizeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File Volume queried: \Device\CdRom0\ FullSizeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File Volume queried: \Device\CdRom0\ FullSizeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File Volume queried: C:\ FullSizeInformation

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Code function: 0_2_00406167 FindFirstFileA,FindClose,	0_2_00406167
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Code function: 0_2_00405705 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_00405705
Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	Code function: 0_2_00402688 FindFirstFileA,	0_2_00402688
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Code function: 4_2_00406167 FindFirstFileA,FindClose,	4_2_00406167
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Code function: 4_2_00405705 CloseHandle,GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	4_2_00405705
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Code function: 4_2_00402688 FindFirstFileA,	4_2_00402688

Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe

114_2_100454DF

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Thread delayed: delay time: 922337203685477

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\NULL
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\NULL
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File opened: C:\Users\user\AppData\Local\Temp\acrocef_low\NULL
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	File opened: C:\Users\user\AppData\Local\Temp\acrord32_super_sbx\Adobe\Acrobat

Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ;Windows Small Business ServerGStandard Server (core installation)gStandard Server without Hyper-V (core installation)
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware
Source: DriverSupport.exe, 00000027.00000002.3627855368.0000000001BE2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V ofbadrbdiknmbon Bus Pipes
Source: DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014879000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001477F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <driverDescription>Microsoft Hyper-V Virtualization Infrastructure Driver</driverDescription>
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: rsion="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Header><DefaultHeader xmlns="http://webservices.drivershq.com/2011/12/driverupdateservice"><AffiliateID>portal</AffiliateID><ResellerID xsi:nil="true" /><WhiteLabelID>30</WhiteLabelID><Culture>en-GB</Culture><ApplicationVersion>10.1.6.14</ApplicationVersion><OperatingSystem>134217728</OperatingSystem></DefaultHeader><EncryptionHeader xmlns="http://webservices.drivershq.com/2011/12/driverupdateservice" /></soap:Header><soap:Body><GetSupportMetaDataApplicationByDevice xmlns="http://webservices.drivershq.com/2011/12/driverupdateservice"><deviceXML><?xml version="1.0" encoding="utf-16"?><device xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><description>Microsoft Software Printer Driver</description><manufacturer>Microsoft</manufacturer><deviceKey>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}</deviceKey><class>Printer</class><className>Printers</className><classGUID>{4d36e979-e325-11ce-bfc1-08002be10318}</classGUID><driverDate>21/06/2006</driverDate><driverVersion>10.0.19041.1</driverVersion><driverDescription>Microsoft Software Printer Driver</driverDescription><driverProvider>Microsoft</driverProvider><isSystem>false</isSystem><hasFriendlyName>false</hasFriendlyName><hardwareIDs>{133619E4-143B-463A-B809-B1F51D05F973}</hardwareIDs><instanceID>{133619E4-143B-463A-B809-B1F51D05F973}</instanceID><driverUpdateValues><driverProvider /><recommendedDriverID xsi:nil="true" /><reportAsOutOfDate>false</reportAsOutOfDate><isManufacturerMatch>false</isManufacturerMatch><is64Bit>false</is64Bit><hasDriverPack>false</hasDriverPack><severity /><class /><classGUID>00000000-0000-0000-0000-000000000000</classGUID><hash /><matchedOn /><matchingOS xsi:nil="true" /><hasDownloaded>false</hasDownloaded></driverUpdateValues><isUnplugged>false</isUnplugged><driverUpdateType>None</driverUpdateType></device></deviceXML><machineIntelligenceXML><?xml version="1.0" encoding="utf-16"?><machineIntelligence xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><manufacturerData key="86501" value="VMWare" isLaptop="false" logoID="e5e3430e-4b18-4ff5-add2-524cc38cac29" logoUrl="https://driversupport-fms.azureedge.net/drivers/46ba61258d89448bb7bc738033772e67/vmware2.png" /><familyData key="86504" value="Workstation" isLaptop="false" logoID="" logoUrl="" /><modelData key="108891" value
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Header><DefaultHeader xmlns="http://webservices.drivershq.com/2011/12/driverupdateservice"><AffiliateID>portal</AffiliateID><ResellerID xsi:nil="true" /><WhiteLabelID>30</WhiteLabelID><Culture>en-GB</Culture><ApplicationVersion>10.1.6.14</ApplicationVersion><OperatingSystem>134217728</OperatingSystem></DefaultHeader><EncryptionHeader xmlns="http://webservices.drivershq.com/2011/12/driverupdateservice" /></soap:Header><soap:Body><GetSupportMetaDataApplicationByDevice xmlns="http://webservices.drivershq.com/2011/12/driverupdateservice"><deviceXML><?xml version="1.0" encoding="utf-16"?><device xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><description>Microsoft Software Printer Driver</description><manufacturer>Microsoft</manufacturer><deviceKey>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}</deviceKey><class>Printer</class><className>Printers</className><classGUID>{4d36e979-e325-11ce-bfc1-08002be10318}</classGUID><driverDate>21/06/2006</driverDate><driverVersion>10.0.19041.1</driverVersion><driverDescription>Microsoft Software Printer Driver</driverDescription><driverProvider>Microsoft</driverProvider><isSystem>false</isSystem><hasFriendlyName>false</hasFriendlyName><hardwareIDs>{133619E4-143B-463A-B809-B1F51D05F973}</hardwareIDs><instanceID>{133619E4-143B-463A-B809-B1F51D05F973}</instanceID><driverUpdateValues><driverProvider /><recommendedDriverID xsi:nil="true" /><reportAsOutOfDate>false</reportAsOutOfDate><isManufacturerMatch>false</isManufacturerMatch><is64Bit>false</is64Bit><hasDriverPack>false</hasDriverPack><severity /><class /><classGUID>00000000-0000-0000-0000-000000000000</classGUID><hash /><matchedOn /><matchingOS xsi:nil="true" /><hasDownloaded>false</hasDownloaded></driverUpdateValues><isUnplugged>false</isUnplugged><driverUpdateType>None</driverUpdateType></device></deviceXML><machineIntelligenceXML><?xml version="1.0" encoding="utf-16"?><machineIntelligence xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><manufacturerData key="86501" value="VMWare" isLaptop="false" logoID="e5e3430e-4b18-4ff5-add2-524cc38cac29" logoUrl="https://driversupport-fms.azureedge.net/drivers/46ba61258d89448bb7bc738033772e67/vmware2.png" /><familyData key="86504" value="Workstation" isLaptop="false" logoID="" logoUrl="" /><modelData key="10889
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Home Premium N1Microsoft Hyper-V Server
Source: DriverSupport.exe, 00000027.00000002.3680270900.000000001477F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <wmiManufacturerName>VMware, Inc.</wmiManufacturerName>
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ]\https://driversupport-fms.azureedge.net/drivers/51e8f6c34f7e075d1cf1648791da3acc/VMware1.png
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ]\https://driversupport-fms.azureedge.net/drivers/46ba61258d89448bb7bc738033772e67/vmware2.png$
Source: Agent.CPU.exe	Binary or memory string: Enterprise Server without Hyper-V
Source: DriverSupport.exe, 00000027.00000002.3877243246.0000000021547000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: &Hyper-V Hypervisor ?=5%
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware1.png
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 86Microsoft Hyper-V Virtualization Infrastructure Driver
Source: DriverSupport.exe, 00000027.00000002.3830734202.000000001C9CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 6242WorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count SnapshotO
Source: DriverSupport.exe, 00000027.00000002.3632606934.000000000499D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %$Hyper-V Hypervisor Logical Processor
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware Virtual USB Mouse`
Source: DriverSupport.exe, 00000027.00000002.3830734202.000000001C9CA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 6242WorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count SnapshotJ
Source: svchost.exe, 0000002C.00000002.3631655475.000002139EC57000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000002C.00000002.3628759656.000002139942B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: DriverSupport.exe, 00000027.00000002.3680270900.000000001477F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <wmiManufacturerName>VMware, Inc.</wmiManufacturerName>
Source: DriverSupport.exe, 00000027.00000002.3830734202.000000001C975000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: X2Hyper-V VM Vid Partitionll2
Source: DriverSupport.exe, 00000027.00000002.3830734202.000000001C9D5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Dynamic Memory Integration Service)
Source: DriverSupport.exe, 00000027.00000002.3830734202.000000001C9D5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: THyper-V Hypervisor Root Virtual ProcessorZ
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWare Workstation
Source: DriverSupport.exe, 00000027.00000002.3632606934.000000000499D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V VM Vid Partition
Source: DriverSupport.exe, 00000027.00000002.3881701492.00000000217DE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: X2Hyper-V VM Vid Partitionys
Source: DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014879000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001477F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <description>Microsoft Hyper-V Virtualization Infrastructure Driver</description>
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Enterprise NKEnterprise Server (core installation)kEnterprise Server without Hyper-V (core installation)
Source: DriverSupport.exe, 00000027.00000002.3830734202.000000001C9D5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VHyper-V Dynamic Memory Integration Service
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014BF6000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2413421231.0000000005102000.00000002.00000001.01000000.00000022.sdmp	Binary or memory string: WWindows Essential Business Messaging Server1Workgroup Storage ServergStandard Server without Hyper-V (core installation)
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 76Microsoft Hyper-V Virtualization Infrastructure Driver
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: YWindows Essential Business Management ServerWWindows Essential Business Messaging ServerUWindows Essential Business Security ServerEWindows Essential Server SolutionseWindows Essential Server Solutions without Hyper-V
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: S0Identified your computer as a VMWare Workstation
Source: DriverSupport.exe, 00000027.00000002.3632606934.000000000499D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "!Hyper-V Virtual Machine Bus Pipes
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Tip: Keeping your VMWare updated with the latest drivers can help increase performance as well as improve device functionality.`Y0
Source: Agent.CPU.exe	Binary or memory string: Enterprise Server without Hyper-V (core installation)
Source: DriverSupport.exe, 00000027.00000002.3680270900.0000000014904000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014899000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001477F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <driverDescription>Microsoft Hyper-V Virtualization Infrastructure Driver</driverDescription>
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: &$Microsoft Hyper-V Generation Counter
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ?Standard Server without Hyper-V
Source: DriverSupport.exe, 00000027.00000002.3877243246.0000000021547000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V ofbadrbdiknmbon Bus
Source: DriverSupport.exe, 00000027.00000002.3680270900.0000000014904000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014899000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001477F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <description>Microsoft Hyper-V Virtualization Infrastructure Driver</description>
Source: DriverSupport.exe, 00000027.00000002.3680270900.000000001477F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <modelData key="108891" value="" isLaptop="false" logoID="d4001316-741b-4276-982b-80a226a4a01e" logoUrl="https://driversupport-fms.azureedge.net/drivers/51e8f6c34f7e075d1cf1648791da3acc/VMware1.png" />
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000043D8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <value><?xml version="1.0" encoding="utf-16"?><machineIntelligence xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><manufacturerData key="86501" value="VMWare" isLaptop="false" logoID="e5e3430e-4b18-4ff5-add2-524cc38cac29" logoUrl="https://driversupport-fms.azureedge.net/drivers/46ba61258d89448bb7bc738033772e67/vmware2.png" /><familyData key="86504" value="Workstation" isLaptop="false" logoID="" logoUrl="" /><modelData key="108891" value="" isLaptop="false" logoID="d4001316-741b-4276-982b-80a226a4a01e" logoUrl="https://driversupport-fms.azureedge.net/drivers/51e8f6c34f7e075d1cf1648791da3acc/VMware1.png" /><popularity>0</popularity><popularityStrength>0</popularityStrength><wmiManufacturerName>VMware, Inc.</wmiManufacturerName><wmiManufacturerModel>{38A05893-78CC-4DDB-873A-E50905ABC3FF}</wmiManufacturerModel><mbManufacturer>DYTH4NAXU4</mbManufacturer><mbModel>LYUVZZBRY1</mbModel><mbSeries /><smartInstantiation>true</smartInstantiation
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014BF6000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2413421231.0000000005102000.00000002.00000001.01000000.00000022.sdmp	Binary or memory string: Web EditionCEnterprise Server without Hyper-V
Source: DriverSupport.exe, 00000027.00000002.3680270900.000000001477F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <manufacturerData key="86501" value="VMWare" isLaptop="false" logoID="e5e3430e-4b18-4ff5-add2-524cc38cac29" logoUrl="https://driversupport-fms.azureedge.net/drivers/46ba61258d89448bb7bc738033772e67/vmware2.png" />
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe	Binary or memory string: Microsoft Hyper-V Server
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000043D8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-16"?><machineIntelligence xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><manufacturerData key="86501" value="VMWare" isLaptop="false" logoID="e5e3430e-4b18-4ff5-add2-524cc38cac29" logoUrl="https://driversupport-fms.azureedge.net/drivers/46ba61258d89448bb7bc738033772e67/vmware2.png" /><familyData key="86504" value="Workstation" isLaptop="false" logoID="" logoUrl="" /><modelData key="108891" value="" isLaptop="false" logoID="d4001316-741b-4276-982b-80a226a4a01e" logoUrl="https://driversupport-fms.azureedge.net/drivers/51e8f6c34f7e075d1cf1648791da3acc/VMware1.png" /><popularity>0</popularity><popularityStrength>0</popularityStrength><wmiManufacturerName>VMware, Inc.</wmiManufacturerName><wmiManufacturerModel>{38A05893-78CC-4DDB-873A-E50905ABC3FF}</wmiManufacturerModel><mbManufacturer>DYTH4NAXU4</mbManufacturer><mbModel>LYUVZZBRY1</mbModel><mbSeries /><smartInstantiation>true</smartInstantiation><intelligenceType>OEM</intelligenceType><isVM>true</isVM></machineIntelligence>`
Source: Agent.CPU.exe	Binary or memory string: Windows Essential Server Solutions without Hyper-V
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014BF6000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2413421231.0000000005102000.00000002.00000001.01000000.00000022.sdmp	Binary or memory string: Enterprise NUWindows Essential Business Security ServerkEnterprise Server without Hyper-V (core installation)
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 20Identified your computer as a VMWare Workstation
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 65Enterprise Server without Hyper-V (core installation)
Source: DriverSupport.exe, 00000027.00000002.3836203209.000000001D2F0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllPA
Source: DriverSupport.exe, 00000027.00000002.3916118099.00000000242A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: sWDHyper-V Hypervisor Root Partition
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ecting hardware inventory for your VMWare Workstation. Please wait...0P
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ]\https://driversupport-fms.azureedge.net/drivers/46ba61258d89448bb7bc738033772e67/vmware2.png
Source: DriverSupport.exe, 00000027.00000002.3632606934.000000000499D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "!Hyper-V Hypervisor Root Partition
Source: Agent.CPU.exe	Binary or memory string: Standard Server without Hyper-V (core installation)
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CEnterprise Server without Hyper-V
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: %$Microsoft Hyper-V Generation Counter
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: l version="1.0" encoding="utf-16"?><machineIntelligence xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><manufacturerData key="86501" value="VMWare" isLaptop="false" logoID="e5e3430e-4b18-4ff5-add2-524cc38cac29" logoUrl="https://driversupport-fms.azureedge.net/drivers/46ba61258d89448bb7bc738033772e67/vmware2.png" /><familyData key="86504" value="Workstation" isLaptop="false" logoID="" logoUrl="" /><modelData key="108891" value="" isLaptop="false" logoID="d4001316-741b-4276-982b-80a226a4a01e" logoUrl="https://driversupport-fms.azureedge.net/drivers/51e8f6c34f7e075d1cf1648791da3acc/VMware1.png" /><popularity>0</popularity><popularityStrength>0</popularityStrength><wmiManufacturerName>VMware, Inc.</wmiManufacturerName><wmiManufacturerModel>{38A05893-78CC-4DDB-873A-E50905ABC3FF}</wmiManufacturerModel><mbManufacturer>DYTH4NAXU4</mbManufacturer><mbModel>LYUVZZBRY1</mbModel><mbSeries /><smartInstantiation>true</smartInstantiation><intelligenceType>OEM</intelligenceType><isVM>true</isVM></machineIntelligence>
Source: SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1931053273.00000000008C4000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000032.00000002.2274692358.000001A373357000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000032.00000003.2270514622.000001A373354000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000034.00000002.2275778849.0000028F46867000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000034.00000003.2272096385.0000028F46864000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000037.00000003.2273293893.000001FD3A064000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000037.00000002.2276440962.000001FD3A067000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000039.00000003.2270808561.0000020081824000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000003B.00000003.2272080794.000001CE8DCD4000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000003C.00000003.2270818557.000002103F5D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: netsh.exe, 0000004F.00000003.2274278503.000001A3DC3B5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllcc
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-16"?><userData><culture>en-GB</culture><machineOS /><operatingSystem>Win10_x64</operatingSystem><applicationVersion>10.1.6.14</applicationVersion><machineName>992547</machineName><motherboardModel>LYUVZZBRY1</motherboardModel><motherboardManufacturer>DYTH4NAXU4</motherboardManufacturer><isDomainPC>false</isDomainPC><bios xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><biosVersion>4A3TG</biosVersion><biosDescription>VMW201.00V.20829224.B64.2211211842</biosDescription><biosReleaseDate>11/20/2022 7:00:00 PM</biosReleaseDate><biosManufacturer>ON837</biosManufacturer><biosSerialNumber>Z23O2U5HR2</biosSerialNumber><smBIOSBIOSVersion>V3UXZ</smBIOSBIOSVersion><smBIOSMajorVersion>2</smBIOSMajorVersion><smBIOSMinorVersion>7</smBIOSMinorVersion><smBIOSPresent>true</smBIOSPresent></bios><computerSystemProduct xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><caption>Computer System Product</caption><description>Computer System Product</description><identifyingNumber>KAUUC8</identifyingNumber><name>{38A05893-78CC-4DDB-873A-E50905ABC3FF}</name><skuNumber /><universalID>71434D56-1548-ED3D-AEE6-C75AECD93BF0</universalID><vendor>VMware, Inc.</vendor><version>None</version></computerSystemProduct><cpuID xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><processorName>Intel Processor</processorName><specification>Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz</specification><package /><packageRevision /><codeName /><lpcBridge>MMX , SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, x86-64, NX, AES, AVX, AVX2, AVX512F, FMA3</lpcBridge><lpcBridgeRevision /></cpuID><osInstallDate>10/3/2023 4:57:18 AM</osInstallDate><modelKey d2p1:nil="true" xmlns:d2p1="http://www.w3.org/2001/XMLSchema-instance" /><installedAV xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><displayName>Windows Defender</displayName><instanceGUID>{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</instanceGUID><pathToExe>windowsdefender://</pathToExe><productState>397568</productState></installedAV><machineIntelligence xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><manufacturerData key="86501" value="VMWare" isLaptop="false" logoID="e5e3430e-4b18-4ff5-add2-524cc38cac29" logoUrl="https://driversupport-fms.azureedge.net/drivers/46ba61258d89448bb7bc738033772e67/vmware2.png" /><familyData key="86504" value="Workstation" isLaptop="false" logoID="" logoUrl="" /><modelData key="108891" value="" isLaptop="false" logoID="d4001316-741b-4276-982b-80a226a4a01e" logoUrl="https://driversupport-fms.azureedge.net/drivers/51e8f6c34f7e075d1cf1648791da3acc/VMware1.png" /><popularity>0</popularity><popularityStrength>0</popularityStrength><wmiManufacturerName>VMware, Inc.</wmiManufacturerName><wmiManufacturerModel>{38A05893-78CC-4DDB-873A-E50905ABC3FF}</wmiManufacturer
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 43Standard Server without Hyper-V (core installation)
Source: DriverSupport.exe, 00000027.00000002.3916118099.00000000242A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AlDHyper-V Virtual Machine Bus Pipes
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000004519000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-16"?><machineIntelligence xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><manufacturerData key="86501" value="VMWare" isLaptop="false" logoID="e5e3430e-4b18-4ff5-add2-524cc38cac29" logoUrl="https://driversupport-fms.azureedge.net/drivers/46ba61258d89448bb7bc738033772e67/vmware2.png" /><familyData key="86504" value="Workstation" isLaptop="false" logoID="" logoUrl="" /><modelData key="108891" value="" isLaptop="false" logoID="d4001316-741b-4276-982b-80a226a4a01e" logoUrl="https://driversupport-fms.azureedge.net/drivers/51e8f6c34f7e075d1cf1648791da3acc/VMware1.png" /><popularity>0</popularity><popularityStrength>0</popularityStrength><wmiManufacturerName>VMware, Inc.</wmiManufacturerName><wmiManufacturerModel>{38A05893-78CC-4DDB-873A-E50905ABC3FF}</wmiManufacturerModel><mbManufacturer>DYTH4NAXU4</mbManufacturer><mbModel>LYUVZZBRY1</mbModel><mbSeries /><smartInstantiation>true</smartInstantiation><intelligenceType>OEM</intelligenceType><isVM>true</isVM></machineIntelligence>
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014BF6000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2413421231.0000000005102000.00000002.00000001.01000000.00000022.sdmp	Binary or memory string: IsWow64Process1Microsoft Hyper-V Server
Source: DriverSupport.exe, 00000027.00000002.3680270900.000000001477F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <vendor>VMware, Inc.</vendor>
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014BF6000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2413421231.0000000005102000.00000002.00000001.01000000.00000022.sdmp	Binary or memory string: Enterprise?Standard Server without Hyper-V
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Your VMWare WorkstationP
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: hghttps://solveiqdriverstorage.blob.core.windows.net/drivers/51e8f6c34f7e075d1cf1648791da3acc/VMware1.png
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ]\https://driversupport-fms.azureedge.net/drivers/51e8f6c34f7e075d1cf1648791da3acc/VMware1.png$
Source: DriverSupport.exe, 00000027.00000002.3680270900.000000001477F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <vendor>VMware, Inc.</vendor>
Source: DriverSupport.exe, 00000027.00000002.3632606934.000000000499D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: +*Hyper-V Dynamic Memory Integration Service
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000043D8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <?xml version="1.0" encoding="utf-16"?><machineIntelligence xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><manufacturerData key="86501" value="VMWare" isLaptop="false" logoID="e5e3430e-4b18-4ff5-add2-524cc38cac29" logoUrl="https://driversupport-fms.azureedge.net/drivers/46ba61258d89448bb7bc738033772e67/vmware2.png" /><familyData key="86504" value="Workstation" isLaptop="false" logoID="" logoUrl="" /><modelData key="108891" value="" isLaptop="false" logoID="d4001316-741b-4276-982b-80a226a4a01e" logoUrl="https://driversupport-fms.azureedge.net/drivers/51e8f6c34f7e075d1cf1648791da3acc/VMware1.png" /><popularity>0</popularity><popularityStrength>0</popularityStrength><wmiManufacturerName>VMware, Inc.</wmiManufacturerName><wmiManufacturerModel>{38A05893-78CC-4DDB-873A-E50905ABC3FF}</wmiManufacturerModel><mbManufacturer>DYTH4NAXU4</mbManufacturer><mbModel>LYUVZZBRY1</mbModel><mbSeries /><smartInstantiation>true</smartInstantiation><intelligenceType>OEM</intelligenceType><isVM>true</isVM></machineIntelligence>P
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMWare
Source: DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014BF6000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, 00000072.00000002.2413421231.0000000005102000.00000002.00000001.01000000.00000022.sdmp	Binary or memory string: Web ServerHome#Datacenter Server-Express Storage ServereWindows Essential Server Solutions without Hyper-V
Source: DriverSupport.exe, 00000027.00000002.3680270900.000000001477F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <modelData key="108891" value="" isLaptop="false" logoID="d4001316-741b-4276-982b-80a226a4a01e" logoUrl="https://driversupport-fms.azureedge.net/drivers/51e8f6c34f7e075d1cf1648791da3acc/VMware1.png" />
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 32Windows Essential Server Solutions without Hyper-V
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe	Binary or memory string: Standard Server without Hyper-V
Source: DriverSupport.exe, 00000027.00000002.3632606934.000000000499D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: *)Hyper-V Hypervisor Root Virtual Processor
Source: DriverSupport.exe, 00000027.00000002.3632606934.000000000499D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Hyper-V Hypervisor
Source: DriverSupport.exe, 00000027.00000002.3916118099.00000000242A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: JHyper-V Hypervisor Logical Processor
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: "!Enterprise Server without Hyper-V
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: P OCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}</deviceKey><class>System</class><className>System devices</className><classGUID>{4D36E97D-E325-11CE-BFC1-08002BE10318}</classGUID><driverDate>6-21-2006</driverDate><driverVersion>10.0.19041.1806</driverVersion><driverDescription>Volume Manager</driverDescription><driverProvider>Microsoft</driverProvider><isSystem>false</isSystem><hasFriendlyName>false</hasFriendlyName><hardwareIDs>ROOT\VOLMGR</hardwareIDs><compatibleIDs>DETECTEDINTERNAL\VOLMGR</compatibleIDs><compatibleIDs>DETECTED\VOLMGR</compatibleIDs><instanceID>ROOT\VOLMGR\0000</instanceID><isUnplugged>false</isUnplugged><driverUpdateType>None</driverUpdateType></device><device xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><description>PCI Bus</description><manufacturer>(Standard system devices)</manufacturer><deviceKey>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}</deviceKey><class>System</class><className>System devices</className><classGUID>{4D36E97D-E325-11CE-BFC1-08002BE10318}</classGUID><driverDate>6-21-2006</driverDate><driverVersion>10.0.19041.1949</driverVersion><driverDescription>PCI Bus</driverDescription><driverProvider>Microsoft</driverProvider><isSystem>false</isSystem><hasFriendlyName>false</hasFriendlyName><hardwareIDs>ACPI\VEN_PNP&DEV_0A03</hardwareIDs><hardwareIDs>ACPI\PNP0A03</hardwareIDs><hardwareIDs>PNP0A03</hardwareIDs><compatibleIDs>PNP0A08</compatibleIDs><instanceID>ACPI\PNP0A03\2&DABA3FF&0</instanceID><isUnplugged>false</isUnplugged><driverUpdateType>None</driverUpdateType></device><device xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><description>Microsoft Hyper-V Generation Counter</description><manufacturer>Microsoft</manufacturer><deviceKey>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}</deviceKey><class>System</class><className>System devices</className><classGUID>{4D36E97D-E325-11CE-BFC1-08002BE10318}</classGUID><driverDate>6-21-2006</driverDate><driverVersion>10.0.19041.1</driverVersion><driverDescription>Microsoft Hyper-V Generation Counter</driverDescription><driverProvider>Microsoft</driverProvider><isSystem>false</isSystem><hasFriendlyName>false</hasFriendlyName><hardwareIDs>ACPI\VEN_VMW&DEV_0001</hardwareIDs><hardwareIDs>ACPI\VMW0001</hardwareIDs><hardwareIDs>VMW0001</hardwareIDs><compatibleIDs>ACPI\VM_GEN_COUNTER</compatibleIDs><compatibleIDs>VM_GEN_COUNTER</compatibleIDs><compatibleIDs>PNP0C02</compatibleIDs><instanceID>ACPI\VMW0001\7</instanceID><isUnplugged>false</isUnplugged><driverUpdateType>None</driverUpdateType></device>
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Tip: Keeping your VMWare updated with the latest drivers can help increase performance as well as improve device functionality.@8r_
Source: DriverSupport.exe, 00000027.00000002.3632606934.00000000043D8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <value><?xml version="1.0" encoding="utf-16"?><machineIntelligence xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><manufacturerData key="86501" value="VMWare" isLaptop="false" logoID="e5e3430e-4b18-4ff5-add2-524cc38cac29" logoUrl="https://driversupport-fms.azureedge.net/drivers/46ba61258d89448bb7bc738033772e67/vmware2.png" /><familyData key="86504" value="Workstation" isLaptop="false" logoID="" logoUrl="" /><modelData key="108891" value="" isLaptop="false" logoID="d4001316-741b-4276-982b-80a226a4a01e" logoUrl="https://driversupport-fms.azureedge.net/drivers/51e8f6c34f7e075d1cf1648791da3acc/VMware1.png" /><popularity>0</popularity><popularityStrength>0</popularityStrength><wmiManufacturerName>VMware, Inc.</wmiManufacturerName><wmiManufacturerModel>{38A05893-78CC-4DDB-873A-E50905ABC3FF}</wmiManufacturerModel><mbManufacturer>DYTH4NAXU4</mbManufacturer><mbModel>LYUVZZBRY1</mbModel><mbSeries /><smartInstantiation>true</smartInstantiation><intelligenceType>OEM</intelligenceType><isVM>true</isVM></machineIntelligence></value>
Source: DriverSupport.exe, 00000027.00000002.3680270900.000000001477F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: <manufacturerData key="86501" value="VMWare" isLaptop="false" logoID="e5e3430e-4b18-4ff5-add2-524cc38cac29" logoUrl="https://driversupport-fms.azureedge.net/drivers/46ba61258d89448bb7bc738033772e67/vmware2.png" />
Source: Agent.CPU.exe, 00000072.00000002.2404453660.0000000000952000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 3/USB Composite Device (VMware Virtual USB Mouse)
Source: netsh.exe, 00000030.00000003.2271450821.0000029805815000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllDD

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	API call chain: ExitProcess graph end node			graph_0-3366
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	API call chain: ExitProcess graph end node			graph_4-3536

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe

Process information queried: ProcessInformation

Anti Debugging

Found API chain indicative of debugger detection

Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe

Debugger detection routine: NtQueryInformationProcess or NtQuerySystemInformation, DecisionNodes, ExitProcess or Sleep

Contains functionality to dynamically determine API calls

Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe

114_2_1004C0B7

Enables debug privileges

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe" install "C:\Program Files (x86)\Driver Support\DriverSupport.exe" /silent	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe" install "C:\Program Files (x86)\Driver Support\DriverSupport.Updater.exe" /silent	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 210 -Pipe 218 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b4 -InterruptEvent 0 -NGENProcess 290 -Pipe 2a8 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 294 -InterruptEvent 0 -NGENProcess 2b4 -Pipe 28c -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c4 -InterruptEvent 0 -NGENProcess 294 -Pipe 2c8 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 210 -InterruptEvent 0 -NGENProcess 2c4 -Pipe 29c -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 294 -Pipe 2c4 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2cc -InterruptEvent 0 -NGENProcess 294 -Pipe 2b4 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 0 -NGENProcess 21c -Pipe 2e0 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2dc -InterruptEvent 0 -NGENProcess 2d8 -Pipe 2f4 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 300 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 294 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 2d0 -Pipe 2fc -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 314 -Pipe 294 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2f0 -Pipe 21c -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 0 -NGENProcess 308 -Pipe 2d0 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 30c -Pipe 300 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 0 -NGENProcess 30c -Pipe 320 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 31c -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 2e8 -Pipe 290 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 210 -InterruptEvent 0 -NGENProcess 2a0 -Pipe 304 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 0 -NGENProcess 2d8 -Pipe 2e4 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 2a0 -Pipe 2b8 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 268 -InterruptEvent 0 -NGENProcess 2e8 -Pipe 214 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 224 -InterruptEvent 0 -NGENProcess 210 -Pipe 2d8 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 30c -Pipe 224 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 2dc -Pipe 2f0 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 30c -Pipe 324 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 310 -Pipe 318 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 314 -InterruptEvent 0 -NGENProcess 310 -Pipe 32c -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 20c -Pipe 218 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 2b4 -Pipe 2c4 -Comment "NGen Worker Process"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xdix_tkb.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1cwryiam.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\omwb8eue.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/uxstate/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/uxstate/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/license/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/license/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/driverscan/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/driverscan/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/license/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/license/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/tests/progress/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/tests/progress/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/media/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/media/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/system/data/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/system/data/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/client/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/client/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/client/reboot/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/client/reboot/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/client/apiinfo/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/client/apiinfo/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\nujzoc0o.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1cwryiam.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2qmjnycu.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eudbxj3q.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\system32\WindowsPowerShell\v1.0\Powershell.exe" CheckNetIsolation LoopbackExempt -a -n='Microsoft.MicrosoftEdge_8wekyb3d8bbwe'
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Program Files (x86)\Driver Support\Agent.CPU.exe "C:\Program Files (x86)\Driver Support\Agent.CPU.exe"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2czp_euq.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\uy5zsjsg.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eg-h6dx3.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/client/status/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/driverscan/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2czp_euq.cmdline"
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/tests/progress/ sddl=D:(A;;GX;;;S-1-1-0)
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: C:\Windows\System32\dllhost.exe C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Process created: unknown unknown
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESE380.tmp" "c:\Users\user\AppData\Local\Temp\CSCE37F.tmp"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESEA18.tmp" "c:\Users\user\AppData\Local\Temp\CSCEA17.tmp"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESF478.tmp" "c:\Users\user\AppData\Local\Temp\CSCF467.tmp"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESFB3E.tmp" "c:\Users\user\AppData\Local\Temp\CSCFB3D.tmp"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESFF74.tmp" "c:\Users\user\AppData\Local\Temp\CSCFF64.tmp"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES57F.tmp" "c:\Users\user\AppData\Local\Temp\CSC57E.tmp"
Source: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESE2A.tmp" "c:\Users\user\AppData\Local\Temp\CSCE29.tmp"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\CheckNetIsolation.exe "C:\Windows\system32\CheckNetIsolation.exe" LoopbackExempt -a -n=Microsoft.MicrosoftEdge_8wekyb3d8bbwe
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\pxf0sjbm.cmdline"
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\136audgz.cmdline"

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Process created: C:\Program Files (x86)\Driver Support\DriverSupport.exe "c:\program files (x86)\driver support\driversupport.exe" /action:launchscanresulturl /applicationmode:systemtray /showwelcome:false /tid: /sid: /iid: /resultfilter:outofdate /usefastscan:true /scansystem:true /scanunplugged:false /sap:true /dialogstatus:true /scanveloxum:true /hasveloxum:true /startingddip:homenoresults /navigatetoddip:results /epid:7720
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Process created: C:\Program Files (x86)\Driver Support\DriverSupport.exe "c:\program files (x86)\driver support\driversupport.exe" /action:launchscanresulturl /applicationmode:systemtray /showwelcome:false /tid: /sid: /iid: /resultfilter:outofdate /usefastscan:true /scansystem:true /scanunplugged:false /sap:true /dialogstatus:true /scanveloxum:true /hasveloxum:true /startingddip:homenoresults /navigatetoddip:results /epid:7720			Jump to behavior

Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe

Code function: 114_2_100749EC ImpersonateSelf,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,AllocateAndInitializeSid,CloseHandle,LocalAlloc,LocalAlloc,InitializeSecurityDescriptor,GetLengthSid,LocalAlloc,LocalFree,InitializeAcl,AddAccessAllowedAce,LocalFree,LocalFree,LocalFree,SetSecurityDescriptorDacl,SetSecurityDescriptorGroup,SetSecurityDescriptorOwner,IsValidSecurityDescriptor,AccessCheck,LocalFree,LocalFree,LocalFree,FreeSid,CloseHandle,RevertToSelf,LocalFree,LocalFree,LocalFree,FreeSid,CloseHandle,

114_2_100749EC

Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe

114_2_100749EC

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe

Code function: 114_2_1001802A cpuid

114_2_1001802A

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\DriverSupport.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Common.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Common.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Common.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Common.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Communication.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Communication.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Interop.WUApiLib.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Interop.WUApiLib.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Win32.TaskScheduler.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Win32.TaskScheduler.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\RuleEngine.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\RuleEngine.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\XPBurnComponent.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\XPBurnComponent.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ICSharpCode.SharpZipLib.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ICSharpCode.SharpZipLib.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Common.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Common.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.ObjectBuilder.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.ObjectBuilder.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Common.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Common.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Common.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Common.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Win32.TaskScheduler.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Win32.TaskScheduler.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Communication.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Communication.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Interop.WUApiLib.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Interop.WUApiLib.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\RuleEngine.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\RuleEngine.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\XPBurnComponent.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\XPBurnComponent.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Common.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Common.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ICSharpCode.SharpZipLib.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ICSharpCode.SharpZipLib.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ICSharpCode.SharpZipLib.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ICSharpCode.SharpZipLib.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Common.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Common.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Common.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Common.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Interop.WUApiLib.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Interop.WUApiLib.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Interop.WUApiLib.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Interop.WUApiLib.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Communication.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Communication.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Common.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Common.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Common.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Common.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Win32.TaskScheduler.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Win32.TaskScheduler.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\RuleEngine.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\RuleEngine.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Common.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Common.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Common.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Common.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Common.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Common.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.ObjectBuilder.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.ObjectBuilder.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.ObjectBuilder.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.ObjectBuilder.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Common.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Common.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.ObjectBuilder.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.Practices.ObjectBuilder.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\XPBurnComponent.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\XPBurnComponent.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Communication.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Communication.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Common.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Common.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Common.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.dll VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Common.dll VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Common.dll VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Program Files (x86)\Driver Support\ExceptionLogging.dll VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Common.dll VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Common.dll VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Common.XmlSerializers.dll VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Program Files (x86)\Driver Support\Agent.Common.XmlSerializers.dll VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation

Source: C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Code function: 0_2_0040322B EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,ExitProcess,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,

0_2_0040322B

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Uses netsh to modify the Windows network and firewall settings

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe

Process created: C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/ sddl=D:(A;;GX;;;S-1-1-0)

Adds / modifies Windows certificates

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 Blob

Jump to behavior

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Source: C:\Program Files (x86)\Driver Support\DriverSupport.exe	WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter : AntiVirusProduct
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter : AntiVirusProduct
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter : AntiVirusProduct
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter : AntiVirusProduct
Source: C:\Program Files (x86)\Driver Support\Agent.CPU.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter : FirewallProduct

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Replication Through Removable Media	241 Windows Management Instrumentation	1 LSASS Driver	1 LSASS Driver	111 Disable or Modify Tools	OS Credential Dumping	11 Peripheral Device Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	2 Obfuscated Files or Information	LSASS Memory	4 File and Directory Discovery	Remote Desktop Protocol	1 Clipboard Data	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	12 Command and Scripting Interpreter	31 Windows Service	1 Access Token Manipulation	1 DLL Side-Loading	Security Account Manager	157 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	11 Scheduled Task/Job	11 Scheduled Task/Job	31 Windows Service	1 File Deletion	NTDS	451 Security Software Discovery	Distributed Component Object Model	Input Capture	3 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	1 Registry Run Keys / Startup Folder	11 Process Injection	22 Masquerading	LSA Secrets	1 Process Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	11 Scheduled Task/Job	1 Modify Registry	Cached Domain Credentials	371 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	1 Registry Run Keys / Startup Folder	371 Virtualization/Sandbox Evasion	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 Access Token Manipulation	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	11 Process Injection	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	3%	ReversingLabs
SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe	4%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Link
C:\Program Files (x86)\Driver Support\Agent.CPU.exe	3%	ReversingLabs
C:\Program Files (x86)\Driver Support\Agent.CPU.exe	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\Agent.Common.XmlSerializers.dll	3%	ReversingLabs
C:\Program Files (x86)\Driver Support\Agent.Common.XmlSerializers.dll	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\Agent.Common.dll	3%	ReversingLabs
C:\Program Files (x86)\Driver Support\Agent.Common.dll	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\Agent.Communication.XmlSerializers.dll	3%	ReversingLabs
C:\Program Files (x86)\Driver Support\Agent.Communication.XmlSerializers.dll	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\Agent.Communication.dll	3%	ReversingLabs
C:\Program Files (x86)\Driver Support\Agent.Communication.dll	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\Agent.ExceptionLogging.XmlSerializers.dll	3%	ReversingLabs
C:\Program Files (x86)\Driver Support\Agent.ExceptionLogging.XmlSerializers.dll	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\Agent.ExceptionLogging.dll	3%	ReversingLabs
C:\Program Files (x86)\Driver Support\Agent.ExceptionLogging.dll	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\Common.dll	3%	ReversingLabs
C:\Program Files (x86)\Driver Support\Common.dll	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\DriverSupport.Updater.exe	2%	ReversingLabs
C:\Program Files (x86)\Driver Support\DriverSupport.Updater.exe	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\DriverSupport.exe	0%	ReversingLabs
C:\Program Files (x86)\Driver Support\DriverSupport.exe	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\ExceptionLogging.dll	3%	ReversingLabs
C:\Program Files (x86)\Driver Support\ExceptionLogging.dll	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\ICSharpCode.SharpZipLib.dll	3%	ReversingLabs
C:\Program Files (x86)\Driver Support\ICSharpCode.SharpZipLib.dll	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\ISUninstall.exe	3%	ReversingLabs
C:\Program Files (x86)\Driver Support\ISUninstall.exe	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\Interop.WUApiLib.dll	3%	ReversingLabs
C:\Program Files (x86)\Driver Support\Interop.WUApiLib.dll	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.ActivationProcessors.dll	3%	ReversingLabs
C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.ActivationProcessors.dll	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.Downloaders.dll	3%	ReversingLabs
C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.Downloaders.dll	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.dll	2%	ReversingLabs
C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.dll	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Common.dll	2%	ReversingLabs
C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Common.dll	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll	2%	ReversingLabs
C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\Microsoft.Practices.ObjectBuilder.dll	3%	ReversingLabs
C:\Program Files (x86)\Driver Support\Microsoft.Practices.ObjectBuilder.dll	3%	Virustotal	Browse
C:\Program Files (x86)\Driver Support\Microsoft.Win32.TaskScheduler.dll	3%	ReversingLabs
C:\Program Files (x86)\Driver Support\Microsoft.Win32.TaskScheduler.dll	3%	Virustotal	Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
downloads.drivershq.com	0%	Virustotal	Browse
s-part-0045.t-0009.t-msedge.net	0%	Virustotal	Browse
webservices.drivershq.com	2%	Virustotal	Browse
front.activeoptimization.com	2%	Virustotal	Browse
cdn.driversupport.com	1%	Virustotal	Browse

Name	IP	Active	Malicious	Antivirus Detection
downloads.drivershq.com	40.74.231.179	true	false	0%, Virustotal, Browse
s-part-0045.t-0009.t-msedge.net	13.107.246.73	true	false	0%, Virustotal, Browse
webservices.drivershq.com	unknown	unknown	false	2%, Virustotal, Browse
front.activeoptimization.com	unknown	unknown	false	2%, Virustotal, Browse
cdn.driversupport.com	unknown	unknown	false	1%, Virustotal, Browse

URLs from Memory and Binaries

Name	Source	Malicious
http://poll2.driversupport.com/2011/12/miscservice.asmx	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice/GetAccountActivity	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://rtm.drivershq.types/2011/10O	DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice:GetAccountActivityResult	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice/GetMarketingURI	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://rtm.drivershq.types/2011/10K	DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	false
http://rtm.drivershq.types/2011/10N	DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3908799611.0000000023BD2000.00000002.00000001.01000000.0000003B.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000166C4000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice:GetNetworkProviderResourceFileResult	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013DF5000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice:UUID	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/manufacturerservice:GetMachineIntelligence1Result	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice/GetRuleEngineManifest	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/manufacturerservice/GetManufacturers	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/manufacturerservice:GetMotherboardManufacturersResult	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice/GetWhiteLabelMetaData	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice:GetResultDialogDataResponse	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice:RegisterClientActivationListenerResult	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice:GetSupportMetaDataApplicationResult	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/manufacturerservice/GetMachineIntelligenceByModelID	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/manufacturerservice/GetMachineIntelligence	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice:ValidateClientActivationResponse	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice/GetSlideshowUrl	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://downloads.drivershq.com/DriverDetective/SmartClient/manifest.xml)UpdaterConfiguration	DriverSupport.exe, 00000004.00000002.2301192070.0000000002921000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/manufacturerservice/InsertBaseboard	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/manufacturerservice:GetMachineIntelligenceByModelIDResponse	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice:InsertRuleAnalyticsResponse	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice:MonitorScanResult	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice:GetCALsResponse	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://cdn.driversupport.com/builds/v10/nsis/gppc/DriverSupport.exe	DriverSupport.exe, 00000004.00000002.2301192070.00000000028C0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000015862000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice/RegisterClientActivationPopup	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://rtm.drivershq.types/2011/10:environmentPropertyContainerBase:True:	DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice:UnRegisterClientActivationListenerResponse	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://rtm.drivershq.types/2011/10:property:True:	DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice:GetMigrationUpdatesResponse	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice:RegistrationKey	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice	DriverSupport.exe, 00000027.00000002.3632606934.00000000045EB000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3845344887.000000001DB00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.000000000462F000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000004673000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000043D8000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000004519000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000045B5000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.000000000466A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000045D4000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000065.00000002.2317774355.0000000000544000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000065.00000002.2318647851.00000000021A0000.00000004.00000020.00020000.00000000.sdmp, csc.exe, 00000065.00000002.2317820161.000000000054B000.00000004.00000020.00020000.00000000.sdmp	false
http://cdn.driversupport.com/builds/v10/nsis/bppcv9/DriverSupport.exe	DriverSupport.exe, 00000004.00000002.2301192070.00000000028C0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000015862000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice/GetUninstallUrl	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice:GetPNPDriverUpdatesResponse	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice:TrackDriverUpdatedResponse	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
https://www.driversupport.com/uninstall/	DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013E67000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, Agent.CPU.exe, 00000072.00000002.2427225820.0000000069F1A000.00000020.00000001.01000000.00000023.sdmp, Agent.CPU.exe, 00000072.00000002.2412808249.0000000004E12000.00000002.00000001.01000000.0000001F.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice/MonitorScan	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice/InsertRuleAnalytics	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://www.drivershq.com/premiumsupport?src=DD	DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice:GetSoftwareInfoResult	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300781068.00000000020D9000.00000004.00000020.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice:ValidateRegistrationKeyResult	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice/GetResultDialogData	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice:GetMigrationUpdatesResult	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice:GetNewsResult	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://cdn.driversupport.com/builds/v10/nsis/portal/DriverSupportApp.exe	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943615665.0000000002862000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1935069798.0000000000870000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1934325882.0000000000870000.00000004.00000020.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice:GetNetworkProviderResourceFileResponse	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013DF5000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice:GetAlternateDriverUpdatesResponse	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://nsis.sf.net/NSIS_Error	DriverSupport.exe, DriverSupport.exe, 00000004.00000002.2301192070.0000000002A67000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000000.1933003986.0000000000409000.00000008.00000001.01000000.0000000D.sdmp, DriverSupport.exe, 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmp	false
https://apps.driversupport.comAhttps://secure.driversupport.com9http://www.driversupport.com	DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice:GetDriverFileDownloadResponse	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300781068.00000000020D9000.00000004.00000020.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice:EncryptionHeader	DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013DF5000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000065.00000002.2318647851.00000000021A0000.00000004.00000020.00020000.00000000.sdmp	false
http://www.loc.gov/copyright/	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943615665.0000000002862000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1846062288.0000000004CF1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1842008269.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1868494205.00000000008B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1868516374.00000000008BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1841585877.0000000004CDD000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301036855.00000000027F3000.00000004.00000020.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/manufacturerservice:GetMachineIntelligence2Response	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice/GetSoftwareUpdates	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice:GetLocalizedNewsResponse	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice/InsertInstallShieldTracking	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice/InsertDownloadTIDTracking	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://www.driversupport.com/home/privacypolicyLinkInstFiles	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943615665.0000000002862000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301036855.00000000027F3000.00000004.00000020.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice:InsertClientLogResponse	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice:GetSoftwareFileDownloadApplicationRespo	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice:GetResourceFilesByParentResult	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://rtm.drivershq.types/2011/10:globalActionsuhttp://rtm.drivershq.types/2011/10:globalEnvironmen	DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	false
http://webservices.drivershq.com/2011/12/manufacturerservice:GetMotherboardModelsResult	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice:ValidateThirdPartyInstallResponse	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://www.drivershq.com/Legal.asp	DriverSupport.exe, 00000004.00000002.2301192070.0000000003703000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000002BCB000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014E62000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice/InsertQuestion	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://127.0.0.1:65411/license/	DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 0000003B.00000002.2274464249.000001CE8DCC0000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000003B.00000002.2275518680.000001CE8DD0D000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000003B.00000002.2273281437.0000009AB35B4000.00000004.00000010.00020000.00000000.sdmp, netsh.exe, 0000003B.00000003.2271870276.000001CE8DD07000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 0000003B.00000002.2276421353.000001CE8DFF5000.00000004.00000020.00020000.00000000.sdmp	false
https://secure.drivershq.com/Registration/Default.aspx	DriverSupport.exe, 00000004.00000002.2301192070.0000000002F6E000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013E67000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000016301000.00000004.00000800.00020000.00000000.sdmp, Agent.CPU.exe, Agent.CPU.exe, 00000072.00000002.2427225820.0000000069F1A000.00000020.00000001.01000000.00000023.sdmp, Agent.CPU.exe, 00000072.00000002.2412808249.0000000004E12000.00000002.00000001.01000000.0000001F.sdmp	false
http://webservices.drivershq.com/2011/12/exceptionservice:WriteLogEntryResult	DriverSupport.exe, 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp	false
http://cdn.driversupport.com/builds/v10/nsis/dsmedia/DriverSupport.exe	DriverSupport.exe, 00000004.00000002.2301192070.00000000028C0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000015862000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/manufacturerserviceTU	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice:VeloxumClientDataReadyResult	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
https://webservices.drivershq.com/2011/12/MiscService.asmx	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/manufacturerservice:SearchModelResponse	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://cdn.driversupport.com	DriverSupport.exe, 00000004.00000002.2301192070.00000000028C0000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000000.2209542343.0000000000C42000.00000002.00000001.01000000.00000014.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.00000000158CA000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000015862000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice/GetSupportMetaDataApplicationByDevice	DriverSupport.exe, 00000027.00000002.3632606934.00000000042CC000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000044F5000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscserviceY	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscserviceS	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscserviceT	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice:GetQuestionTypesResponse	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://www.driversupport.comp~	DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice/ValidateThirdPartyInstall	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice:FaultMessage	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice:GetDriverUpdatesResult	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/manufacturerserviceU	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/manufacturerserviceT	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false
http://rtm.drivershq.types/2011/10:conditionsShttp://rtm.drivershq.types/2011/10:events	DriverSupport.exe, 00000004.00000002.2301192070.00000000035C9000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3933116536.0000000025AC2000.00000002.00000001.01000000.0000003C.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice:RegistrationHeader	DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000062.00000002.2300829561.00000000020E2000.00000004.00000020.00020000.00000000.sdmp	false
http://test-apps.driversupport.com	DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp	false
http://127.0.0.1:65411/tests/progress/	DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, netsh.exe, 00000046.00000002.2276874782.00000250E0310000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000046.00000002.2278055089.00000250E0360000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000046.00000003.2273700307.00000250E035A000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000046.00000002.2279085161.00000250E05D5000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000046.00000002.2275199773.000000E973954000.00000004.00000010.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice:GetAlternateDriverUpdatesResult	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000013FB9000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3889561225.0000000021DB0000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/manufacturerservice:GetManufacturerFamiliesResponse	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3891566959.0000000022350000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice:InsertInstallTrackingResponse	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3892614983.0000000022F00000.00000004.08000000.00040000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.0000000014394000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.000000000499D000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3887367830.0000000021D32000.00000002.00000001.01000000.00000037.sdmp, csc.exe, 00000065.00000002.2318647851.00000000021A0000.00000004.00000020.00020000.00000000.sdmp	false
https://secure.driversupport.com/account/account/login).	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943783324.0000000002936000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000002.1943615665.0000000002862000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1846062288.0000000004CF1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1842008269.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1868494205.00000000008B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1868516374.00000000008BD000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, 00000000.00000003.1841585877.0000000004CDD000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000004.00000002.2301036855.00000000027F3000.00000004.00000020.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/miscservice0	DriverSupport.exe, 00000027.00000002.3632606934.0000000004551000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000045BE000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000004602000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000045EB000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.000000000462F000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000004673000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000045B5000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.000000000466A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.00000000045D4000.00000004.00000800.00020000.00000000.sdmp	false
http://webservices.drivershq.com/2011/12/driverupdateservice/GetSoftwareFileDownload	DriverSupport.exe, 00000004.00000002.2301192070.0000000003095000.00000004.00000020.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3632606934.0000000003DFD000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001414A000.00000004.00000800.00020000.00000000.sdmp, DriverSupport.exe, 00000027.00000002.3864866142.0000000020CE2000.00000002.00000001.01000000.00000032.sdmp, DriverSupport.exe, 00000027.00000002.3680270900.000000001420B000.00000004.00000800.00020000.00000000.sdmp	false

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
13.107.246.73	s-part-0045.t-0009.t-msedge.net	United States		8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
40.74.231.179	downloads.drivershq.com	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1493279
Start date and time:	2024-08-15 11:46:47 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 17m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	132
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe
Detection:	MAL
Classification:	mal40.expl.evad.winEXE@249/359@14/3
EGA Information:	Successful, ratio: 33.3%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 152.199.19.161, 184.28.90.27, 13.84.181.47, 20.150.70.228
Excluded domains from analysis (whitelisted): fs.microsoft.com, az681750.vo.msecnd.net, slscr.update.microsoft.com, waws-prod-sn1-103.southcentralus.cloudapp.azure.com, ctldl.windowsupdate.com, driversupport-fms.azureedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, solveiqdriverstorage.blob.core.windows.net, ocsp.digicert.com, e16604.g.akamaiedge.net, blob.sn7prdstr02a.store.core.windows.net, azureedge-t-prod.trafficmanager.net, prod.fs.microsoft.com.akadns.net, driversupport-fms.afd.azureedge.net, cs9.wpc.v0cdn.net
Execution Graph export aborted for target DriverSupport.exe, PID 2492 because it is empty
Execution Graph export aborted for target DriverSupport.exe, PID 7344 because it is empty
Execution Graph export aborted for target DriverSupport.exe, PID 7900 because it is empty
Execution Graph export aborted for target DriverSupport.exe, PID 7936 because it is empty
Execution Graph export aborted for target DriverSupport.exe, PID 8188 because it is empty
Execution Graph export aborted for target powershell.exe, PID 5576 because it is empty
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing behavior and disassembly information.
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
05:48:57	API Interceptor	2089462x Sleep call for process: DriverSupport.exe modified
10:48:42	Task Scheduler	Run new task: Driver Support path: C:\Program Files (x86)\Driver Support\DriverSupport.exe s>/applicationMode:systemTray /showWelcome:false
10:48:42	Task Scheduler	Run new task: Driver Support-RTMRules path: C:\Program Files (x86)\Driver Support\DriverSupport.exe s>/showWelcome:false /action:checkRuleManifests /applicationMode:current
10:48:42	Task Scheduler	Run new task: Driver Support-RTMScan path: C:\Program Files (x86)\Driver Support\DriverSupport.exe s>/showWelcome:false /action:scheduledScan /applicationMode:current
10:48:42	Task Scheduler	Run new task: Driver Support-RTMUpdater path: C:\Program Files (x86)\Driver Support\DriverSupport.exe s>/showWelcome:false /action:checkForUpdate /applicationMode:current

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	113280
Entropy (8bit):	5.725810021411308
Encrypted:	false
SSDEEP:	3072:HxDzsdoZhANzo8GoAeGAIo+wxFjfMTqGOuH:GBsjbH
MD5:	00A9A57A40D73E4F3C27F57933CCDC43
SHA1:	CD1859AC4565E1283347F6D5A3BEDBAF16C12949
SHA-256:	25FB00FA7AD72D5A5FA248BBB6332873AE270E529140FB301AA364C4198D7937
SHA-512:	7F60C3362F642CCE51632295018A3816118034A86153D11BCA9A1D6773354822915DABF2B3B44BD170E815777A0FED9A7BA5BC7EBEA4EB9C01CCC80D5EB04F06
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P,.\.................z..........N.... ........@.. ..............................{:....@.....................................K....... ................4..........@................................................ ............... ..H............text...Ty... ...z.................. ..`.rsrc... ............\|..............@..@.reloc..............................@..B................0.......H...........\.......P...H................................................0...........%(.....}......}........0...........{......0...........{......0...........(......0..&....... ...X..........Hh....E.........E....O.....ER...........>.......p...........Z...........x...2...............O...:...w...................~...T...............................2...............+...............7...................[...`.......................B...............Z...............v...*...%...`....

C:\Program Files (x86)\Driver Support\Agent.CPU.exe.config

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	232
Entropy (8bit):	4.989193428117667
Encrypted:	false
SSDEEP:	6:JiMVBdTMkIffVymRMT4/0xC/C7VNQAofC7V2bopuAW4QIT:MMHd413VymhsSQzofbU93xT
MD5:	0902754B4F3041FD31673CB63B34012D
SHA1:	CC03CD2DEDD25EB8BF121838C9D2E059A0AE4B93
SHA-256:	905E11C9A4BD25E0225FD655DE86BEBECDEE57C88757AE95CA82F888A7173610
SHA-512:	B0DB0FFDA68BEA55A9D6FBF8A3D7DFD46A420E2F4CB8ED6C5E7A4EE881386049547D451819A67A116499BC33CA722171BDF4101D625B639E11C20EB9931EF2F1
Malicious:	false
Reputation:	unknown
Preview:	.<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v2.0.50727"/>.. <supportedRuntime version="v4.0"/>.. </startup>..</configuration>

C:\Program Files (x86)\Driver Support\Agent.Common.XmlSerializers.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	377984
Entropy (8bit):	5.514636168729487
Encrypted:	false
SSDEEP:	6144:dCY83AXtwl5jdvyJ4yFkZUuAqzqPOBDWpQSkz9:dCY83AXt4RvyJ4yFkZUuAqzqWcE
MD5:	C6BE19F214B1D41F1482EC88D0B4C66B
SHA1:	EB594467ED781205A5E046B9EC9275AA996AB475
SHA-256:	08BBABB5C71E808CB4ABE9A5B3FDAF6F261FAE912E12BCE1606C1A8177595C5F
SHA-512:	BC3CB5FD74B8B185D38AF490C647FA027E2680E0F1D3C21E968FD87630429E5495EA4ED2A127BB3F691D5245904AD1C4DBAD60CA99AB07904D448375AC4AF2C5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+.\...........!.....`... .......{... ........@.. ..............................K.....@..................................{..O........................4........................................................... ............... ..H............text....[... ...`.................. ..`.rsrc................p..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Driver Support\Agent.Common.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	749696
Entropy (8bit):	5.284213879356994
Encrypted:	false
SSDEEP:	12288:EwZx6h+rqfsosrMTHTbniVPjnxcMb+VexVJOdq3WJv42oz9KeDZ5Z2A:Ew7xGTbnwbRWJv42M8oZ5Zr
MD5:	3F689AA7164025E60FAF85D04237C0C1
SHA1:	BBF223CA37DEACFFE92D853EA730E85AF1F3AC7F
SHA-256:	9D60E139234F598EF506B80172A694125D513B84B3D1A6BA1AE8D158BB74ED1B
SHA-512:	4733FAC29A75C9B3E3B596E966A4BED44F0F5998D2E6EB726CCE404D965D52A419C38664FD8FE36DF0BEAFC5FB18B62BE9103B17845202ADC82EEEE044F6EE44
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...J,.\...........!.....4..........NR... ...`....... ..............................06....@..................................Q..O....`...............<...4..........Hd............................................... ............... ..H............text...T2... ...4.................. ..`.rsrc........`.......6..............@..@.reloc...............:..............@..B................0R......H........d..0...........(M...............................................0...........%(.....}......}........0...........{......0...........{......0.......... .%B..........Hh .FM.........Hh..E.................+. ..e............Hh&+. ...$..........Hh+.. ..&...........Hh9.... ..W..........Hh+. ...L..........Hh+.,..{....*....0.......... .=.:.........Hh .=F..........Hh..E.................+. ../c..........Hh&+. ...)...........Hh+.. ...:.........Hh9.... ..0...........Hh+. ...E

C:\Program Files (x86)\Driver Support\Agent.Communication.XmlSerializers.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	496768
Entropy (8bit):	5.058897825048695
Encrypted:	false
SSDEEP:	3072:9BUVJtgNQnrqp3hyXZ7PMt4XV5DD5VVi3IV7VcM2g+ay1rMJhX/l9sKuoKwc7MFI:ubnrS321PMt4XV5DD5VK
MD5:	E35DD2315B54D205712F877860E0A1F5
SHA1:	5EE35D725BA48DB50B00E8E4CA341D76516487A6
SHA-256:	0A9BFAF8FAF0D8CA4F2EDE03585168710747B2C583E0327F9074755A34AB5828
SHA-512:	FC4949B62586CA2775D65EE01432CDBCFDAE5093D97FE8DFADF3C52F052670F591F283C33383582279CFBC2F2EE3E8BC21CFEA999CA23537A7F9A7E9D1CA200D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+.\...........!.....0... .......L... ...`....@.. ...............................M....@.................................tL..W....`..(............`...4........................................................... ............... ..H............text....,... ...0.................. ..`.rsrc...(....`.......@..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Driver Support\Agent.Communication.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	737920
Entropy (8bit):	5.424803456149997
Encrypted:	false
SSDEEP:	6144:xUJtx4SZDC1FZUebaIcTlAyE0d8XqiMrJLzjejHjVdWS9ixhvngVwvWQXbPgTxeW:SlcaIqd89MFqNdWMirEIWQU
MD5:	4811DDBCF5AB28D7699B1C9D7238E619
SHA1:	DCF5FCB920A2C6DE4221B49642EF2783575F217E
SHA-256:	6DCA9C22B170072F43273ED53AB8F55D8068EF2A3229B6AFE9F0428CFAB1886F
SHA-512:	702B28A04182B812EA1E0FAFF831059373C0414ED423560005282A337A4B10D26508EC2082A598E65C3185FDDA88B1E50E8C85C3ADD1ED6807A3BBD9186F94CE
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...H,.\...........!................."... ...@....... ...............................5....@.................................."..O....@...................4...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................."......H............w...........................................................0...........%(.....}......}........0...........{......0...........{......0..'........E.........E.................{..... ...K.........Hh..+. .c...........Hh .c...........Hh..E................. ...G..........Hh9....+.+. ...I..........Hh&+. ..wx.........Hh+......(....t......\|......(...+. ...d..........Hh..8).....3. ..I9.........Hh..8.... ...]..........Hh+. ..\|z..........Hh+.,.+...0..(........E.........E

C:\Program Files (x86)\Driver Support\Agent.ExceptionLogging.XmlSerializers.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	42112
Entropy (8bit):	5.079427670122353
Encrypted:	false
SSDEEP:	384:eNQoclocJJzWS4JzWSVN/tVPGvvDcg+Zd9nYPL9RKbWTTjHRKbWTTjb8JN77hhVb:WGvvDcg+Zd9G9c3hLb
MD5:	07DE42652310C03F3EF538E3CDAC69F8
SHA1:	724B58FCD84FA420F90689D6119FE4CF377F263F
SHA-256:	D1322536D3B79286E9A7CBCD56CB9481CDAADAEB82C967DE9722949E2DACCC27
SHA-512:	A7D2EB50CA4D27659D4706822745DA438C319D985667FBAA4124D72AB533CD4D3EEDCE9211810D6797F250CDA7B336B046E04E438B5B58DB69A9B4F0F03EEE6D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+.\...........!.....@... .......Z... ...`....@.. ..............................t.....@..................................Y..O....`..8............p...4........................................................... ............... ..H............text...4:... ...@.................. ..`.rsrc...8....`.......P..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Driver Support\Agent.ExceptionLogging.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	70784
Entropy (8bit):	6.249882566463756
Encrypted:	false
SSDEEP:	768:cTPpF+tZDxb6VhIl5pYsFLwAcSx5fxN8qqkg0Bm0VSPbO3GQv33wh2:IP+tBFLwnSfJ+qxg0BNVIOxgh2
MD5:	A2EE71AD2BC095F3734C29FA77D9C2A6
SHA1:	BC8C1530A7B0515BBB13C7FFA2A40DDE1CD9B9F9
SHA-256:	076991B1E013F1DD3B58C8BCC91D86001C5EABB12A526744B7B89CD93E6B4005
SHA-512:	0EFCC1CA79E2C5FE67BCFBAFEF300B8670C312661CEF83B066DD7CF8A76F73C38DDAFA4B8755C624779A02F4704CBDD37AD167F81AAE25F61AEE9982AD416D5F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+.\...........!................>.... ........... .......................@....../Q....@.....................................W....... ................4... ....................................................... ............... ..H............text...D.... ...................... ..`.rsrc... ...........................@..@.reloc....... ......................@..B................ .......H............S...........=..Sa............................................(.....(....o....(......(....(....,...(......}......}......{...."..}......{...."..}......(.......(....(....,..{....-...(....-...(......(......(....>..(......}........0..)........{.........(....t......\|......(...+...3.....0..)........{.........(....t......\|......(...+...3.....0..!........r...p............(.........A...&...(......0..9........{....-.........s ...}.....r...p.............{.....(

C:\Program Files (x86)\Driver Support\Common.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	2172032
Entropy (8bit):	5.439722492307382
Encrypted:	false
SSDEEP:	49152:rUvNRlpoBtjR4po40WUC/37thDaisacTFqSzlZlg5:rmABHQPPanTFblA
MD5:	400443E0E00D96E1A94A02F0926435B3
SHA1:	635E787E82C0B6CBD359BD1420AB4F24B0E1FDAF
SHA-256:	7056FCCB4A31841B257E069DB114A0947B316A9713D18B60A7031CCFCE68DC87
SHA-512:	02D38BEA3DB81F0FDAEE33BEAE8C0B54C906A09D2D6416B35C861E1904657835135A1E6C072615E8CD156306C9A6D3B63DC59CD355836C1B98DFC485888B1488
Malicious:	false
Yara Hits:	Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Program Files (x86)\Driver Support\Common.dll, Author: Joe Security
Antivirus:	Antivirus: ReversingLabs, Detection: 3% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L,.\...........!...... ...........!.. ... !...... .......................`!.....;e!...@...................................!.W.... !............... ..4...@!...................................................... ............... ..H............text..... .. .... ................. ..`.rsrc........ !....... .............@..@.reloc.......@!....... .............@..B..................!.....H...........x............e ..................................................$..9%......Y(..........-'...............0..`...m-..y+..4.......Q:...Y...............]...x...........!......P...!...A.......,.\|.;...................................................................,.;.\|...........`!"#$%&'()+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_................................................................ !"#$%&'()+,-./0123456789:;<=>?................................

C:\Program Files (x86)\Driver Support\DriverSupport.Updater.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	257152
Entropy (8bit):	5.84271541872748
Encrypted:	false
SSDEEP:	6144:4GQ98D4ATHsAypmvjEPqA8XrTe5+/O/8Tl/O/8TWN:691VgTecOUJOUW
MD5:	E3743D5FD893CBFB9F2C7413981F3ED7
SHA1:	DEF4271B56E548CFEC61B1F1259A0FDEB6F8D5DF
SHA-256:	CAE71A9A977B3395F7BBA7B2E80DE4A0FF7E30BD348BF8BB52C960E2F63C490B
SHA-512:	8FAF09B885FDD62D968AE5D019A536382947C3077CA7B4F5617D1DC5352873EF1295FD729480AB67010CFBCF86ECD9110EC877FDBF9DDFD8FF375310265D899D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...G,.\.................@...v......>^... ...`....@.. ....................................@..................................]..W....`..ps...............4..........L................................................ ............... ..H............text...D>... ...@.................. ..`.rsrc...ps...`...t...B..............@..@.reloc..............................@..B................ ^......H...........(.......1...$&...7...........................................0...........%(.....}......}........0...........{......0...........{......0...........(Z.....o[......0..z........E.........E........&...O...5...F.....(....r...po..... ..BZ.........Hh..+..(....:#... ...s..........Hh..+. ..l..........Hh+. ...X..........Hh+.,.8....+. ... .........Hh&+. ..4g.........Hh+...r3..p.(........ ...{...........Hh..8#... Ji...........Hh JiSY.........Hh..E....;.......;.... ........

C:\Program Files (x86)\Driver Support\DriverSupport.Updater.exe.config

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2429
Entropy (8bit):	5.167723131058078
Encrypted:	false
SSDEEP:	48:cR2sr3+/ZdyqS+q5pl293SsXIA7AGdEft4LpQfDBzsTj70nqmlXq5psjzUQ:ar3+/CN+COu8pQfD5cjYn9lXCejzUQ
MD5:	B0DCE61F74DB89BC4FEA6468DC09BAAB
SHA1:	ED872CE9D47F75A6ED515CB1785A2EB7A9FA01BB
SHA-256:	12D403AAF6BC09E846A3181675FA198CE2FD6A073848629C0797072C9F3CCB5C
SHA-512:	1CA80600A30FF4D0B032D924D75F5504E83D0AA1DFF465CD8269B394625D09AA84ED1A3BBA9519513D585883727600C581306F810935180EF1EF524353860AB9
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <configSections>.. <section name="updaterConfiguration" type="Microsoft.ApplicationBlocks.Updater.Configuration.ApplicationUpdaterSettings, Microsoft.ApplicationBlocks.Updater" />.. <section name="securityCryptographyConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.Configuration.CryptographySettings, Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null" />.. <section name="loggingConfiguration2" type="ExceptionLogging.Configuration.ExceptionLoggingSettings, ExceptionLogging, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />.. </configSections>.. <loggingConfiguration2>.. <exceptionHandlers>.. <add name="Client" type="Agent.ExceptionLogging.ExceptionManager,Agent.ExceptionLogging">.. <notificationProviders>.. <add name="WebService" type="Agent.ExceptionLogging.WSLogNotifier,Agent.ExceptionLog

C:\Program Files (x86)\Driver Support\DriverSupport.chm

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	MS Windows HtmlHelp Data
Category:	dropped
Size (bytes):	48206
Entropy (8bit):	7.430662197746793
Encrypted:	false
SSDEEP:	768:efjbEtHsRxLQId4KsqLbYR3Hup1xmODv5hyEOBo9otNHKkQ3RfM8C3:efjbEl6pfYR3up1kODfPoXHhE1RC3
MD5:	D37ECAD2B7BBF32B05A307523A029854
SHA1:	C21719CD8BD718E8B49B95C40516CA63F8E0A7ED
SHA-256:	D497D11D2B79D6BC788D572CDA8728F987EA28E3F7EE1813C5BFB9C0052D85FB
SHA-512:	048B9AAC6601B95A2BA19B8BDF6C059C2918803D43C2DEFE01A3D63F7ABB7994F70ACEAED4D62B6A229302D6404D736F665806E010FAE42C428D6025A7EB90EC
Malicious:	false
Reputation:	unknown
Preview:	ITSF....`........=........\|.{.......".....\|.{......."..`...............x.......T.......................N...............ITSP....T...........................................j..].!......."..T...............PMGL]................/..../#IDXHDR...E.../#ITBITS..../#STRINGS.....(./#SYSTEM..N.(./#TOPICS...E.`./#URLSTR......./#URLTBL...%.h./#WINDOWS... .L./$FIftiMain...3..../$OBJINST...t.?./$WWAssociativeLinks/..../$WWAssociativeLinks/Property...p../$WWKeywordLinks/..../$WWKeywordLinks/Property...l../AskaQuestion.htm....:./bad.gif.....g./Chipset.htm..C.}./disk_blue_information.gif...G.../disk_greenInformation.gif..._.../download.gif...g.../download64.gif......./download64Check.gif.../.../downloadcheck.gif......./DownloadHistory.htm..@.m./DriverBackupStep1.htm...A.'./DriverBackupStep2.htm...h.S./DriverBackupWizard.htm...;.U./DriverDownload.htm..-.../DriverInformation.htm...-.8./DriverInstall.htm...e.q./DriverScan.htm...V.../DriverSupportHelpTOC.hhc......./Exception.htm.....a./first_aid.gif...D.c.

C:\Program Files (x86)\Driver Support\DriverSupport.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	10714752
Entropy (8bit):	6.3137018154174465
Encrypted:	false
SSDEEP:	98304:rmqME2fcZJigsDUnmIOd5mK4C6gb0JX9MlMSMlMCMlMLCMEGGMlMbiws2uX3z1UG:rmq17OdwK4C6S09ANsD3zmG
MD5:	B817A3469F1909432A76C6FEAA8F2B91
SHA1:	8AC9826D4901AF89408E78C41BD4A12133E90C9C
SHA-256:	A3512AC51790782E75A1E7E236239CB89C997F69E2662280121B52C8F090AFA3
SHA-512:	C85511BD20ECC788A24EBFF1422BC6888BE098D55CAC274C867C1AFE1A1CB85C6E4638417F329EB72D1B0D9E0856CD7488381D3D5994F4C198836F47436D5C0B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...=,.\................................. ........@.. ....................................@....................................S.......p............J...4............H.............................................. ............... ..H............text...$.... ...................... ..`.rsrc...p...........................@..@.reloc...............H..............@..B........................H.........H.H............JX..aE......................................................................................................0...........%(.....}......}........0...........{......0...........{....*..0..Q....... ..)..........Hh....E.........E..........E....l............{..... ..c............Hh+. .............Hh+.,.+. .............Hh&+. ..3H.........Hh+.. ..~p.........Hh...+.+.....(....tO.....\|......(...+......... ..#D.........Hh...8B... h.Y.........Hh h.vG..........

C:\Program Files (x86)\Driver Support\DriverSupport.exe.config

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2815
Entropy (8bit):	5.094755769643357
Encrypted:	false
SSDEEP:	48:cR2sr3+/ZdyqS+q5pl293SsX5yRiA7AGdEftuA7ftqZA7dEAGYtupysTj70nqml7:ar3+/CN+CnR9uRFqudupycjYn9lXCejp
MD5:	4CD4EEA24AF663E28286796926CA5916
SHA1:	61B9A06C20BABED9004A08D6B9FDBCB5168A945F
SHA-256:	9D0000D8449DFF9D20ACD2AA2AC986C2110234058C788E4CA9E316B7F6992307
SHA-512:	10ABBE7DC46588CB7DE3F127ED87C731B86BEB5AF7E98545913F08B0AD35275110F68DD60ECA639FF1B1BEBCA1F1CEA9135E28C35CF158FACD489B71B3FA67BA
Malicious:	true
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <configSections>.. <section name="updaterConfiguration" type="Microsoft.ApplicationBlocks.Updater.Configuration.ApplicationUpdaterSettings, Microsoft.ApplicationBlocks.Updater" />.. <section name="securityCryptographyConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.Configuration.CryptographySettings, Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null" />.. <section name="loggingConfiguration2" type="ExceptionLogging.Configuration.ExceptionLoggingSettings, ExceptionLogging, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />.. </configSections>.. <appSettings>.. <add key="RuleHistoryPurgeTimeSpan" value="30"/>.. <add key="VideoUrl" value="https://webservices.drivershq.com/2011/12/Youtube/YouTubePlayer.html"/>.. </appSettings>.. <loggingConfiguration2>.. <exceptionHandlers>.. <add name="Client" type="

C:\Program Files (x86)\Driver Support\ExceptionLogging.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	40064
Entropy (8bit):	6.3409666793434365
Encrypted:	false
SSDEEP:	384:tLtricXaODuII4QotdE0WMmPDNgi+hE41pHphQNHJKMzOvBgsbsnYPL9RKbWTTRx:AODuII4QorEJPDNgim79JHbsGqTM3hPn
MD5:	61957056AADF870C10F7DEEAD2421D8C
SHA1:	FA481B1D0BC3995D6BF9686A26F24BB80BFEC8B4
SHA-256:	90671B81F8668CFCB6FD5C6B7CDC05FDE95005C13136A934B5B46C4A5FE5DB16
SHA-512:	A9C4959AB8E462A197BF171145B128608195FA73BC0A58AA00530F941C227D921E220FAF45568063F8FE01682D76D6E76DD5142AB993379C147D068E1376B947
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+.\...........!.....^...........\|... ........... ...............................r....@.................................\\|..O....................h...4..........${............................................... ............... ..H............text....\... ...^.................. ..`.rsrc................`..............@..@.reloc...............f..............@..B.................\|......H........6..pD..........H5..i............................................(...+......0.........................o...."..(....f..(....,...(.......o....:........(....6..(.........6..(.........:..(.........."..(......(......(......(....F.r...p(....t...6.r...p.(....F.r...p(....t...6.r...p.(......(......(....b..(.....r...ps....(....F.r9..p(....t......(......{....:.(......}....>..(......}....B...( .....}...."..(....&...(....*....(....F.r...p(....t....*Br

C:\Program Files (x86)\Driver Support\ICSharpCode.SharpZipLib.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	214144
Entropy (8bit):	5.840595869464529
Encrypted:	false
SSDEEP:	3072:AjMibqfQqFyGCDXiW9Pp/+Tl4abpuu201PB1BBXIDwtqSPVINrAfvp1ted:DibqI59PpOPf201/z7p2d
MD5:	B17D3F8E8DD2E7B17B67EEC5203DF056
SHA1:	FE885A69A30B1C0CD512A360C18388516DDAA921
SHA-256:	A5446424A38C957D57CB4D580F5F568CE1EDA3A31B475CABB17850145D4D0758
SHA-512:	874E1402DDBBDB00B0CCB6753E5993F601AAA37F84D4CC09CAC6983DF121D645100148AACEDD7A9160B861667D8BB34DBA9AFFCF4F0BD172B1FBD271739F9C5C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<.K...........!......... ......^.... ........@.. .......................@...........@.....................................K........................4... ....................................................... ............... ..H............text...d.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Driver Support\ISUninstall.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32384
Entropy (8bit):	6.447305039964087
Encrypted:	false
SSDEEP:	384:LDczzwdh0Mr+DGJnoLluKtZXZiPaSu02nmOPNVusnYPL9RKbWTTjyV0RKbWTTjiq:LDczzwdhdSDGJnoLl8XzsG+VgOv23whi
MD5:	527314A9529CF682658A84FF512E360F
SHA1:	8959A546BC280A66CCD492BE41F6201B60437E33
SHA-256:	D261F7D48B21C8BCC64CC661CE0ECF9B85CBFFFA8D671CE0A55CDD4DA39F97B0
SHA-512:	1A720DFB04B713EA582AB4E70EB825219B5C8E9B02B27E93954A411432DB3462BB9272D87684893C7829BF1C062D002FA24CD8866D5F7C7092F9FC10721A78E5
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+.\.................>...........\... ...`....@.. ...............................3....@.................................\|\..O....`..(............J...4..........D[............................................... ............... ..H............text....<... ...>.................. ..`.rsrc...(....`.......@..............@..@.reloc...............H..............@..B.................\......H.......d4...&..........(...<.............................................(.....0...........(......%o..... `o........{...."..}......{...."..}......{...."..}......{....,..(....(....-..(....(........"..}........0..A........{....-2.s....}.....{.... ....o.....{...........s....o.....{........0..[.........}.....(.....(......(....o.......(.....[.(.....[Ys ...(!.....(.....{.....o"....(....o#.....0..>........(....,..{.....(....s$...o%...+..(&.......r...p('...&.(&.....*..

C:\Program Files (x86)\Driver Support\ISUninstall.exe.config

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	213
Entropy (8bit):	4.909110919638626
Encrypted:	false
SSDEEP:	6:TMV0kIffVymRMT4/0xC/C7VNQAofC7V2bopuAW4QIm:TMG13VymhsSQzofbU93xm
MD5:	C047508A4A1F583B7ED31EC7B0DF9695
SHA1:	9BF6B15318145E7E46682F19D5CD38BED8B2B119
SHA-256:	CD999BAA036D44D442FE43A541D69F04BA206C58938F3C22EC0F226493C63E35
SHA-512:	418D3BB5186ECB7C54FDD95CC5B494AD837E8A7E5CF21C0CE3F0CB90264786C13105A93C4C877C85CF14CEA5809ED151ECEB7EE48BE88F788BB2C2A42416EE0A
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0"?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.. <supportedRuntime version="v2.0.50727"/>.. <supportedRuntime version="v4.0"/>.. </startup>..</configuration>..

C:\Program Files (x86)\Driver Support\Interop.WUApiLib.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	99456
Entropy (8bit):	5.680173521228513
Encrypted:	false
SSDEEP:	1536:Z2kKfq2RQuKDMOoytxL2L4zP+YuqL2zL7SAtDx4la6Omgghg:6QmyxL2L4D+YZL2X7SAtqajd
MD5:	EE7C700015F396AE49BDB0F018A9251D
SHA1:	53E30885DD7BDB75265EB1D4E1ED1874A523BE4A
SHA-256:	453CC673549101D1B07CF070DEF934BA1AE38FE44826A7F3F5E4A186C3DAACB1
SHA-512:	3D77A6A7D5126CC52944C7955FBD53CF0E1B6B9E902BB6896FB5025A1C1BA9FB7F12AB66B89DCE11E7AE5CABD3E59A8B482EEED5F0CD91A4E1D719BB12C5EC20
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+.\...........!..... ... .......7... ...@....@.. ....................................@.................................47..W....@...............P...4...`....................................................... ............... ..H............text........ ... .................. ..`.rsrc........@.......0..............@..@.reloc.......`.......@..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.ActivationProcessors.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	103552
Entropy (8bit):	5.2741811577244455
Encrypted:	false
SSDEEP:	1536:ZrC2/i1WLc4edigFQrTLMneGxTYCY7b9seUVghI:Zrb/i1OD08TJGxTYCib9seC
MD5:	84AA59025BCEE8E0295FC007A229600F
SHA1:	F63B22DD05D8ADCE49173515C1E10A365679A558
SHA-256:	65B1E0BA0B5582EDC1D2D09128BE4FD266CF22B61E6F3C5681C4A192B8A2686A
SHA-512:	EA9C43E208983E20B8638DD862E9F527F1664BD465F86397FB5520E64C37DE083D08A7F68169C674B525F8F342A716D36DBB15A6F86648D1CDE6AAAFB300D91F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+.\...........!.....0... ......^I... ...`....... ...................................@..................................I..W....`...............`...4...........G............................................... ............... ..H............text...d)... ...0.................. ..`.rsrc........`.......@..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.Downloaders.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	42112
Entropy (8bit):	5.311988104412826
Encrypted:	false
SSDEEP:	384:NNvem+ZJexIoQ3PnCG/qqlweKLKD543nYPL9RKbWTTjVPvRKbWTTjd2B5JNNzFwI:TxJQ3KGtGeKB3GxRB2H3whe
MD5:	D64428E92572A5DB34CB74BA2E5E8307
SHA1:	E21CB899BC5216532D18D58B9F4C8CE323827B0A
SHA-256:	3DB00B55605C650DAC1FE75FF4ACB7D67C4B0E0E567FA904D2A8F667731C448A
SHA-512:	184CDAE219169F7260C83777B3C7935FC9C42DC695634D7941DAF28021C5F96FC6F0D8F1C7A543704245A569CE68E8EC56001E6B7CF936E65C4770AEC76C4B49
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+.\...........!.....@... .......]... ...`....... ....................................@..................................\..S....`...............p...4...........[............................................... ............... ..H............text...$=... ...@.................. ..`.rsrc........`.......P..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	132224
Entropy (8bit):	5.717174885349114
Encrypted:	false
SSDEEP:	1536:1qz+VWY+QKw1HTZOcDGdwbELllNJhI1mq12DXK6I74PBFeKLWyJO1NhvpE8pgh8:1qSVqQKAEV9n0mnDXK6IILJJKNhhDF
MD5:	77444904110DDC983D5038BF78AF718A
SHA1:	E8A666DF1DDFF05E61573384E9AA527A3C5E061E
SHA-256:	529867E3471081B8C84AEB7A9B08C5817E62B27E68EBA7672CEDB56F1DDFDFF6
SHA-512:	CA7FDCEB8263BFD15F17A63A092CF076F270103C50D5878951220C5C261E272A5F645CA822B73B11165E1BBF373F9742CCD30A10E828D6706DBDE3D084D056FA
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+.\...........!......... .......... ........... ..............................Kt....@.................................t...W.......h................4..........<................................................ ............... ..H............text....... ...................... ..`.rsrc...h...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Common.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	103552
Entropy (8bit):	5.569098485624807
Encrypted:	false
SSDEEP:	1536:liUeu2LFRbBpbkQumaJT4HlQEg+LoawDM307gh/x:ULLFtDg4BLoawDM3Fx
MD5:	4DA55096334108E647D7517EDE7FA2E4
SHA1:	C6CFF59E63588AF75AE212F326178793A78C8F64
SHA-256:	66A92672784DAF1BB8165CAE0EA5A191E345F5109351FB3D100EA59FB5BB9DD4
SHA-512:	EFC42919E4F90851C816EE3D1231FE3D9294917B468E79CB96A71B31AA3B30FCAEAEF5E6359EC2D8A7C3D905FBBF7D5FC89AB743469205B40EC9DB4D4B04A320
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+.\...........!.....0... ......NC... ...`....... ...............................m....@..................................C..K....`..h............`...4...........A............................................... ............... ..H............text...T#... ...0.................. ..`.rsrc...h....`.......@..............@..@.reloc...............P..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Driver Support\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	83072
Entropy (8bit):	5.581521864799099
Encrypted:	false
SSDEEP:	1536:WpT8dbvYb63EcK+pxuB8IPbjo/twIKKMC5z3CcCNf5Gb/00lkLeLKD2VmzYm3hg/:9BYb6UcKLGb/00lzR/
MD5:	140E8F8313C40E30C10A04BE139C1B35
SHA1:	913ADC091B5C2268DC872B4D32988D60085B7688
SHA-256:	CCF26343E3AE261AB0426EF7171F87EDE70DA251C6576DA3352B4BA5791B7F78
SHA-512:	93D7CB52E7E51B06213E1F2F949CE098A8DA132819640C177C48D0F7C70860E873AB27586DB8794BB4CA832DABFBDC94E5D07302D2AA4CE44213F70AB508640A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 2% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+.\...........!......... ........... ........... .......................@......1.....@.....................................K........................4... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Driver Support\Microsoft.Practices.ObjectBuilder.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	60032
Entropy (8bit):	6.197447809595913
Encrypted:	false
SSDEEP:	768:SHErcdcwzPmo1CPFf8E9Ogp3/X4OntNBXqC5m0Ie40VqG9+3htf:A6cTPmSE93p3/ltNB3F03htf
MD5:	195017ED68AB049F35A4932A7F2B17EC
SHA1:	9A26D2F0B5C5994D69E3601D8E6714E6BDFA4A22
SHA-256:	2FAFEA91AE704EA222B14D8C6963AC9293942202D12AA7225F1C8352AF92963C
SHA-512:	B270B8BF18F8D18637EC1324DFC11F80349A87016797F87F39CEA18A1B7F295731E7FA0049CAFFBC0D428383C764459F946F1734844C8DD7A77219E6E86D289C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 3% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+.\...........!................~.... ........... ....................... ............@.................................$...W.......x................4........................................................... ............... ..H............text........ ...................... ..`.rsrc...x...........................@..@.reloc..............................@..B................`.......H........X..lq...........N..............................................z.......(...........o...........0............o.....,.......o.........0............o.....,....o........0..<.......s.........+.......o....o....o......X....i2.r...p.o....(.....0..\........o).....o...+..,J(........(......(..............(....o........o........%-.&r...p......o.....0..S........o).....o...+..,A(.......(......(..............(....o........o....o..........o....R.o).....o...+........(....

C:\Program Files (x86)\Driver Support\Microsoft.Win32.TaskScheduler.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	143488
Entropy (8bit):	6.0830812434382
Encrypted:	false
SSDEEP:	3072:bePL7A8pr0SUUmGAm09RdF+FyjAkRwxz+KIO7m146izErlk061:bqCSUxlmY1WVZ0a1
MD5:	C153BFA79716874DADFBC5147F9B846C
SHA1:	6013A9FC6CBDCE44CB2A4BB6A9A871711462E272
SHA-256:	9C43AFD29E879B77C1CAED5F8DFEFF37566CEC60A476347FAC7C223AAFA46EF7
SHA-512:	AD72005F7ED58B5B8B5D852915FDB32B173C488EED4591B79E80E1B3F5AC93984F9C7380390839881B99577DB4B946D9C7DA48811FBDD6F0C1051CED8729E57F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....G(N...........!..................... ... ....@.. .......................`............@.....................................K.... ...................4...@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H...........dK..............%...........................................N.($....(.....(......($....(......(......(......(.......(.......}.....(.....(......{....,..{....or...-..{............0..B........{....,..{....os....{....o......H.......\..o%......i.3....~&......0..@........{....,..{....ot....{....o......H.......\..o%......i.3.........{.....0..1.........}......}.....~....('......{........}.....(....2.r...p(....F.(....-...{....*..,..o(...~&...()...,......{....

C:\Program Files (x86)\Driver Support\RuleEngine.XmlSerializers.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	78976
Entropy (8bit):	5.019816180565156
Encrypted:	false
SSDEEP:	1536:VftxR2CkbmeUrZQ12qBc9VCu3p2mPff1NcvylQS74tkfMFx+9reowWPsOD3XIMD9:VftWCveUrZQ12qBc9VCu3p2mPff1Ncvg
MD5:	D7DE61D363F4889673DF3D54EDC21BCB
SHA1:	AA2A801EB295BE2E0A7CB293F7752AF65206D3AA
SHA-256:	869FE90DFAE2B13D87143EA21CA4A922E078C3F9EC9EDB5DACEAF7AB89563A9A
SHA-512:	C9F39398B74A4E846D0A8C637223012EAE9FA3F2886EEBC4950C2528788BFB3FB32D3496BCBBFB1CE1D68D717DE6BEF95592E73065A816F53C983EFBDD1FD1A0
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+.\...........!......... ......>.... ........@.. .......................@...........@.....................................K........................4... ....................................................... ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Driver Support\RuleEngine.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	939648
Entropy (8bit):	5.332874964825745
Encrypted:	false
SSDEEP:	12288:Ayxyp/3QqvDOjG7L2UxBxXyv++txhLJy4vky1m6hcYLCdq4iJd2g7tm:AyxyuqSe6U/xCnTJ7ky1DdCdqzd2g7tm
MD5:	C2F158BAF222FEEBBA53F76CA188EB5A
SHA1:	94D8B80C680AC72CC2D0EC8C56A18CC4A4736146
SHA-256:	F0FDAF6CDB31957AB95A93433359CE857CB09799337586EBC109C8CFF82F4C89
SHA-512:	91F483273F01ABD2678635E2C4F94E5986D7D8B4AE2382FE3E2DC6A122AB8258CAF5A9370FCB609FEB22FB8C31EC946F1231F68CA43DC8C8861839AF3612892C
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Q,.\...........!.................9... ...@....... ....................................@.................................l9..O....@..............."...4...`.......Y............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................9......H.......xZ...............................................................0...........%(.....}......}........0...........{......0...........{......0...........(U.....0............(V....0.............(W.......0.......... ..a.........Hh ...C..........Hh..E........).......+. ...:.........Hh&+. ..rV.........Hh+... ..jh..........Hh+. ...a..........Hh+.,. .............Hh9.....oX...*....0.......... .../.........Hh ...".........Hh..E........+.......+. ..8?..........Hh&+. ...S..

C:\Program Files (x86)\Driver Support\ThemePack.DriverSupport.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1266304
Entropy (8bit):	7.480430800978765
Encrypted:	false
SSDEEP:	12288:6AWwFIzX8OTrJsBFhJJ9Rz2ThDxJm2sWIlqTU+cNGJ3Y4ZKWlek6rk:6AWwAJTlsxJETJ7RsWbQPsxY4ZK3k6rk
MD5:	A2EB6D7EF990D91841DD514976DF33F5
SHA1:	4816231AF6C3DEACE9E2C0751FB7E52793489F18
SHA-256:	62581DE936EFB1025531636A831E7A923ACFFDC16533750DFF89D5E3C61695BA
SHA-512:	586CEFD826174215662013B503C90BD6831A99F6F9A97FE2DC2833B97E1847809A7C2C504749E21F85CD68F5D0DCCE2537520E4F287EA1C490439C8D3ADB852C
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+.\...........!................^3... ...@....... ....................................@..................................3..W....@..@................4...`.......1............................................... ............... ..H............text...d.... ...................... ..`.rsrc...@....@......................@..@.reloc.......`......................@..B................@3......H............g...........=................................................(.....0..3.......~.....(...., r...p.....(....o....s...........~.....~...........V(....rQ..p~....o....V(....r...p~....o....V(....r...p~....o....V(....r...p~....o....V(....rs..p~....o....V(....r...p~....o....V(....r%..p~....o....V(....rs..p~....o....V(....r...p~....o....V(....r...p~....o....V(....r_..p~....o....V(....r...p~....o....V(....r...p~....o....V(....r[..p~....o....V(....r...p~..

C:\Program Files (x86)\Driver Support\Uninstall.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	429280
Entropy (8bit):	5.699303029867455
Encrypted:	false
SSDEEP:	1536:BPzUmdx2gahvwPBW7rfoOc7kse0Uk/MJX2uL6k:BPzUQ2gyYqrf5c7etkEJX2uL6k
MD5:	BD8EF54ACDA55406A44ED8E7A5DCC3CD
SHA1:	4B5C7573FD01B86F45705F462A7E5EAE0597ACF5
SHA-256:	CBA063171B20105E1A53665C99A590D17A20CDD2DB320D5E4A59B3CFEC8C52CC
SHA-512:	8AD48A62CD18FADCB134F5BD1B35C78B32AA40493629B7E2F70A85002C16C2AF23D653CD70D1D7ABB9A6122402F033BF0746FBDAD59F34A3DDE7302821430049
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F......F...G.v.F......F..v...F...@...F.Rich..F.........................PE..L....c.W.................^..........+2.......p....@..........................`.......h....@.................................(t..........`...........`X...4...........................................................p...............................text....].......^.................. ..`.rdata..F....p.......b..............@..@.data................v..............@....ndata...`...@...........................rsrc...`............z..............@..@................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Driver Support\XPBurnComponent.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	62592
Entropy (8bit):	5.301829224484104
Encrypted:	false
SSDEEP:	768:62Uuf1H3im9ix0iSA3hEwGsgfl2c+1PxW0xImELMQxO4emN8b+ZmnkGIy9BoX3ws:62UeXsCShO+13wmn2y9Ggh6
MD5:	7176B71B6A4E5A8540E4C0C6A4127CC9
SHA1:	DE6236310622A81EA4783125EC7750973C314385
SHA-256:	64A9C6D8741B6B4FAA802A96D7BC446E4804DD3CD4E1D7AB1203F4A4A3E8C372
SHA-512:	814ADB9F7C16E445EC6160FBD86E000AB9A296529181FA3BB04C93435DF14A3A8D0D81F669F17E074EA8FD0CA4834EC22C63FC2D52BA146D3111B16F2AD0DD3C
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....E...........!......... ........... ........... ..............................bR......................................4...W........................4........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Program Files (x86)\Driver Support\config.dat

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (1432), with no line terminators
Category:	dropped
Size (bytes):	1435
Entropy (8bit):	5.984482056835913
Encrypted:	false
SSDEEP:	24:vGkf2JY6oFqkkL/dcRaOoH8MwtHsZ0ZeChGy+FznxjWT1gcxvoQP08safzR4WJx4:v/SY6oFo/dYW9wtM0Z5HEx8g4ov8safG
MD5:	763E08A702354802C938424CE937DBEA
SHA1:	8298DDC94C424D432F228E378C3C99585CFCDE11
SHA-256:	B4B55973755DC7DD1B3B8E8C9DE2801DA04116BABEB539EF1EC537ACD4751364
SHA-512:	67DF4B29CF2278740687527CE1D7DB054A378FB9FD4E1416AB8492D18F9638F0A4E4C894205B48053E64AB660B90D22785D6FB34FC71E8B06520FA01E1FE58DC
Malicious:	false
Reputation:	unknown
Preview:	.DJ9bI306+IboCt3EOf/OKqy2IYz4GC4sXoxS9lEEIxJPJ/mlJD2eY5reTfpwe5A+PSeyCWcbYSARSn+PQUXPiflu1BSJ/YMoMjTwWDrdByhdlO+OtOKISKb/ntwv5De/2D3SeZZxajfs//SwsA/wDOflj7DRNEYrfYjhnz+B7KkUbBq+PoivV7iYR9g1p7hBu9LYskJmCjXgwP4dFxqAB9K2QM+0uupYOSPN7z9ERPHN8a6BaZ92H7HsQdyc5fduGRj2zJP8dVbtdzTRM+mr3clr9B0uEaCqPTSVoI/jNG9AEWocMeJCU+gKfaTEc2fYukE0g+iUZxT7v0npzNgX1cYuFd8CL6rcwZsf9zQzfekdSw+qzGVsTZEec+rPQKuDjli3kbybkAzWfJnvDCBaq8d4e2lIbUwEeelhJpzW3gPVXuAe62WFcY4sX7CWTSCchIM4eOuThZ+K4QUOLZV1LNJPSZvOJl9eaPC/U5QfjsNDxobjMPjhJ08jL/gv04zx3LMy77I/+yF2InvyQy4J/GkKB+ctNbnFWA6kmvudi5fn7RNriDssd7PCYTMenohO81yz07K/unFa9xvtrHPEEmxbg+eKep8Zg2p/W1Yzk2coc6CIdYC7KWj1cmGtbq3vlbbFzSj01gY2v2cBBEHy9/wQsSrqbZXysX+aS17z3zejpIbyGJfpLp5Svf2W2fnA3C5fCq1fVI6xMBZaL6hDv+IYhOVbs9nuSJBdir6Q1MCfc8jVWRauUe2uyVmiUBaKg0AqIIzoBNtIixTH/0BQ0St4VsG8DrGEdTcrii7bt9WGgHsRa1l7XsVHxT3tNz+MNTTdO7AdyP5eWbPoYkWUcektVwMUVr6Q7/MGgdkHWlVU3+rUCCq9m2u+rpoF/AYKPgSTEniWS6nKxqTHbVS0zc+Zxi+hqIb06YNHTZQsHJzZjVtdhyP1lVZa5K1hqLi4JR8yz0opxLcKGAHf/PFlqIYR2WOV+Fffos54P

C:\Program Files (x86)\Driver Support\cpuidsdk.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	973048
Entropy (8bit):	6.710650975611021
Encrypted:	false
SSDEEP:	24576:v3OobTIyAFimOdjo1Pate8y80VDPOJfapsmPz5UqPKGel21:PfgyA0Xe8yx5Ocsm7P1
MD5:	9498C7434907BA4F52063D9B381D02E5
SHA1:	D478B49C9EA7087B0AC9546460DFEEC2920B52CC
SHA-256:	80B4123C03B6F96F3CA5F82F6FE6A41ADF11671167829CCEDF9349DCDBDA56B3
SHA-512:	43FBD9632863F06A75853FCBFDCB0F92555145BC099B8AC8FC10D2C8341031ED0F9BFB82A5617EBD27040CDA2313D66F85C85194BD6D87E7787C33B6C374543E
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......Y%...D..D..D..<...D..<i..D.:....D..<n.wD...n..D..H...D..H...D..g...D.:....D..D..D..<`..D..<x..D...~..D..D}..D..<{..D.Rich.D.................PE..L......Y...........!.....L...L...............`......................................d...................................N................c...............<......8....b..................................@............`...............................text....K.......L.................. ..`.rdata.......`.......P..............@..@.data....d... ...>..................@....rsrc....c.......d...N..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................

C:\ProgramData\Driver Support\Driver Support\AoServiceManager.dat

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (1688), with no line terminators
Category:	dropped
Size (bytes):	3378
Entropy (8bit):	3.997296464018734
Encrypted:	false
SSDEEP:	48:jCzve8kPrlv1SJCTr2g2RiQ8npx6YKSAGAjwmkZepkBtum782URJ9FYGQQhTzFUK:w0bS+Cg2RdkZKSAGAjwfZeKLQ9QQROh4
MD5:	61BD46E1870F2D4D343E14A468CBC7FA
SHA1:	CC8D51924F8738FC5FE57D9959821FEAE5443195
SHA-256:	D0AFF6C12F965A60B23321A6BD58C9A9C0A0A0A587AAA7CF98C74E51FF6F90C1
SHA-512:	894873D34202A08795FF410BF5F15AFD3C60C8D6066E28578B18FB90DA2F62B6C99CEA36A4CFA120D70C1F9698A730E50BA890EDEFE1B85EEB2DFE441BEB7DDF
Malicious:	false
Reputation:	unknown
Preview:	..X.l.y.f.J.8.e.H.o.y.X.K.K.R.V.u.D.l.1.T.P.n.c.V.k.i.X.V.g.6.R.N.O.+.O.F.v.q.R.O.z.4./.z.F.k.T.P.V.M.N.w.r.T.1.m.0.v.8.0.D.I./.K.y.q.V.L.k.s.5.O.a.M.q.m.A.4.E.C.Z.V.d.p.C.O.H.L.X.V.l.l.y.M.S.A.m.j.N.b.o.Q.f.C.1.5.k.j.L.O.O.F.L.p.W.S.q.U.2.H.p.3.D.D.a.y.d.0.I.x.u.5.6.n.c.V.N.m.M.4.H.n.a.g.R.e.i.6.9.P.5.h.9.x.x.i.h.7.I.l.M.e.a.Z.s.b.j.c.w.z.X.L.u./.M.I.f.K.P.X.K.j.Q.l.P.f.2.s.D.0.b.u.u.W./.s.s.x.A.N.O.C.n.1.6.W.N.B./.X.u.e.+.9.V.R.G.S.2.e.f.v.n.c.L.5.l.y.Q.7.o.J.T.F.G.i.t.j.5.W.r.H.O.K.w.i.V.9.h.l.s.u.k.h.g.A.w.B.o.m.f./.z.C.4.a.F.Z.9.7.t.f.v.s.n.u.M.Q.s.5.c.Y.f.7.l.3.E.4.o.W.d.L.6.Y.k.c.U.1.6.M.y.I.y.a.P.2.+.A.b.W.0.+.J.C.3.s.a.i.v.O.M.1.v.X.a.U.a.b.b.u.1.v.O.m.6.c.J.8.x.Z.K.G.p.s.x.P.r.N.U.Z.P.+.b.U.x.j.9.v.9.p.M.E.o.x.D.0.2.R.3.4.s./.h.e.V.9.Z.a.t.O.l.v.c.O.N.q.Y.0.+.M.R.4.G.Q.J.i.E.S.2.M.l.J.C.R.R.m./.y.W.7.f.a.c.y.Q.V.K.S.v.S.a.5.e.0.G.0.o.2.8.w.T.K.0.a.1.m.u.S.r.1.f.1.c.m.u.f.S.C.R.P.c.D.q.2.2.r.C.b.Z.A.z.u.w.i.Y.t.r.k.Y.y.5.W.W.Y.H.w.L.S.t.W.B.R.z.S.0.o.O.R.A.F.j.7.i.u.I./.e.W.j.

C:\ProgramData\Driver Support\Driver Support\CPUID.dat

Download File

Process:	C:\Program Files (x86)\Driver Support\Agent.CPU.exe
File Type:	ASCII text, with very long lines (600), with no line terminators
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	12:bOMNTa3nL2fF4SPOUNQMN5RNoypJdvTeOe7KWOkEk1Gi/P4jIGL1OOzfXL:bDNTEnLiFDPOUOOboypnT07KVk1Gi/wr
MD5:	41506E107FFDB08D645D7385760640A8
SHA1:	5B326502F24531E8FCF9DE3322AD931A3041776E
SHA-256:	03B858142FD106BDFB4EFEB4CAB0C0936B500142820ECDE1087D1C8CFBE4F4ED
SHA-512:	6964E27070EA6AAE4905EA378040D89507F809DDB6DF2796BD8F2FCA84D457C9B1B1285C3DB6145E8022F7FA65949C593EDBC215B25AFF159CEE2E634AD15B9E
Malicious:	false
Reputation:	unknown
Preview:	yoPxlUrY4scjozJakJpI8aJnU0sYwzXiCbqgG2sa85zb1HuSPHj6CwcmaXegUR4kZakul8kK5uAOa3lEU3iq/689vo2cM49239OfhVfFs/6dvr+HyPiyLHo44tbjQnB8vh75uj3D9aWYf2Xg15wiIZxXrXY+GOiQxS64OrkfFCACP+TKpFPvtpKyEhhqFy3rxBXTgmtWQLvGUkfLc0yWbn24JALBVXIosENodp6vma3sXAkSfarURCyjEeAG5UjALivgPRvFslIt5ZW/soMGh+cgSB2NSDrNCWLJD9ocic8P+qGdkOh0aCNV7QOmg7+GUSc8+nEb4m1al9Pf4hF/wFc4wxU5viC3MD/ZmrPlTZR7P+vZwBb6P0qSWyPpAjAStkuXeRQS0phsRVT4y6YqY+EHwVZueAi/2Z9ukn9RCqdLbBCpsHqD3P5wKSc3NSD4s2phdk+C1ehOpkL0JP52I9qHmB6vXxycRGlX+rSTcM1Gjd+NuqwjTL4rofxjqFhH1uP0FcMIlHe1pjUeQm6MWYDDM6NrkK/umb1idMzZO+jUx7ILQS2p7arPmD1VJMZzgecrJG4gUcJsO2YA7tofEQ==

C:\ProgramData\Driver Support\Driver Support\DDRM\0b773f6a28904bd594cff433cc0388fd.png

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	PNG image data, 200 x 150, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	8278
Entropy (8bit):	7.941146423398454
Encrypted:	false
SSDEEP:	192:LpFFFFFFFFFFFFziGWuo6SHeUfsBv0OoKhwXT5r1rzP+GDkhUutYDB9zEL2FGTsH:9FFFFFFFFFFFFW56PpBoXNN+Y0tYd3F5
MD5:	367F9B4B1D20F28F528B64E1582C3CD1
SHA1:	DDBA3B3DDA10972A62ED60B6ED31866DA6E00618
SHA-256:	F76B60430379627259311CAF241E6954BA7F32640821FA46A0AB64C412F2DED0
SHA-512:	6B32BE5476F317A8DE92613B4868D12247E6BECD4E3CA93E5F2A021A8C04CCD78B32F53953204534E0C7E5A620FEEDD18A21E0D25A4F74102D957179C08DF6BE
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............PN....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..w.mE..p.9!..$..$G.,(.D......H.D.-I...PDA..D..A.k@@r..%. .T.9.~{..f.O...U...U1.k......gf..L.jh..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..z. ..9D.!....?.......]z<...o....~.oC.Cyuj..G.X....N./..!......_.9.g2t..%#=......2......`.O.x:.:.BF.v..I.!..-...O.5Q...F.1.f..)...!....O.h.).'...gz*4.I[.....Cx..<.7.?T?...?.Y[...../Z.54!...d....z....LZ...h..`0......PiHg.w..g9.{..b0.Pd....)0S.e]..>...?...1...t....`.....#J......i../...k...J[9>.....c.......s>.sQ[l...m....._.C.L.......>...C].A....-J...`p.vu....{.UW]{.....#.5..0.......{.?...~..+...;.x.G......D....;...../..K.A.a^.-32K...z..[o%......?.....O'N...NQ..%."@.3...._....dh<F".3.F...E.St....7...?..5......Y.Sd2.0v...U;

C:\ProgramData\Driver Support\Driver Support\DDRM\1583dda097684504bb8054271f72bc22.png

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	PNG image data, 200 x 150, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	14056
Entropy (8bit):	7.9643395665817565
Encrypted:	false
SSDEEP:	384:jlWHPQ8zUt2Yo8zhzFzPvsBgK3cADLHuEtrBBHhv3Seh:jlEPQUUt2X819PECK3Z3nrB3Seh
MD5:	CC33430A952C75536908A6A744A8AD69
SHA1:	211BC89FC2BA3B7350A01441DBC32BD5BC8A715C
SHA-256:	423B76D79113EDEE2F5DF7F61589F20D45363EFBAA707F4D2A73BDB07BA2A620
SHA-512:	AC15EC79C5101A88B3EB8A605330C821FDED6BE77B70C8A77D091053CEC9C5828625DE825779591F065010D7C371AF1ECF3DC1A70AB15E6D1896037D9C4B5B83
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........+....6}IDATx^.}..l.U..z........hf$.F#i...BH.. ..&0.`.......6v..8....0..(.,;l.f......I.F.h4.4..}...{U..y....Uu...Uu......{o..y..\|U..=k.......i....i~~.n...Coo/..Whll.&&.R.POO.Z;.7$AVWW...t..........i..G.....4N.h..,k....j(H..!.i..........h..I}V....jh....6....j.Un'.e.}W..#\|..h.Z.+K+.r...F.{.}.g..'..E...E!.}.4......j.....[\......F.K..........<..@..L.Lc.12..... Q.cdE.x1aB0qjU:{..U.<C.c;.......:v.n..T.U.....g........~._^.._^qw..F..9..v.....`...Y).....B.F.~L....4........K..\...z....u.rC........;N..........uk LR>.$.a..`Q.Yd.W."..9.mi..D.....uWk4..g....=....(...&H.V.s.......S...._.Z..tc#...E>.....%G.wj .2.5%....t..x.O..>H..Q......z}......v^a.;b5.Z..A.w...T..u4.m..}~Y.2..........y09...,..L.n..=..dv....x..c].$9.!..-.a...)....G..].v..$......-...&GG.....$.v....vWVH..D.f`}.rx'.5.C.L..,..#s..}.W.KAt.@..._...6....M...J.,//..~....m....:s\|E-[..>.d.\.b=...!.B.C.A3-.,f..`

C:\ProgramData\Driver Support\Driver Support\DDRM\5df3bc1e07144c9d8ba75001af126962.png

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	PNG image data, 200 x 150, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	14056
Entropy (8bit):	7.9643395665817565
Encrypted:	false
SSDEEP:	384:jlWHPQ8zUt2Yo8zhzFzPvsBgK3cADLHuEtrBBHhv3Seh:jlEPQUUt2X819PECK3Z3nrB3Seh
MD5:	CC33430A952C75536908A6A744A8AD69
SHA1:	211BC89FC2BA3B7350A01441DBC32BD5BC8A715C
SHA-256:	423B76D79113EDEE2F5DF7F61589F20D45363EFBAA707F4D2A73BDB07BA2A620
SHA-512:	AC15EC79C5101A88B3EB8A605330C821FDED6BE77B70C8A77D091053CEC9C5828625DE825779591F065010D7C371AF1ECF3DC1A70AB15E6D1896037D9C4B5B83
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........+....6}IDATx^.}..l.U..z........hf$.F#i...BH.. ..&0.`.......6v..8....0..(.,;l.f......I.F.h4.4..}...{U..y....Uu...Uu......{o..y..\|U..=k.......i....i~~.n...Coo/..Whll.&&.R.POO.Z;.7$AVWW...t..........i..G.....4N.h..,k....j(H..!.i..........h..I}V....jh....6....j.Un'.e.}W..#\|..h.Z.+K+.r...F.{.}.g..'..E...E!.}.4......j.....[\......F.K..........<..@..L.Lc.12..... Q.cdE.x1aB0qjU:{..U.<C.c;.......:v.n..T.U.....g........~._^.._^qw..F..9..v.....`...Y).....B.F.~L....4........K..\...z....u.rC........;N..........uk LR>.$.a..`Q.Yd.W."..9.mi..D.....uWk4..g....=....(...&H.V.s.......S...._.Z..tc#...E>.....%G.wj .2.5%....t..x.O..>H..Q......z}......v^a.;b5.Z..A.w...T..u4.m..}~Y.2..........y09...,..L.n..=..dv....x..c].$9.!..-.a...)....G..].v..$......-...&GG.....$.v....vWVH..D.f`}.rx'.5.C.L..,..#s..}.W.KAt.@..._...6....M...J.,//..~....m....:s\|E-[..>.d.\.b=...!.B.C.A3-.,f..`

C:\ProgramData\Driver Support\Driver Support\DDRM\74ffc5230a2a4b1e8207edf131738e1e.exe

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	15837424
Entropy (8bit):	7.992136691900696
Encrypted:	true
SSDEEP:	393216:foCymRznxy8qYpExe3BR8FQqlp11Bi+pI/OeYAVCb/qe6uNMGc4:fotmpn34eRRwlp7f2/OwVe1MGc4
MD5:	904FE42B9A5AB084991433F2E2D3BCDA
SHA1:	4BF161497A246B5B0410292E73D7F3BBE9656348
SHA-256:	B234383E574DE471993C265AA4E4EA5B9F5DB46509471878C15CE996F69B9154
SHA-512:	17E2E4FE01B6E0E5624AF54CCD3CB770A617162A167CB7D188BEEEB08F0E4E0431002B68E572D3A48526A760CD0D328872549134F1FB451D26F3DA4D2560F4FC
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..iu..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L....n3T.................\...........2.......p....@..........................p......<.....@..................................s..........`...........x...x............................................................p...............................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data................r..............@....ndata...p...@...........................rsrc...`............v..............@..@................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Driver Support\Driver Support\DDRM\DownloadResourceManager.dat

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (2796), with no line terminators
Category:	dropped
Size (bytes):	5594
Entropy (8bit):	3.9983798792722918
Encrypted:	false
SSDEEP:	96:PBl1XWLyRjZ12BXJZGlcOh7Zw/z2bMrd+BslMoJS6zbqYk38s3rNybco/:PBuLAF1sGlf9w66dGslhY6i393Lo/
MD5:	483DD3C71E6B271C7DAEFCB05D35912A
SHA1:	FE2BDC37A0BA807A4DDBD595A79C9B3B4F92A9C0
SHA-256:	988C4D988EF7C5A087890F4374545DDAA517B6ABF63355D1B367524E6C170D7F
SHA-512:	F3D24EDFA696660D7625C2DE0CD9CF0E0F40E9193CA28C890831B3E4140735866EC6B6E4C780D959BDD8D3D6195431B90F9ED879204A92E80D761F0C57D8024F
Malicious:	false
Reputation:	unknown
Preview:	..T.i.3.O.+.W.W.B.0.U.d.m.k.u.K.V.H.Z.W.7.K.C.u.d.s.X.A.7.S.5.C.w.p.s.6.0.p.O.p.H.M.t.J.A.b.N.V.4.Y.B.z.0.h.P./.z.H.Y.d.p.P.h.T.p.A.r.o.P.p.W.K./.c.n.H.o.u.m.j.+.x.Y.B.n.h.a.4.f.q.8.J.x.W.X.m.1.I.L.z.J.1.r.W.3.p.E.x.4.+.r.w.z.F./.P.E.I.2.n.6./.e.e.I.T.y.Q.d.t.e.+./.h.l.A.k.6.c.5.j.u.l.4.T.e.O.p.4.2.k.k.R.I.b.1.a.o.G.s.G.H.W.s.y.L.e.f.+.f.G.V.a.8.y.+.K.0.E.X.m.Y.M.F.g.a.t.p.C.N.U.Z.1.s.F.7.n.C.w.u.Z.k./.s.g.0.D.H.p.x.b.q.8.4.K.s.Q.n.E.H.N.c.8.e.4.Q.e.S.9.b.B.B.+.P.8.R.S.A.y.V.7.Z.g.b.m./.M.Q.A.Y./.S.p./.E.X.n.4.0.2.E.b.T.0.g.d.G.o.6.F.G.O.5.y.L.w.R.S.C.f.G.A.p.m.s.M.u.a.C.D.K.y.u.n.u.v.B.Y.+.m.E.x.P.T.N.I.z.a.s.g.f.t.Z.M.e.1.F.u.4.w.V.3.N.b.l.y.c.j.A.H.t.c.6.l.H.c.K.M.v.7.I.G.x.h.J.k.d.m.s.x.N.g.8.D.4.w.r.s.E.C.k.Q.F.v.i.K.L.L.S.N.V.t.L.B.z.K.d.i.J.O.w.x.i.X.Z.w.f.0.6.u.l.a.u.h.w.i.p.c.8.I.U.o.v.D.J.l.j.L.a.V.7.f.u.d.l.9.C.O.J.E.r.2.K.E.X.J.K.M.l.+.P.1.g.x.E.f.E.y.P.0.P.x.2.j.L.C.3.q.p.G.d.a.a.e.J.E.L.W.X.w.z.k.K.U.M.7.D.d.v.u.r.P.4.z.d.N.C.N.f.9.K.k.e.a.v.M.g.p.e.k.5.m.u.M.3.a.3.9.J.y.

C:\ProgramData\Driver Support\Driver Support\DDSM\ScanManager.dat

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (32767), with no line terminators
Category:	dropped
Size (bytes):	138242
Entropy (8bit):	3.9998672976824547
Encrypted:	false
SSDEEP:	3072:/QSQ6CpOCP6PPslk3kQ5PpqjRh6GCms2HPY:/Q7b6P33HPp0qyvY
MD5:	59DBD5742B418597D4A560142F01DF95
SHA1:	B4460FA44AD5165E9554DCA3DE0841C24216130D
SHA-256:	10E68303F5998787B6CBC079F5C541CE52F992A19C11A9A8A0B6CBAE8A51B0D6
SHA-512:	988733869413724FC6C2B15B81B90B29B97B6A0357C5874645D0CFAE3BDEFE20DFFC372DABFDD09D92BCCBABAC90009C107FECE86CC37BD289DC9873B306ED47
Malicious:	false
Reputation:	unknown
Preview:	..l.l.l.T.K.0.t.0.B.Q.H.w.K.R.s.I.t.2.F.T.M.J.s.g.D.D.c.0.3.s.Z.g.7.y.Q.y.G.Q.T.R.D.Z.0.d.7.0.K.3.4.J.8.z.O.d.2.o.D.a.d.2.f.X.2.8.H.B.o.S.t.2.L.W.q.G.O./.s.A.U.I.Y.x.n.V.H.a.p.Q.H.7.D.L.n.d.L.t.P.a.j.H.4.B.X.3.L.+.G.A.+.q.8.Y.R.o.g.J.c.y.t.M.2.e.1.x.v.9.W.C.q.S.J.E.e.7.X.q.W./.m.q.H.J.P.8.F.U./.u.j.x.T.S.d.p.d.N.F.B.f.z.J.s.K.2.n.3.j.5.D.e.s.e.4.3.A.a.Z.Y.l.r.t.8.h.S.r.F.U.D.2.C.2.E.L.z.2.p.g./.l.6.e.v.6.Q.N.C.u.S.T.h.m.z.d.y.n.y.D.7.y.c.X.+./.6./.V.A.u.d.i.Q./.u.Q.I.Y./.M.0.M.W.f.P.g.Y.k.4.i.M.k.8.s.y.P.D.7.K.B.X.4.C.e.s.3.M.K.9.K.V.T.2.C.a.6.e.U.1.H.3.4.D.Z.D.E.w.Q.z.8.n.0.v.Z.P.E.7.5.5.I.O.6.1.Y.b.9.C.3.F.Y.m.Y.8.q.g.f.o.o.5.Q.u.T.l.3.j.6.c.z.r.p.Q.M.c.2.p.w.h.U.X.s.4.x.R.B.q.j.C.Y.X.q.s./.h.e.a.F.D.S.q.l.1.p.A.A.e.R.P.S.c.P.T.y.y.I.w.i.3.u.2.X.5.H.I.H.C.W.r.o.D.Y.A.c.1.k.9.O.b.l.P./.A.T.0.m.Q.t.3.B.1.Z.A.4.4.L.n.b.5.s.j.W.q.X.y.M.8.G.Z.A.I.y.H.9.x.k.0.s.a.C.X./.x.u.E.e.j.p.k.R.8.0.M.j.F.B.x.q.W.Y.5.B.Q.c.2.w.z.m.y.T.o.Y.9./.5.+.i.l.h.K.T.1.P.h.3.4.J.C.Y.d.+.M.3.D.Z.L.Q.b.5.D.a.6.u.

C:\ProgramData\Driver Support\Driver Support\RuleEngine\GlobalActions.dat

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	data
Category:	dropped
Size (bytes):	640
Entropy (8bit):	3.94348364922225
Encrypted:	false
SSDEEP:	12:rkGbQb5G6xCJoK60qIjzONc/DWFpdtTn6Cm9hiEwqslWKBlOH54qc8/iu8bdsfJk:rkG8lG6FGDD0dt2P0Eo7lOiI/iu8bdCG
MD5:	9CAAD2B0F49CB35E26856BA46B2D4D36
SHA1:	CB7384EABAE12A009F266BEB3E63C1D5CD7FDBD4
SHA-256:	4D582A9E11112473FA38EC584CE98FAC752A688DAA51435D971CB5E9C8E1D5E9
SHA-512:	6FFFDD4E90D65A996F81A561647BAA844A8806BFC088D241760DFB1EE453A0D158C7C49FCBE7C68B634738DDDD16FABFECC581A714C3DDEBA1C889297F0A00D8
Malicious:	false
Reputation:	unknown
Preview:	P.8.c.5.L.3.T.c.3.A.m.C./.S.W.l.q.s.y.Q.K.q.P.H.+.m.f.j.0.+.t.K.x.2.q.M.9.i.H.s.t.r.d.+.u.5.w.X.p.X.Q.r.z.r.2.c.j.G.j.9.N.5.s.w.o.9.6.E.w.G.A.k.S.W.R.W.5.X.7.Y.5.e.1.0.F.m.d.n.2.Y.e.3.7.o.u.+.1.f.u.g.G.X.b.6.t.d.F.n.H.O.w.D.P.D.S.i.E.R.0.U./.x.T.j.s.z.l.O.E.E.Z.K.7.k.H.Q.V.4.3.B.a.p.k.Z.5.b.c.w.z.P.t.z.Z.+.3.8.C.0.O.c.X.b.k.D.C.W.9.v./.0.3.W.J.G.6.f.y.e.2.6.T.v.j.W.E.3.h.2.l.s.T.P.i.e.T.I.K./.G.R.+.E.u.L.t.N.U.i.d.n.u.d.5.d.n.E.Q.U.U.m.D.1.n.M.y.U.T.r.2.o.r.K.m.y.0.k.n.8.C.f.L.I.w.a.c.l.s.D.F.N.4.p.m.a.2.V.W.E.5.r.A.U.9.M.O.x.M.V.O.n.M.2.P.5.O.j.+.X.R.j.s.x.l.j.y.l.c.X.k.m.s.x.Y.f.A.r.4.d.k.6.p.E.z.P.S.1.I.R.H.W.Z.D.h.v.Q.3.Y.h.d.F.

C:\ProgramData\Driver Support\Driver Support\RuleEngine\GlobalEnvironmentEvents.dat

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	data
Category:	dropped
Size (bytes):	4992
Entropy (8bit):	3.9925365492565335
Encrypted:	false
SSDEEP:	96:c4wvBclfJd35sQMQAGVRBbZdRrSo/isVDxcYBpT+8MjdHgr1LvfCIqs7PJucxyv:c4wwBFM4VRBbF+o/isvBBtkjqZL3C6YH
MD5:	3A6E3F83FC451E164BE0618A841584E9
SHA1:	407F28E2A52D3ED604F0725ADB28A453132BFDDB
SHA-256:	6857EEF3F08F12795292C48DBB8FD9A9AF85F4BC3BB9521A63D72DAC95C4A55A
SHA-512:	23073C4A09759A3D4FC10042BC5D3D3ADE253B13016D4F33F5A7669151CD09FF7377D350B60C873410516CF1583B381F5A3C0B3ABB0A51DF33A1201D84317EBA
Malicious:	false
Reputation:	unknown
Preview:	t.M.7.K.s.v.p.n.t.M.c.k.U.d.3.1.B./.D.M.H.4.u.g.X.6.7.4.K.D.N.O.6.I.B.n.7.1.k.7.j.Z.D.C.k.1.M.m.D.W.m.t.F.m.7.r.I.N.I.O.B.L.k.4.F.l.W.S.r.h.n.M.S.2.g.+.k.f.0.2.Q.F.t.D.y.Q.0.X.6.d.q.B.j.g.V.9.6.T.R.8.W.n.H.0.Z.8.l.Q./.e.7.d.u.A.q.u.u.F.e.p.q.y.z.k.3.b.K.t.V.z.U.j.4.v.w.L.y.3.c.J.7.H.q.E.W.O.r.+.L.M.8.+.R.T.z.f.0.X.h.Y.i.x.W.u.m.7.G.x.F.e.F.M.y.r.p.7.2.s.B.e.G.L.t.z.e.m.X.s.w.E.U.x.2.1.u.u.u.J.A.M.A.G.n.9.u.5.5.1.L.j.d.Q.5.o.i.e.C.6.y.O.u.E.y.d.F.R.l.M.9.Q.G.k.T.a.3.O.3.q.6.F.u.1.d.P.p.C.6.Z.Q.g.h.L.4.3.s.r.T.p.q.b.C.l.V.n.8.H.S.i.+.6.w.F.9.Q.z.S.h.Z.m.G.f.+.b.M.1.8.w.w.S.V.5.w.B.K.c.J.p.i./.S./.N.e.i.R.I.Q.V.c.7.x.6.u.U.n.r.o.k.Z.6.5.B.j.M.+.g.R.x.N.L.A.P.q.G.P.6.N.m.R.5.t.k.6.S.W.6.J.9.9.3.P.I.+.c.2.E.i.4.9./.f.I.K.3.D.F.O.x.w.w.p.W.c.j.s.G.5.W.w.4.q.O.X.Q.g.d.c.s./.0.d.g.i.w.v.4.U.Q.q.W.I.f.a.k.n.e.Z.0.D.K.a.n.6.T.F.i.O.V.F.c.Z.X.e.H.W.0.J.t.X.i.j.R.H.W.l.1.Z.b.I.B.3.T.Z.h.s.T.c.x.S.E.I.v.J.e.j.j.1.2.Z.n.5.m.g.H.h.A.n.G.1.o.i.b.y.D.S.0.p.Z.S.L.k.b.V.e.E.W.9.X.D.i.q.N.T.Y.4.R.M.D.Z.W.

C:\ProgramData\Driver Support\Driver Support\RuleEngine\GlobalEnvironmentProperties.dat

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	data
Category:	dropped
Size (bytes):	728
Entropy (8bit):	3.9515973231554335
Encrypted:	false
SSDEEP:	12:hXlmmHuol1/GWrKBsTlBmYcxiXdIezKZLX1OsGSalViRj8rJ6FxpL8zdo4lQTM:BlmmL/ll8YcxiXmezQLXgsGSIyFxpL8j
MD5:	3FEE8682B7CB9BD4E1C21D75CF293EB3
SHA1:	0C7BAFA217526F921167A0234BC881EC95A0AD25
SHA-256:	E5CE35A19BCA7D4DAC469F0280CE2C2FBB5FF3B3C4DCCCA9AF043ABB44EBDC47
SHA-512:	8C08417D80E6809E34CC378E4BB035F24A264BA9572A3B9EA92C05A9AD09AE52CA497FCA9C38AFFDD75300A50AAABAF8CB56A5706620FBBECE0859B9AE5170AF
Malicious:	false
Reputation:	unknown
Preview:	q.U.v.r.s.s.T.I.F.6.Q.8.F.E.L.b.9.a.z.6.i.f.1.+.Q.W.L.X./.p./.Z.a./.9.K.V.G.E.m.N.1.b.i.C.G.+.n.F.5.H.c.Y.f./.5.y.q.h.R.H.I.8.e.M.l.L.F.N.m.I.S.q.W.d.T.a.V.t.Q.U.F.O.6.+.o.6.g.h.4.7.e.O.F.8.I.D.Z.m.M.5.E.g.Q.+.v.H.s.d.l.9.8.M.v.e.S.a.y.E.r.V.D.a.E.6.4.f.j.U.7.4.M.C.T.g.y.o.b.0.O.W.s.6.b.X.Z.5.0.5.A.V.+.+.Q.6.x.t.B.3.M.t.i.M.7.I.6.t.1.g.x.h.n.O.D.L.q.D.A.F.g.P.b.M.m.V.Q.r.u.r.s.F.T.X.i.j.X.Z.u.H.h.q.A.i.P.D.c.F.g.K.k.W.O.B.k.9.P.X.n.1.x.2.V.S.r.H.i.U.w.6./.o.f.+.L.N.c.x.7.u.T.f.D.Q.X.p.+.J.s.0.h.j.g.p.B.U.3.I.f.l.2.o.D.+.4.D.D.A.H.8.u.u.z.E.k.B.P.V.r.p.k./.n.t.m.q.r.8.N.R.Z.7.U.E.s.M.Y.V.6.b.u.P.J.G.f.9.Y.W.q.s.m.d.e.q.5.C.0.c.W.Q./.8.W.J.K.e.B.y.Y.h.a.F.K.1.t.I.J.0.+.o.I.H.c.S.C.J.k.7.K.U.j.U.H.6.v.D.8.s.a.Y.P.6.1.k.=.

C:\ProgramData\Driver Support\Driver Support\RuleEngine\GlobalRules.dat

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	data
Category:	dropped
Size (bytes):	409600
Entropy (8bit):	3.9998863794788577
Encrypted:	false
SSDEEP:	6144:nNCpulbWueB0tI/4hKE9hLt30bRu6FPp+FhOKegrxNDRrIGJA:1VeBUxKmhLt3QRu6FPpCYKzzRrIGJA
MD5:	404EBD2242A2FC7D1025F968B02F0F16
SHA1:	EE241DE830ADBD70ED5CC4809C437A2D47974827
SHA-256:	E15179CF82765C74B7FF9A826ECAF6110C316C74442F50FF36BF469DBF4AAB1F
SHA-512:	1BAC46471AA09AF13C5C5D0FC1CEE84C81C723E7360B6E1DAF164EE3D9490B40A1465AFAE9175AAD2D5D80BC5199B9C0CC66906FC387FD8B7865E2A49F7525A2
Malicious:	false
Reputation:	unknown
Preview:	l.K.H.J.L.i.s.3.n.x.h.L./.B.3.y.n.r.h.S.h.O.n.5.6.1.p.o.q.x.W.C.4.4.y.t.0.0.b.O.H.2.G.b.H.6.T.Q.M.g.M.W.7.X.6.S.M.f.G.v.3.N.s.r.i.8.U.e.b.M.D.P.5.g.7.J.k./.2.a.6.w.x.z.3.o.w.R.+.6.c.U.8.n.6.c.d.X.p.y.2./.G.P.Y.a.R.X.U.9.z.m.k.v.s.G.m.R.t.D.S.A.M.b.J.l.D./.J.d.p.p.n.I.v.w.A.R.k.7.M./.M.E.E.5.d.2.Z.X.C.B.D.t.g.m.N.m.s.B.V.b.G.J.N.d.6.A.R.6.F.F.4.k.3.Z.P.S.6.5.j.+.m.R.P.k.9.G.S.N.b.K.N.B.D.W.l.Z.M.L.a.W.e.X.Z.g.Y.C.n.R.t.+.r.F.I.6.s.d.v.I.o.+.K.+.M.2.L.b.T.o.V.K.D.M.7.G.y.j.4.q.o.f.e.8.S.e.S.8.5.j./.m.i.p.m.2.p.Z.W.H.2.H.V.q.D.Z.y.k.y.3.o.G.6.O.O.k.Y.q.0.W.D.p.+.Z.S.Y.Q.b.e.7.1.B.j.O.J.l.I.8.V.H.o.s.D.f.S.x.k.z.F.0.x.e.c.g.s.V.z.t.S.Q.R.p.c.9.D.p.h.r.V.j.m.B.H.Y.E.k.P.X.K.A.A.O.T.l.N.v.O.I.d.M.h.q.O.z.E.5.4.u.n.R.g.e.g.e.x.e.s./.g.E.e.g.f.v.z.a.I.K.z.F.x.E.V.S.N.3.0.d.H.k.S.A.N.Y.y.Q.2.2.I.6.Y.n.O.j.u.v.2.A./.g.k.p.e.O.K.N.p.T.+.P.A.S.U.g.v.9.L.U.r.J.1./.4.C.o.j.k.T.6.+.I.O.R.K.8.r.a.C.1.o.D.g.C.a.b.X./.I.J.s.a.C.u.8.q.A.d.k.v.5.+.B.M.N.f.F.V.G.2.D.f.4.V.F.0.D.3.b.U.z.3./.2.u.s.w.j.z.B.k.

C:\ProgramData\Driver Support\Driver Support\RuleEngine\RuleHistoryController.dat

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (492), with no line terminators
Category:	dropped
Size (bytes):	986
Entropy (8bit):	3.970814549389925
Encrypted:	false
SSDEEP:	24:QYlgJ+tnQY3K5KfIl8t26XlGw7FhxQvsahj59JUnM:wJ+FQYaU77XMw362nM
MD5:	DE1500CF977FEFE1F39F2D1241CBF5D4
SHA1:	F29935E110AB936F547931D7C2859CDA72E5E47C
SHA-256:	52515EB2E1E8E767D7ADEF79AD2DEA7533E626B17193535B385E3795449B8C3E
SHA-512:	05164872FFB14E56CA458188B3D7E42D39553A9C898FB4F05B39C244D65F2E0FDA03DCD827F4A6BB8B71F64FE30A0CE3E9D35DF1D16DBB522E3E4B8DE8CE950D
Malicious:	false
Reputation:	unknown
Preview:	..+.W.U.W.3.Q.A.M.i.m.N.l.Q.L.2.I.7.h.w.Q.q.X.q.s.E.k./.N.2.T.L.I.o.R.f.g.x.w.P.U.G.M.w.b.2.P.I.r.8./.K.5.b.N.i.u.r./.I.P.c.l.W.c.b.q.K.K.g.I.2.x.f.z.N.8.V.m.F.9.L.9.Q.J.0.c.H.r.U.4.5.i.G.N.G.W.0.e./.Z.Z.U.a.E.L.8.o.4.a.s.R.E.U.d.J.r.e.I.A.M.4.x.f.k.2.T.8.D.0.g.s.Y.E.E.q.L.i.Z./.q.c.g.0.m.8.D.V.p.5.l.v.T.K.v.9.B.7.L.5.T.M.M.O.Z.3.Q.e.p.U.K.4.f.9.U.x.I.p.r.M.3.7.E.O.2.9.v.U.S.l.s.M.L.1.R.w.w.W.r.W.q.L.z.P.F.1.j.Y.1.S.M.B.a.q.I.6.q.n.0.Z.d.i.m.d.U.5.8.f.1.Q.t.C.Q.2.p.x.T.q.l.m.R.b.M.E.p.Q.0.d.r.y.+.c.0.H.9.R.w.x.Q.G.L.Q.e.v.l.p.f.a.d.t.e.1.I.U.w.M.F.d.t.5.3.8.i.R.9.P.9.f.S.b.1.r.O.3.d.9.1.t.w.U.E.o.y.x.L.O.3.f.i.L.9.r.F.O.O.2.1.Z.y.Q.j.5.x.l.d.z.0.f.t.n.j.w.B.R.m.B.S.j.P.L.Y.E.z.t.X.U.3.u.b.J.V.a.g.y.+.H.H.P.X.x.n.M.Y.h.O.s.e.v.z.j.q.O.c.l.n.X.s.I.i.5.m.N.C.d.d.x.W.a.y.D.N.5.l.R.e.f.e.z.1.l.v.0.v.+./.C.p.B.k.x.k.o.W.8.D.6.5.g.a.a.9.F.Y.V.K.+.w.+.t.K.W.z.v.Y.u.1.Z.n.0.d.g.1.S.z.V.+.U.w.C.5.A.E.3.h.W.O.5.C.o.6.t.C.P.l.h.l.1.Q.V.f.C.5.n.c.T.p.U.F.J.n.9.E.i.V.K.9.j.J.a.y.+.4.=.

C:\ProgramData\Driver Support\Driver Support\UXState.dat

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (1004), with no line terminators
Category:	dropped
Size (bytes):	2010
Entropy (8bit):	3.987803873102376
Encrypted:	false
SSDEEP:	48:bxwiXkqdSMAXkLyq5kDdlaTSRJZhJclFnbgjTTaeFKsni1DYd2i50:aIBvLZ5kZlmSvZPURV5Yd2i50
MD5:	80677F4764F8C5A56DD45E4A65894AD2
SHA1:	8C9E5FB4CC4F299EFBED904FD970BC481EDD60A9
SHA-256:	C5747C4CD8E071777C701F9D7F2B02BEC918DC35B8FA5B57A94B897CE848EB2C
SHA-512:	49FCBF77714F0D30536D28DEE3AE9732371B65C27EBF687205369F449BB0F921547402970A397F88945277C7DAAB2854D491E522496B177D5BED8A1D26F18021
Malicious:	false
Reputation:	unknown
Preview:	..k.8.u.f.x.7.5.M.u.D.X.f.o.U.P.i.6.U.0.L.8.b.o.9.c.Y.W.W.Z.A.Q.v.r.h.I.7.L.C.f.Q.T.b.l.p.x./.F.L././.Y.Z.b.3.x.K.z.I.G.F.r.i.e.5.Y.R.H.8.s.g.8.E.e.9.g.l.w.W.p.U.I.g.r.Z.c.9.u.m.H.Y.N.a.G.W.t.f.E.n.G.j.b.b.F.O.U.k.e.X.X.4.G.z.P.6.8.l.C.P.E.i.y.Z.9.x.s.n.E./.E.s.s.7.2.q.4.3.6.t.N.X.Y.x.T.x.g.o.E.p.a.p.0.Y.4.9.q.W.Z.B.t.0.U.h.u.9.z.O./.N.7.W.M.z.H.I.b.l.K.1.7.q.w.r.7.e.g.D.F.M.v.f.W.i.w.S.L.5.X.R.F.H.3.9.F.E.b.f.y.q.j.c.m.g.x.N.H.r.u.h.w.D.f.O.J.W.A./.H.D.I.p.O.Q.G.c.B.B.+.u.v.X.D.l.f.l.5.a.D.G.i.E.h.K.P.Z.S.H.D.j.+.9.c.o.2.w.a.B.E.P.f.T.K.y.y.1.P.T.m.3.i.G.f.Z.5.F.B.c.9.E.y.7.I.q.6.U.r.M.M.M./.0.B.s.U.N.N.W.q.f.o.o.H.G.t.x.H.n.P.F.D.g.V.c.K.s.q.o.l.t.1.U.F.e.f.l.2.R.K.4.X.G.v.Q.I.Q.Q.Y.9.e.e.X.1.P.i.a.t.5.T.R.e.h.c.M.3.S.o.7.x.p.x.Z.7.3.B.U.U.t.j.g.O.y.H.A.v.s.i.V.L.W.D.B.g.O.i.V.t.0.D.k.s.j.R.0.O.c.E.D.V.M.d.R.Z.U.1.H.q.q.d.V.T.I.b.C.P.X.C.2.W.k.e.q.J.e.K.f.L.t.9.s.N.v.9.f.M.8.O.H.p.t.Q.N.D.N./.b.Y.m.C.q.W.I.5.t.8.W.p.U.0.V.l.V.X.W.3.b.K.D.5.D.a.z.H.i.R.I.V.P.S.6.3.2.E.g.D.F.Q.u.l.m.5.

C:\ProgramData\Driver Support\Driver Support\WL.dat

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (4032), with no line terminators
Category:	dropped
Size (bytes):	8066
Entropy (8bit):	3.995150000791677
Encrypted:	false
SSDEEP:	192:k1g20j90ZiZS8XWDxm4D3HDyq8rl3qCEHPVt/kv1:2gP0oYmKxPHlJxHP+1
MD5:	7D848A94510EB077B598BDAA2CED00FB
SHA1:	89C9EDDD8DB2511026A58BD6105799D873D53AAB
SHA-256:	AC527FBDCDCD51ADD3919E1141ECCA55868347F8F385C11DBF3813B2124B0351
SHA-512:	0F5A8F72271E68AA04382E6D8B9412C191ADC2373487786619C297F138A4FCAC31D7F5F2EDB128AD77B8210C9B93950689D5D0E3EBAC2D07707B6A7FA14B1260
Malicious:	false
Reputation:	unknown
Preview:	..f.N.Q.T.x.2.i.g.j.i.h.C.Z.G.8.W.O.O.8.E.j.v.6.0.U.5.F.2.9.A.M.c.M.L.g.h.+.s.X.g.D.1.d.z.b.7.L.4.u.g.i.M.2.L.o.m.Q.M.R.5.z.c.J.u.p.4.A.h.L.A.m.L.z.A.z.m.y.R.X.Y.8.E.I.S.7.t.A.4.L.J.D.1.M.S.2.I.Z.u.u.z./.R.e.Y.w.N.y.h.G.l.d.D.p.E.W.Z.7.5.0./.J.M.p.+.u.N.R.9.n.n.E.u.q.L.u.l.B.t.z./.+.z.x.7.+.W.E.J.x.M.I.c.3.8.c.q.z.1.N.Y.x.O.j.X.N.y./.y.d.v.B.g.M.K.h.D.9.x.j.F.2.+./.h.V.4.W.k.z.4.F.Q.u.u.a.r.9.t.D.j.E.J././.I.J.U.Z.6.z.o.G.Y.+.J.b.H.F.2.T.J.1.R.o.m.W.S.m.g.R.E.X.M.i.e.a.o.1.V.7.w.t.f.B.M.O.o.7.2.z.z.8.V.9.z.Z.s.G.K.1.R.r./.1.A.s.Q.W.f.M.5.u.t.U.c.q.i.z.z.L.7.6.0.Q.o.a.U.B.J.I.9.r.a.P.E.4.4.1.H.J.8.G.z.t.t.2.9.4.q.G.M.U.t.A.J.6.k.z.C.f.s.I.M.z.r.1.9.V.Z.S.T.5.1.T.f.x.p.v.i./.C.W.i.Z.H.g.T.t.6.5.s.U.B.z.g.e.c.G.T.S.2.V.n.8.n.3.Z.N.X.V.m.k.c.M.k.P.e.F.D.C.4.d.H.M.3.q.I.Z.N.+.Y.h.9.H.T.N.w.w.u.M.i.z.i.F.D.m.i.g.j.J.7.x.I./.M.s.p.t.N.Y.S.g.3.z.9.l.m.c.M.c.V.Q.p.G.r.o.4.E./.y.X.n.F.l.u.7.y.8.h.T.u.o.J.+.R.w.9.t.t.4.n.Q.P.Z.Z.D.T.l.F.D.4.N.I.I.k.P.o.7.T.r.5.y.+.S.w.c.M.+.6.5.P.X.R.4.6.s.q.F.u.

C:\ProgramData\Driver Support\Driver Support\dd.lic

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	ASCII text, with CR line terminators
Category:	dropped
Size (bytes):	144
Entropy (8bit):	5.7638301270322145
Encrypted:	false
SSDEEP:	3:BTqQ6hA+JmviNLIBfOWKWmQ7vkdU5/Jdj3ntESQ3OoLKbALgA2YSOR:X6hTyilIVsG7vVF3ntESQ3HLOxt+
MD5:	0FBAC0BCF8CBF737A22CCF21A2BBE686
SHA1:	F30CFAD3EBE4DC0E4E8CE260843E33C5606591BC
SHA-256:	156C2C5927D3FF7C20222389B53184ECF954F9460DB76923A092433824A4EB67
SHA-512:	B2A946455B3A934BD1F0FA633F85B68E7774ED3FC7C1304F959F3C92D317DC07ACF0FAC175323CD260B2FEA4C4EE42739AAB427CB003250D5879EB8E9B94460F
Malicious:	false
Reputation:	unknown
Preview:	.DO NOT MODIFY@yVZE5OU9DR9DDKV6F4CJG+GsShK+1n0dY+Abjz3LVwzeokC5h2Mm6FAx1/S2moZl@YsXmg0RcWtBRWQ1QaNr+/TNR+Mn/3yP84SPNHR/YKPTQMViTOiSOFrgBj7kXVdit

C:\ProgramData\Microsoft\Network\Downloader\edb.log

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	1.307354304863593
Encrypted:	false
SSDEEP:	3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrD:KooCEYhgYEL0In
MD5:	0A07A8B66FFAFB75C3E1FB0129A7453F
SHA1:	48D142C7B336CDB2DFA283DF14BB736133E7E1FB
SHA-256:	5EF7021889FDC834DAFBD559ACDC1B2EF4B0EB4540FB6AE77DEA47E432261CD4
SHA-512:	4E8E584175DB44DA6FA2301C4300D57529EEAEBE8BB89ADEA8BC7B758317BF3AEF3CDC43A7679592CD3855729905E88C8A800ABC181D233159E61D9B9E48524B
Malicious:	false
Reputation:	unknown
Preview:	z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0x34a6cba7, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.4221563667892176
Encrypted:	false
SSDEEP:	1536:5SB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:5aza/vMUM2Uvz7DO
MD5:	28F4BD42ACF17FBD0C796C23104552B2
SHA1:	D5D8EC6876D9FCC3E2C884331A854763AE9BF5B4
SHA-256:	BEDB40E65270A6D6E3989897A453D54FB75D0B4E2B97B8AB7E09D38299CA4D16
SHA-512:	38209B57CA4F5C62C1CF4B4FFDFE3DFA1B8A62560CFDFD902474004875B262F053B708FF7D842E5BDC6E9782DD5B8CAC464ABC2E7A1A0B40F8736E529E24F615
Malicious:	false
Reputation:	unknown
Preview:	4..... .......A.......X\...;...{......................0.!..........{A."0...\|c.h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{....................................Y"0...\|c....................."0...\|c..........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.07756695762668558
Encrypted:	false
SSDEEP:	3:yqOl8YewgvCjn13a/HB1LtZeAllcVO/lnlZMxZNQl:yqO6z5a53qh1LtZeAOewk
MD5:	17747D20EE24BB577FC9853C7037E9AA
SHA1:	7EAACFC50F9ED2B1EA5D2E1B633BF18AC29C520B
SHA-256:	F9855843BDC1B1B6237E6E90655E231D34030E0D29DE697DFC77EDBC28CC25E4
SHA-512:	6313515D043F89581B8411ADE182AD00D99ED64039264702D4AA624137D22C512EF77A53F10BD421820C9975DEBC79A28420D8E271B7E0C1A67BE42EE2E2539D
Malicious:	false
Reputation:	unknown
Preview:	.........................................;...{.."0...\|c......{A..............{A......{A..........{A]...................."0...\|c.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\DriverSupport.exe.log

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	643
Entropy (8bit):	5.243985443960929
Encrypted:	false
SSDEEP:	12:Q3LaJVV+0OA6gXxAN0kZs1B01ku9EZv4hk70zaj3Uiv:MLUsAXxAVuROa7
MD5:	C8DD07263DE4435B623FA8F4850429BA
SHA1:	7D70B841331C7DA9FD87D790D5FC166513D79A3F
SHA-256:	2336363C606E0B65426A80AB9DA4399D60725D39971DEFEAF5E2FA8BE3297DDC
SHA-512:	451FBC2F77EEC80181EEF08576C9B54D45A32A7AAB275D2F021D86D32417A980BD89F0E837A6D2B6F8A0323766F7F44B229B723757F53E61E95D0FF15C35E0D5
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_64\System\60bcd4094a2a6aa9ef85662f2bad1392\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\bf877f0efe58ad315a050bf23b0e0b85\System.Runtime.Remoting.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\4bbfa2b2d090d47bd2f1e96192ff5526\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\cb818943a42d691b19f93868cb8bd2f5\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\51eba73acef6415c0bc79a3a79838d51\System.Xml.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Agent.CPU.exe.log

Download File

Process:	C:\Program Files (x86)\Driver Support\Agent.CPU.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	12:Q3LaJU2C9XAn10U29xtUz1B0U2uk71K6xhk70U2+Eb5i0U26K9tHHK9yiv:MLF2CpI329Iz52VM2+b26KTnKoM
MD5:	DF75B82900BDF137DAD4BFA4CB514DE2
SHA1:	38C68E58F7CE81A6EC543427B8C87731820B46D2
SHA-256:	9B854D5F0EF7AFA31FF30CFAD7F3060B72488C7CB755761DE588D6ADEE3BABF0
SHA-512:	035FFAFA3E7886858AB8AB83C800A31EDD480FF2B0EBB813C79E020441E71605ADA6B8E53E226045E9E226894CC37FB196C0D2A19BD03E54549E1C2E5FB3AE5E
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\74774597e319a738b792e6a6c06d3559\System.Xml.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\53992d421e2c7ecf6609c62b3510a6f0\System.Configuration.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.7307872139132228
Encrypted:	false
SSDEEP:	3:Nlllul:NllU
MD5:	6DA15BE18F0DF00B9DC2DC6B72B103F2
SHA1:	4ADB8B407D51A20952CB8E4EC0349D742862B568
SHA-256:	19704E2940D1D9E46CF80F36AAB157098B0A8C61865C087167F9AFA9A9F70352
SHA-512:	5BF5FF5A02FA55C13D6DD266361F8DD2747DD657ABF21032E7DD3E9C28D65A3E9CB88F5AE7E6F2029E9FC37D5EA90C020F6423092C84DE41A2AD7E0DCBC72EB4
Malicious:	false
Reputation:	unknown
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\10.1.6.14\-r-4705c.newcfg

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	XML 1.0 document, ASCII text, with very long lines (1252), with CRLF line terminators
Category:	dropped
Size (bytes):	3846
Entropy (8bit):	5.0375176490721305
Encrypted:	false
SSDEEP:	96:urTIsynGnTAnDnynTI9qRT+OcMxZVzccEXIaKhGqvm:urTc9qRT+OcMNcnV
MD5:	304F4D8C7C6E80DC21FE596BD37B6585
SHA1:	C59BC8E3FA7A3DAF85C8A21BE68BAFAEAC1967A2
SHA-256:	AB7975D6357D6AE561274B53FD856847C6928C4884C4BFE2BEE2C340D983A0F7
SHA-512:	E53656DCC2F1F643E4682B9E21F7B5C8567E81EF766C5F764FE295A307C2392ED3B10F4E65E68F3DF5D3EB2F5F24916D813A399B9B12D9957C3324F47ED813AD
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="DriversHQ.DriverDetective.Client.UserSettings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <DriversHQ.DriverDetective.Client.UserSettings>.. <setting name="IsUpgraded" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeSystemDevices" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeUnPlugged" serializeAs="String">.. <value>False</value>.

C:\Users\user\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\10.1.6.14\1xqjvfvr.newcfg

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	XML 1.0 document, ASCII text, with very long lines (1252), with CRLF line terminators
Category:	dropped
Size (bytes):	3701
Entropy (8bit):	5.052096298251942
Encrypted:	false
SSDEEP:	96:urTIsynGnTAnDnynTI9qRT+OcMxZVzccEXaaKhGqm:urTc9qRT+OcMNcnJ
MD5:	67241AE2E8FFC4A1AB19A56DE7DCE1DD
SHA1:	EDD9D5C471BDCE7EAB9ADD881EA7A7599D4D5B28
SHA-256:	2D021E507FCA04DD7847061A69181BB2BBE754B13528C1F368BFACAD5F55C990
SHA-512:	437F3DE2C08B0126E1115EF0EB97D83B3037C6CCCB3AE69F2296B05D3F4E9241ABABC1385232CA6CE0FF319DE613ADBC593C4EEE6B7555C6E7D4D2079FF35FBA
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="DriversHQ.DriverDetective.Client.UserSettings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <DriversHQ.DriverDetective.Client.UserSettings>.. <setting name="IsUpgraded" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeSystemDevices" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeUnPlugged" serializeAs="String">.. <value>False</value>.

C:\Users\user\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\10.1.6.14\4ylabype.newcfg

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	XML 1.0 document, ASCII text, with very long lines (1252), with CRLF line terminators
Category:	modified
Size (bytes):	4373
Entropy (8bit):	4.956979038256001
Encrypted:	false
SSDEEP:	96:urTIsynGnTAnDnynTI9qRT+OcMxZVzccEXIaiGqvCBnFAnUAnm:urTc9qRT+OcMNcnT
MD5:	DCC2AE7A345C23E684B736171627A629
SHA1:	21B2473282237F1A744F949D8EE6AA2A5775ED61
SHA-256:	B77FA5AE244905CEEE728CAF1B57A2060DC54FD66A9118EEF0838610128FFC6B
SHA-512:	F6B8BF1353D0DB913D3EEB4AB55D2116E745C007F4AF06D602C96E61DC68D0B80492C142D972F9428687E0E887C94E7F49276298B24249D6D6C2E897CC4D5E4B
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="DriversHQ.DriverDetective.Client.UserSettings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <DriversHQ.DriverDetective.Client.UserSettings>.. <setting name="IsUpgraded" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeSystemDevices" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeUnPlugged" serializeAs="String">.. <value>False</value>.

C:\Users\user\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\10.1.6.14\8x_bxouj.newcfg

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	XML 1.0 document, ASCII text, with very long lines (1252), with CRLF line terminators
Category:	dropped
Size (bytes):	3977
Entropy (8bit):	5.016627162474013
Encrypted:	false
SSDEEP:	96:urTIsynGnTAnDnynTI9qRT+OcMxZVzccEXIaiGqvCm:urTc9qRT+OcMNcni
MD5:	A7FA3AE29D1FFEECF07C785EADCCC298
SHA1:	2D23C3CE342CA42AC7F5AA7FD6F5C8960E751F4C
SHA-256:	7CDE37C2DB2ACEFC2EA1D12F2ECD8E9FA6DF3CEF366BE4C6A0960E8EF861D7F8
SHA-512:	E44D9027D8A5E48FF6AF3C665BB57796D16EB49C1DF3688C703BF3B9F87E353953A3AFB68A83A00024A22F1E1F810CC3FC54BF9B509988CF231AE05B42B10324
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="DriversHQ.DriverDetective.Client.UserSettings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <DriversHQ.DriverDetective.Client.UserSettings>.. <setting name="IsUpgraded" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeSystemDevices" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeUnPlugged" serializeAs="String">.. <value>False</value>.

C:\Users\user\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\10.1.6.14\bsc97hn4.newcfg

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	XML 1.0 document, ASCII text, with very long lines (1252), with CRLF line terminators
Category:	dropped
Size (bytes):	2880
Entropy (8bit):	5.202653442049534
Encrypted:	false
SSDEEP:	48:crrNKV+NqZ2LGnnGnCEAnsGnLGn2X4I65kZ8eOscxfMETtcOcML17CadVgeccoh:urTIsynGnTAnDnynTI9qRT+OcMxZVzcR
MD5:	8194B3CAC7CA1FF24B085D48306E586B
SHA1:	DC501A4E2202810F8B4783D4494FFA7CA4A9E12C
SHA-256:	D6F757ADD6FF6052F04D4C1C8A79B6FBBCB30D886AFBCF622447AF9F14ECAE8F
SHA-512:	9493590DF5D76596E48A688CE852ADCB484CF4FFAD0C9E5B6AD063DDBC45C9E7EB4977A69A7A25AB344D96EC8CBBA2BFE664F7464384B47315DDD267FC19F577
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="DriversHQ.DriverDetective.Client.UserSettings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <DriversHQ.DriverDetective.Client.UserSettings>.. <setting name="IsUpgraded" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeSystemDevices" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeUnPlugged" serializeAs="String">.. <value>False</value>.

C:\Users\user\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\10.1.6.14\ewrousfv.newcfg

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	XML 1.0 document, ASCII text, with very long lines (1252), with CRLF line terminators
Category:	dropped
Size (bytes):	3977
Entropy (8bit):	5.016857933244525
Encrypted:	false
SSDEEP:	96:urTIsynGnTAnDnynTI9qRT+OcMxZVzccEXIaKhGqvCm:urTc9qRT+OcMNcn+
MD5:	7BD6C651F6EF9D4FE569C0DBF2C50E03
SHA1:	BD9FCDD52E8CA25BDE57E486B732571E5DFF817F
SHA-256:	521183D022EDADA21E3F016199636D345C8F4074AD089B83E8BA3ED3171D6004
SHA-512:	792938CB0AB3364AD29E1562FF7980EAB62AF8E7E719F13ED594E79B19A7D6B1C61830D43F896BD14C4D6AD86F1008033210E13EDA2B11649D1ECA2DB16B12A6
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="DriversHQ.DriverDetective.Client.UserSettings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <DriversHQ.DriverDetective.Client.UserSettings>.. <setting name="IsUpgraded" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeSystemDevices" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeUnPlugged" serializeAs="String">.. <value>False</value>.

C:\Users\user\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\10.1.6.14\fx8fb8by.newcfg

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	XML 1.0 document, ASCII text, with very long lines (1252), with CRLF line terminators
Category:	dropped
Size (bytes):	3194
Entropy (8bit):	5.159619661572309
Encrypted:	false
SSDEEP:	96:urTIsynGnTAnDnynTI9qRT+OcMxZVzccEXam:urTc9qRT+OcMNcnT
MD5:	113DEA88A9485F408AB27C82CAEA07BE
SHA1:	BA1C852EFB1401C2D4E4141608AC5E2D20A7FEDF
SHA-256:	2E2780D521577BC169459ECFCC0D1B53E4A8F6C69B81EBDB54A07B5A7930ED75
SHA-512:	F94A470446906F31AB7E069F3B499E3FB9BA736E1009EB8E5BCF5BF3B3A812DA56A2336AFEB4B438CF2E96D8153935CED0DB93E71DCAF1086B52207CE257E716
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="DriversHQ.DriverDetective.Client.UserSettings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <DriversHQ.DriverDetective.Client.UserSettings>.. <setting name="IsUpgraded" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeSystemDevices" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeUnPlugged" serializeAs="String">.. <value>False</value>.

C:\Users\user\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\10.1.6.14\h03piua4.newcfg

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	XML 1.0 document, ASCII text, with very long lines (1252), with CRLF line terminators
Category:	dropped
Size (bytes):	3850
Entropy (8bit):	5.038080258317051
Encrypted:	false
SSDEEP:	96:urTIsynGnTAnDnynTI9qRT+OcMxZVzccEXaaKhGqvm:urTc9qRT+OcMNcn/
MD5:	5BAC77C1D4950261DA0AE1E16984D869
SHA1:	B5299411044551275B92E3627F5CD5A2D2580F12
SHA-256:	6AE64B136E1C6D1259A08C45306A68B332BA3815AE7061BC6D63547B818BAB10
SHA-512:	8969564C35873FFB5B7CB95A831ECB74B06DA2448505FC7BB7C371CA75383732095CA4869CEAD0D5FEC3B1F0ACD5EE3BD413A030BE9A50BCEA657E669D1B4652
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="DriversHQ.DriverDetective.Client.UserSettings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <DriversHQ.DriverDetective.Client.UserSettings>.. <setting name="IsUpgraded" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeSystemDevices" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeUnPlugged" serializeAs="String">.. <value>False</value>.

C:\Users\user\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\10.1.6.14\ifzh4o1o.newcfg

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1381
Entropy (8bit):	4.706823052225262
Encrypted:	false
SSDEEP:	24:2dqIK0m449tP+K14Ev+Xa2LGnvvGnvaEKpnv0GnvTGnvwh:crrNKV+NqZ2LGnnGnCEAnsGnLGnoh
MD5:	11BE91A672A607CE42E7EAAE43D32D66
SHA1:	2941F92EA0EA8D634EFED8D834F002C0D995CB75
SHA-256:	5644056244C6271D136D99C0D3BC5251397531670F1E785F8C6A8AA924088DEE
SHA-512:	9B42A82DFC8E7B3F2E181A3F0C9EBE71F125AB8A38ACD1DCDF533BBE5A1A19C3B7ACCD98FCC3D9CE449226CE6120B11B051D3595046A570CE3EC0149AE50A938
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="DriversHQ.DriverDetective.Client.UserSettings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <DriversHQ.DriverDetective.Client.UserSettings>.. <setting name="IsUpgraded" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeSystemDevices" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeUnPlugged" serializeAs="String">.. <value>False</value>.

C:\Users\user\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\10.1.6.14\nauy8qi4.newcfg

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	XML 1.0 document, ASCII text, with very long lines (1252), with CRLF line terminators
Category:	dropped
Size (bytes):	4120
Entropy (8bit):	4.9965874750092665
Encrypted:	false
SSDEEP:	96:urTIsynGnTAnDnynTI9qRT+OcMxZVzccEXIaiGqvCBnm:urTc9qRT+OcMNcng
MD5:	2B274B2C039E0ADE9EBDBC8A80011467
SHA1:	64EEF4359B32F11F452EFF0A243D7E26DF038486
SHA-256:	843756ADEA4E4E6B56607D88F5453B3C7A1D3762D39A23A5B54CD8E2B4941D70
SHA-512:	A1A0714F510A9B71A8A29B8AB9DD7052863E1B7CA4ABC15AB68EB01D488C178A0440C97583091918CC3D8FF86720D7119B4C4C6FDC7A2124AE4050E2135D4FFD
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="DriversHQ.DriverDetective.Client.UserSettings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <DriversHQ.DriverDetective.Client.UserSettings>.. <setting name="IsUpgraded" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeSystemDevices" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeUnPlugged" serializeAs="String">.. <value>False</value>.

C:\Users\user\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\10.1.6.14\sodk-edi.newcfg

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1246
Entropy (8bit):	4.746507647705498
Encrypted:	false
SSDEEP:	24:2dqIK0m449tP+K14Ev+Xa2LGnvvGnvaEKpnv0Gnvwh:crrNKV+NqZ2LGnnGnCEAnsGnoh
MD5:	9B1C2B78F9A09FB360D1CAC02D3C7996
SHA1:	412BCC12025165D153CB8BDB6A665E8490C9BB6A
SHA-256:	7D0576F4F4E97B2F4C0180092BD96E351FFB98DDD617B7F545D7C01CED25BD06
SHA-512:	73EC56AAD5C2DCC79780AC9475201A17215672ED2311F2EF9E7E04E7CAB9A401BCA784F0BD262109155B8C472EB4030EF5F7AB425AD884A37EF34E18A36D8819
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="DriversHQ.DriverDetective.Client.UserSettings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <DriversHQ.DriverDetective.Client.UserSettings>.. <setting name="IsUpgraded" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeSystemDevices" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="IncludeUnPlugged" serializeAs="String">.. <value>False</value>.

C:\Users\user\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\10.1.6.14\user.config (copy)

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	857
Entropy (8bit):	4.929829522357489
Encrypted:	false
SSDEEP:	12:TMHdGGqt1s26K9BQve4MWiO69tPXTs26K9YG6e4MWivBRVcXHhuGnO7PXTOrLENe:2dqIK0m449tP+K14Ev+Xa2LGnvwh
MD5:	078362A691F1EDED719614D396559323
SHA1:	8DAE243C81B79BB8B3D8B7D4F1CAEE1C43F1452C
SHA-256:	BC0B8D1235510A89A376009472D19B1485F3BBE39BC39B2B89F99BA63CC67F3F
SHA-512:	DCB65BAFE4E4D06066E425125940D9F66B3A532EE2808244F63669BFF837FA774840487E4ACE6F2F827589C71AD6FAB99706EB798A31108B55F99FF542A12F70
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="DriversHQ.DriverDetective.Client.UserSettings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <DriversHQ.DriverDetective.Client.UserSettings>.. <setting name="IsUpgraded" serializeAs="String">.. <value>True</value>.. </setting>.. </DriversHQ.DriverDetective.Client.UserSettings>.. </userSettings>..</configuration>

C:\Users\user\AppData\Local\PC_Drivers_Headquarters\DriverSupport.exe_Url_jky4qfl0bb42zyjk05xwcsyp4qrtcets\10.1.6.14\zj-ty5fz.newcfg

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	857
Entropy (8bit):	4.929829522357489
Encrypted:	false
SSDEEP:	12:TMHdGGqt1s26K9BQve4MWiO69tPXTs26K9YG6e4MWivBRVcXHhuGnO7PXTOrLENe:2dqIK0m449tP+K14Ev+Xa2LGnvwh
MD5:	078362A691F1EDED719614D396559323
SHA1:	8DAE243C81B79BB8B3D8B7D4F1CAEE1C43F1452C
SHA-256:	BC0B8D1235510A89A376009472D19B1485F3BBE39BC39B2B89F99BA63CC67F3F
SHA-512:	DCB65BAFE4E4D06066E425125940D9F66B3A532EE2808244F63669BFF837FA774840487E4ACE6F2F827589C71AD6FAB99706EB798A31108B55F99FF542A12F70
Malicious:	false
Reputation:	unknown
Preview:	<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="DriversHQ.DriverDetective.Client.UserSettings" type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <DriversHQ.DriverDetective.Client.UserSettings>.. <setting name="IsUpgraded" serializeAs="String">.. <value>True</value>.. </setting>.. </DriversHQ.DriverDetective.Client.UserSettings>.. </userSettings>..</configuration>

C:\Users\user\AppData\Local\Temp\-nsuveg8.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5897
Entropy (8bit):	4.611427802242755
Encrypted:	false
SSDEEP:	48:F1/6/6FV5WBjlGV4jcBQ8szf0hYkrz8rrOyjuhoJXp3afqLYrYdbd8/X2dbepod2:Ff5Ejldw5Yk4zaMXpBceB8wqp485zc8r
MD5:	079B78F1CEE91D6853C006CAFB0AAFEF
SHA1:	C638FD66F64F0240820E8E0F76DC3C2AFFBF085A
SHA-256:	74C0CAC1F288EA1B6B8CCA38ED6942F59FFA188E2FF5911C0171A274899FF3D4
SHA-512:	987363A576A0436A81E9B003D5CDCDD5B5D3C91EC3E1EF7640EB9A4CC154D9E5A5EADA1E2A09055910C950E3B2434998E60C1F32FB2B48CC4F73E0C4279BD337
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterDeviceCollection : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_deviceClasses(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"deviceClasses", @"");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.DriverDetective.Common.DeviceCollection)o), @"deviceClasses", @"", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderDeviceCollection : System.Xml.Serialization.XmlSeri

C:\Users\user\AppData\Local\Temp\-nsuveg8.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (406), with no line terminators
Category:	dropped
Size (bytes):	409
Entropy (8bit):	5.564614711598149
Encrypted:	false
SSDEEP:	6:pAu+HmFpw+o3kLAwoT7R5BAn55wkn23feJUzxscHc9olm14sQPIwkn23fk:p3rz5YkNoT7fBAAf2+rHc9ow16Prfs
MD5:	ED63807D6AEBFCB0372453895902F6AB
SHA1:	9D5821759F209D81C0AF56776D351B0C12DD99A7
SHA-256:	C314104C08A68B1684C7D011A0F89B6FFD644BFFA3EB346DEA2E474AED272A78
SHA-512:	B510CFA7B6227BC014BF350589E7F30804905EBC6E9259835E911FF099C33DF40DB12F208AF539BDA54EB60296CDD53F64AA3C6288B81D0D08AA1E91EA55C2D0
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /out:"C:\Users\user\AppData\Local\Temp\-nsuveg8.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\-nsuveg8.0.cs"

C:\Users\user\AppData\Local\Temp\-nsuveg8.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (503), with CRLF line terminators
Category:	dropped
Size (bytes):	710
Entropy (8bit):	5.590883870727682
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rz5YkNoT7fBAAf2+rHc9ow16PrfZKai3SGzKIMBj6I5BFR5y:T+PxNzdX2kN8f+AfRW1crfZKai3SGzKS
MD5:	B5ED322454774C1928FB696F5F580279
SHA1:	AAAE42E6CBB3BEF8BD88FCB26D41D317C3EA7AC0
SHA-256:	35F3124719B707CC6E932AAE6B2F7FEE16C5A8A3602F1A93D64B4EFDE313D0BF
SHA-512:	B22418DDD9CF01138494EE2498024FC2F513523351CBA81775C9BAA38D7FE7D5FF33535FB2C8199D1D0106ABD086F3C1F734551830D20EEDAE9B6B5C9A6582F9
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /out:"C:\Users\user\AppData\Local\Temp\-nsuveg8.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\-nsuveg8.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\136audgz.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\Agent.CPU.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	192:FB0Tu0CKkfInVmnTTiwTgFOyBAg4+aR/tezXayqceB8tqp48Nzc8b:vHn+AvRgwceB8tqp48Nzc8b
MD5:	AFEB7AD8036928B251C2C73E597F7B9B
SHA1:	7020A274618B3E103DE5DB112DE81D770F3CC790
SHA-256:	1AA70498CB0576B8B1FDA0034A6793D9914AA3B0318F0D30BDEFF15C64FB4BC8
SHA-512:	D1451BDF33FB192D370C3E13DEAD970AC7E7431C8A4B1F2E4AC300C306A10ADB3BD5682B37F79EC3A00F4914011C9D4B7CF913A9438A557EAFB599167ACDE246
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterCPUID : System.Xml.Serialization.XmlSerializationWriter {.... public void Write6_cpuID(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"cpuID", @"");.. return;.. }.. TopLevelElement();.. Write5_CPUID(@"cpuID", @"", ((global::DriversHQ.DriverDetective.Common.CPUID)o), true, false);.. }.... void Write5_CPUID(string n, string ns, global::DriversHQ.DriverDetective.Common.CPUID o, bool isNullable, bool needType) {.. if ((object)o == null) {.. if (isNullable) WriteNullTagLiteral(n, ns);.. return;

C:\Users\user\AppData\Local\Temp\136audgz.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\Agent.CPU.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (458), with no line terminators
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	12:p3rknoT7fBA/fBAmLbz5DfaUrHc9ow16PrfY:Vgn8f+/f+KzZf9W1crfY
MD5:	8C78214294B24181065CC198C05ED6AE
SHA1:	1D447D7293CEC6D8BB122F0C7D7A21B19A168C8E
SHA-256:	FBB4E033E53DF582CC80E2E4B5136C0566C11E21ECF233091E5741733C08E963
SHA-512:	CD3E336D799C7C3CD1E7FF57320B0B5494A3A69ECE94E52DCD6775AC8F565C004B4CB081D23DC68BAD53FC8F88F5C0D43AA43650BEB6992F6A154B4B5A6CD920
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /out:"C:\Users\user\AppData\Local\Temp\136audgz.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\136audgz.0.cs"

C:\Users\user\AppData\Local\Temp\136audgz.out

Download File

Process:	C:\Program Files (x86)\Driver Support\Agent.CPU.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (553), with CRLF line terminators
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	12:vbBAF9xnzR3rknoT7fBA/fBAmLbz5DfaUrHc9ow16PrfNKai3SGzKIMBj6I5BFRI:T+Pxnzdgn8f+/f+KzZf9W1crfNKai3S8
MD5:	2BE950D9F4CD86136D771BADF20EF9B0
SHA1:	F02C6992AABBFE4AB7D60008FB850A1542C2F284
SHA-256:	5FACEAF16950835D14FB09C127A143571E4E1E41E8C65517866FF5BA4ED8555F
SHA-512:	84CAE59F12129363DEC19B548FE77019C2C1802972D35223A0E6804DF816C903277706FD2DE68638EECE78BDA16996E901527309CAF3FC3D3C3FC8BC3E664255
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /out:"C:\Users\user\AppData\Local\Temp\136audgz.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\136audgz.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\1cwryiam.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (425), with CRLF line terminators
Category:	dropped
Size (bytes):	5858
Entropy (8bit):	4.645688134132832
Encrypted:	false
SSDEEP:	96:Ff577CjVCag8yJQSZagXNzNceB8Mqp48Fzc8X:FBBjJQSZhXJNceB8Mqp48Fzc8X
MD5:	E7D11E9CE52DA41AA875DFB0C8016128
SHA1:	EAC9FB7340B9E99ACEBB15B7116E72A362686236
SHA-256:	334FF36EAD2A8B9515010F62DA62DF09C13C8E84D8F25B13E5AD4E931AF1DCFA
SHA-512:	79089A3D199CDEDEF523093FF3B2705C19E0787043160C5AD07FDD2261E70FBA5287E4D94AC49C6121140AAC3A3C4609ED9CEF6FB55EBE78A2DBEB2DF4CDA4CC
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterUXState : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_UXState(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"UXState", @"");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.DriverDetective.Client.UXState)o), @"UXState", @"", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderUXState : System.Xml.Serialization.XmlSerializationReader {.... public object Re

C:\Users\user\AppData\Local\Temp\1cwryiam.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (461), with no line terminators
Category:	dropped
Size (bytes):	464
Entropy (8bit):	5.536016187393308
Encrypted:	false
SSDEEP:	12:p3rz5YkNoT7fBABaSOfBAmL0fRrHc9ow16Prfc:VX2kN8f+BHOf+1fhW1crfc
MD5:	05034C60789ABCEE620A5D65101E5D3E
SHA1:	64A080054E69896CBDD5898F7FBC91D8BFF177F9
SHA-256:	9DBBA9C8463637326F2C58652B78CC94FEE3D47D2242EC7463835C192F22D1E5
SHA-512:	61BEC87E24C1B0B22FB523F8636D4A91FEF4108EF7684D773ECF8959BAD6A29FCEFE741CEBC7C66E5C9BC3D0E97D4CF6E80BFB8DECD527E2EB8C167BC3965279
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\1cwryiam.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\1cwryiam.0.cs"

C:\Users\user\AppData\Local\Temp\1cwryiam.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.223335087125732
Encrypted:	false
SSDEEP:	96:KEJRR023iy61xVz3i4SESrchamcmdaZx+krbj3KW:3Z0/u4IoAmEjHj6W
MD5:	DFD1F4F2965DF1EAEF7AD9DAC0CBC034
SHA1:	0F2F26CA57F4B728DE9B7F6264739C7B2BA5947A
SHA-256:	384840918CC2D86C20409FCB1F058C853476A976F69C8D5B26181EC197C6D893
SHA-512:	473B22F9AD9097135C6AC42FF0725BA23B81222EEAAD0A20B4F638BA6F77EEA28F3544E7F711AD98499FEF14931A211AFA1A535A501FB4D38C3916D16FD58A4D
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f...........!..................... ...@....@.. ....................................@.....................................O....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B........................H........"................................................................(.....-..r...pr...p(.....(......t....r...pr...p..(.......(.....0.............(....o....&.(....o.....3\.(....o.....{....3B.(....o.....{....3/......(.... 4...........(....t....(....t.....+..(....z..r...p(.........(....o....r...po....}......(....o....r...po....}......(.....s.....s......(....F.r...pr...po....6.t.....o....2.t....o......(.....s.....s....*....0..4........{....-%s......r%..pr...

C:\Users\user\AppData\Local\Temp\1cwryiam.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (558), with CRLF line terminators
Category:	modified
Size (bytes):	765
Entropy (8bit):	5.5653907793327715
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rz5YkNoT7fBABaSOfBAmL0fRrHc9ow16PrfJKai3SGzKIMBj6I5Bo:T+PxNzdX2kN8f+BHOf+1fhW1crfJKaiN
MD5:	E54903B384652073921393C3E8A634C5
SHA1:	CDC4417F3E0A656BF998187C8AE07564C8A1856D
SHA-256:	5DE5AE58CB7089387AD9B479B341312EBDE7648EAE125450563906140FF401F8
SHA-512:	25C5BD0AAFF02658B07BD66959E0379C2549F16E35FA8C151FDBFF2DF9B5D5860C29ED41D61CD67C8D324598D9BE09963821EFE7A83E9A869DF57311E05BDB33
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\1cwryiam.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\1cwryiam.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\2czp_euq.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	14973
Entropy (8bit):	4.369480732958655
Encrypted:	false
SSDEEP:	192:FB0Tu0CKkfInVmnTTiwTgFOyuKZLwLR/tezXayqceB8tqp48Nzc8b:vHnhyIRgwceB8tqp48Nzc8b
MD5:	7C604D6B7402F4C27209CFB12C71A2EF
SHA1:	C4022315C75F59031CBEF63FA38E2B985C3A976F
SHA-256:	3DD9D87D4318F427ADE1AC5F917114279AB5277B9371B4DF07C786E686BBF6B3
SHA-512:	D0CF2147A381303A9EA79E3258945F517EF095DB4D0ED794913878408BD262F5F93763001661090E9B66BA77FE89E40593E5536EF772910865E793099F0AAFCA
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterCPUID : System.Xml.Serialization.XmlSerializationWriter {.... public void Write6_cpuID(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"cpuID", @"");.. return;.. }.. TopLevelElement();.. Write5_CPUID(@"cpuID", @"", ((global::DriversHQ.DriverDetective.Common.CPUID)o), true, false);.. }.... void Write5_CPUID(string n, string ns, global::DriversHQ.DriverDetective.Common.CPUID o, bool isNullable, bool needType) {.. if ((object)o == null) {.. if (isNullable) WriteNullTagLiteral(n, ns);.. return;

C:\Users\user\AppData\Local\Temp\2czp_euq.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (460), with no line terminators
Category:	dropped
Size (bytes):	463
Entropy (8bit):	5.555400250245279
Encrypted:	false
SSDEEP:	12:p3rfBA/kNoT7z5YfBAmL0fvrHc9ow16Prfq:VL+/kN8z2f+1frW1crfq
MD5:	00901EB3C5CA694B5B7862FAD5DC20C4
SHA1:	921283D84FB70B9027F0673B84BA5683457F466F
SHA-256:	DEF400769705D37499CC6FE9C2CF1C0D23C7045BBA15690121BD6433B08265C2
SHA-512:	354D1E21D4806A0D214D3A5FAE52178BB58F405B6BA4C0DED17889A8F081429EA430E135A0D9F10D4F195FFC2DDE3FAA7C87566F55B43F824F9089FD24DA4602
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\2czp_euq.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\2czp_euq.0.cs"

C:\Users\user\AppData\Local\Temp\2czp_euq.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (557), with CRLF line terminators
Category:	dropped
Size (bytes):	764
Entropy (8bit):	5.585121267126004
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBA/kNoT7z5YfBAmL0fvrHc9ow16PrfjKai3SGzKIMBj6I5BFR5y:T+PxNzdL+/kN8z2f+1frW1crfjKai3S8
MD5:	CE467551BAD2E0E6940CC29431FD33C7
SHA1:	0C2D1893497DF8F6FDB9AB58855648A456431585
SHA-256:	B03E6CB1038B35607C630BD752FA6AEEA8B2E1395C5CEE8028F3739483FE25A3
SHA-512:	5E6604B21926912A6A19AB8549F1ADB7F863F44F6233B0A1BD92A03B560883AD9D71DDBA16836D4340F1B89DEEDB0B0D06C47A6325A63B3941F956BAC25DF8E0
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\2czp_euq.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\2czp_euq.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\2qmjnycu.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	379505
Entropy (8bit):	4.832864896522511
Encrypted:	false
SSDEEP:	1536:vdw4rgSs86evNVHfkt4URhAAgdhnZO4MEF8uW4eu:Rs8TvNV/k5RydZ8uW4eu
MD5:	7BDC78136D13FC088CBCDA3066931745
SHA1:	6B579B5DE1C144CB4F1B1E676A4565589EF4917A
SHA-256:	A2ED45FAA43DE6D764AEACC55E20B917DCDB101710299DF135AEA7A28DB3C6B4
SHA-512:	0CB953FF1E96CB29620A32A388BFD082EEDE930162F4072DF1625FD91CDA5BE2101E5475CE8F8217DE89427BED7399821E6C1E99718D61EC7DCCE1BC0BB3C155
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterDDMiscService : System.Xml.Serialization.XmlSerializationWriter {.... public void Write8_Item(object[] p) {.. WriteStartDocument();.. TopLevelElement();.. int pLength = p.Length;.. if (pLength > 0) {.. Write3_DefaultHeader(@"DefaultHeader", @"http://webservices.drivershq.com/2011/12/miscservice", ((global::DriversHQ.DriverDetective.Client.Communication.WSMisc201112.DefaultHeader)p[0]), false, false);.. }.. if (pLength > 1) {.. Write6_EncryptionHeader(@"EncryptionHeader", @"http://webservices.drivershq.com/2011/12/miscservice", ((global::DriversHQ.DriverDetective.

C:\Users\user\AppData\Local\Temp\2qmjnycu.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (681), with no line terminators
Category:	dropped
Size (bytes):	684
Entropy (8bit):	5.529827230876436
Encrypted:	false
SSDEEP:	12:p3rz5YkNoT7XL1862fBAqUNvwfHrHc9ow16PrfCn:VX2kN8bkf+qDfTW1crfC
MD5:	1C4A8E77CBD8CB4531D4E30567955DD2
SHA1:	B6236328A31EAB2C202BFF814779AB6BBBBC979B
SHA-256:	8960ED23FB35F7DA8B86A024855EA51A2EDD7FA8B4E9D866258291541DB0FF64
SHA-512:	7A1CFD9BEC3EB80E92FD97F0DA75D20F649127F4F9AD105CFB4CFA5A321ACAAE7DB176647CBF2B59B7D317CC7FD10A4CC6EA2181BC68D7164125CCCA9810FF55
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Communication.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /out:"C:\Users\user\AppData\Local\Temp\2qmjnycu.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\2qmjnycu.0.cs"

C:\Users\user\AppData\Local\Temp\2qmjnycu.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	159744
Entropy (8bit):	4.599754575876451
Encrypted:	false
SSDEEP:	3072:Om6ar6KRNpV5k2ITtT5x6CLPwmTdjhjnVXdNrPSusXD1N1cuwLTOo4unhb0IYceP:kb
MD5:	AAD089804D82A8047A47BBB745FA2585
SHA1:	A44E8527BFBA9B98E921CC4DC6E873CBC6C1E2EE
SHA-256:	9C6B709B776F3AA6AEC938D92FBE0988A02330CF3D5BF239EA9DAF88CE64792E
SHA-512:	D6114B4C0188B67C0B80C9D0DE901B54DD55E063C6556291B093F9CF097C98254A6143F6FE02727C5CCB3EC3D07FE38FB45A9091D58E9DA90678D7FA659EE06E
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f...........!.....@... .......^... ...`....@.. ....................................@.................................@^..K....`............................................................................... ............... ..H............text....>... ...@.................. ..`.rsrc........`.......P..............@..@.reloc...............`..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\2qmjnycu.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (778), with CRLF line terminators
Category:	modified
Size (bytes):	985
Entropy (8bit):	5.59785664021021
Encrypted:	false
SSDEEP:	24:T+PxNzdX2kN8bkf+qDfTW1crf7Kai3SGzKIMl6I5Dvy:Tcxb2kWbkfxD61q7Kb3xKxl6I5Da
MD5:	B59A80CFFBB2CB87AE7E360E87FACDB4
SHA1:	8E930B77F6189BDFCF6366DD65D3D0DDB2BF5DD5
SHA-256:	1A90FDD9E04DCE5FE11924DA86EA1E8437C69328503505DF2713A93694BB7B12
SHA-512:	E560CB3900D8FD7821664A2D167FFB8AF6796D70C66E3B29B40E57F4828913739E5EF45B0783879476A52BEC57DF79DC6E27A5C4C9E9B22BA968973BE8F5A07C
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Communication.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /out:"C:\Users\user\AppData\Local\Temp\2qmjnycu.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\2qmjnycu.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\2suroa-c.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	6110
Entropy (8bit):	4.708000508979275
Encrypted:	false
SSDEEP:	96:Ff59ljJj9yoxjG+oDIPcXnqJjaceB8S7qp48S9uzc8AR:FBaoBoDLXqJjaceB8Gqp48Rzc8a
MD5:	73EBE146D988938B444D5203B2E1D6F6
SHA1:	65C92EE382FB074C4FD1AB950D842A3CD8630299
SHA-256:	6C4A81B6BAB71A0428C343D6901FA2D1BD4C1FE4D93BC5602DC0FB98D0785B20
SHA-512:	D7A9A3DECF0E5E8F12CCCF2FC3A153AE264BC1393767008EBDCB279F43B3F358F744E274CFFEDC369ABA5B7CB10F4D08B1F75F63B358555E840CDEB2C5A55008
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterEnvironmentProperty : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_parameter(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"parameter", @"http://rtm.drivershq.types/2011/10");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.RuleEngine.Types.EnvironmentProperty)o), @"parameter", @"http://rtm.drivershq.types/2011/10", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationR

C:\Users\user\AppData\Local\Temp\2suroa-c.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (458), with no line terminators
Category:	dropped
Size (bytes):	461
Entropy (8bit):	5.536717918966223
Encrypted:	false
SSDEEP:	12:p3rfBATz5YkNoT7fBAmL0firHc9ow16Prfn:VL+Tz2kN8f+1fcW1crfn
MD5:	5CDDA135B08E7734020CC06619824155
SHA1:	436B2A110007F210BA96A21D2DB0C71F22224F79
SHA-256:	73793DD6395EA1E1F59946147308CC57FCE4D2B5E44880939C7CA65D917C3495
SHA-512:	DF3742483875485BD064F5FAEEAB3F438A5F935D0289A3CF09D6862EFF4EF70E249B2735E4315DAF12A9EDCB9F89CE1FB1B3DB12F8869EEA44737FB6BBC6BFDA
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\2suroa-c.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\2suroa-c.0.cs"

C:\Users\user\AppData\Local\Temp\2suroa-c.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (555), with CRLF line terminators
Category:	dropped
Size (bytes):	762
Entropy (8bit):	5.566807481940523
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBATz5YkNoT7fBAmL0firHc9ow16PrfuKai3SGzKIMBj6I5BFR5y:T+PxNzdL+Tz2kN8f+1fcW1crfuKai3S8
MD5:	4B6D1924215ED48689979CD5B695534E
SHA1:	670A32A40D31D7CC6F3D6A6573B877F78C779D8E
SHA-256:	15C7ABD5061C875162E31C4EE6B43790D2BC4430D28131CE96F93FCAF8BA040B
SHA-512:	A2F07B0F98325640EAA7FCD1B1D7C9A5A651F08530A9FE0F230FDEFD82730BC514B092980C00566E90CEE3A66A42569819062B3BB0CB02E6FFB35CAFD12B848B
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\2suroa-c.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\2suroa-c.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\35s3td__.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (555), with CRLF line terminators
Category:	dropped
Size (bytes):	32053
Entropy (8bit):	4.646487416711324
Encrypted:	false
SSDEEP:	384:vzfeP5UTAHV2LcS+fJmIjWiiaFBc0nnceB8kqp48tzc8N:vzw5UXn+fQT
MD5:	AB43327EDFA2D1E24F24651153730DF6
SHA1:	CD4F478C54F875652F7001D77545CB69806A795F
SHA-256:	8A4F93C918594843180EA0574109A0AE4E79355382BB207F6E817A197F8663CD
SHA-512:	28B82BA895B725D0A6BF1A133E905EF1DDCB308AC89C84C4D376906F0EDC007082BE9FE0E933B11FB68CA2F2B14595B0D236C77B679EA83F944C16A4A686E352
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterInstallShieldSummary : System.Xml.Serialization.XmlSerializationWriter {.... public void Write7_installShieldSummary(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"installShieldSummary", @"");.. return;.. }.. TopLevelElement();.. Write6_InstallShieldSummary(@"installShieldSummary", @"", ((global::DriversHQ.DriverDetective.Common.InstallShieldSummary)o), true, false);.. }.... void Write6_InstallShieldSummary(string n, string ns, global::DriversHQ.DriverDetective.Common.InstallShieldSummary o, bool isNullable, bool needType) {..

C:\Users\user\AppData\Local\Temp\35s3td__.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (460), with no line terminators
Category:	dropped
Size (bytes):	463
Entropy (8bit):	5.540647590146141
Encrypted:	false
SSDEEP:	12:p3rfBA/kNoT7z5YfBAmL0fdRqrHc9ow16PrfdR/Hn:VL+/kN8z2f+1fdGW1crfdFHn
MD5:	2B72484231F7C7C2AE5FED4B5EABE719
SHA1:	C208123E8A4E08140F35191FA18271DFEFCB6359
SHA-256:	CF9BBCB042D145E8964B861960F1A52964007D02381687FEDD886C9C7C9955C9
SHA-512:	AC4B71A4918AA480236D9C30197879F8151010D975BEE6A047175EDD0C4F351E2BF2F9E6B196F1169ED2DF78A5BC4BE359C0EC92706CE2ADECA36ABE2CFED046
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\35s3td__.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\35s3td__.0.cs"

C:\Users\user\AppData\Local\Temp\35s3td__.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (557), with CRLF line terminators
Category:	dropped
Size (bytes):	764
Entropy (8bit):	5.578952447090705
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBA/kNoT7z5YfBAmL0fdRqrHc9ow16PrfdR/HuKai3SGzKIMBj6v:T+PxNzdL+/kN8z2f+1fdGW1crfdFHuKR
MD5:	F0A845E62066DAF6D7FED17539BBBF17
SHA1:	5D054B1D5AE88EF7B6842E48FB10D468BCD03C7E
SHA-256:	3F657D04C015874752EDA5156A6BD918326B149AD9D829A72C5569C15F7921B3
SHA-512:	A2C9DE41F8B0D2724AD17DB47A70F943EEC6210D40A10A8C4539D40F8258D1FCD3B348274363CF5D5B56F793F345E421EB43002C4037B08D656A5E8466F0812E
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\35s3td__.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\35s3td__.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\38blrlsu.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5948
Entropy (8bit):	4.607203361213355
Encrypted:	false
SSDEEP:	48:F1/6/6FV52BjlGV4j8BQ8szf0Ekrz8rrOyjuhobXJdafqLYrYdbd8/X1XMdbepoa:Ff5kjlFQMk4zasXJrceB8Yqp48Xzc8F
MD5:	00B55E1752798ED22846669BBB47E50F
SHA1:	ADFA8183BC2EE84B04471B9887B085F9C506B9AF
SHA-256:	AC4BB6C3E07981D13999E4B53153BCB3CD78B5A1A4172C322E0012F34338ECDF
SHA-512:	C96DC0D2CC8C7C833FAE772B884830A8C976EF5DA5F733925DCF6A25B89C82B8C2F3D3F941AA5F2D4E9A86AE95763D250BCED18CCE0B230698FAAB288203BE12
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterDeviceCollection : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_deviceCollection(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"deviceCollection", @"");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.DriverDetective.Common.DeviceCollection)o), @"deviceCollection", @"", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderDeviceCollection : System.Xml.Serializatio

C:\Users\user\AppData\Local\Temp\38blrlsu.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (406), with no line terminators
Category:	dropped
Size (bytes):	409
Entropy (8bit):	5.54273593014521
Encrypted:	false
SSDEEP:	6:pAu+HmFpw+o3kLAwoT7R5BAn55wkn23fuT+zxscHc9olm14sQPIwkn23fu/n:p3rz5YkNoT7fBAAf7rHc9ow16PrfWn
MD5:	B5FD8DF858DD2D6A168C264592CDA346
SHA1:	F48D3557143C56548EAEAB570DD6CB94855F1698
SHA-256:	F1213EF735B04B05154346882FDE7C69C26ED2795586ECAE29879A13F92A69E9
SHA-512:	0AF71827A3EA09885E09BE8BE3B3684D63A9E07D6A8A53BC40B2E54142FF83369C0B52BA123FC69723F5BEAE9D4BD24370957F0ED025D6036F08F4304E131FEE
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /out:"C:\Users\user\AppData\Local\Temp\38blrlsu.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\38blrlsu.0.cs"

C:\Users\user\AppData\Local\Temp\38blrlsu.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (503), with CRLF line terminators
Category:	dropped
Size (bytes):	710
Entropy (8bit):	5.584685658737018
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rz5YkNoT7fBAAf7rHc9ow16PrfWuKai3SGzKIMBj6I5BFR5y:T+PxNzdX2kN8f+AfXW1crfXKai3SGzKS
MD5:	936FBF1261C778EC58F0C1A116ABEAA5
SHA1:	60A7E9B2D55B941188CE6CBAE22B1CBCF97358BA
SHA-256:	4809BDB0C9252FA5D9A978C953B96F464FF81D6736EEF738918EB7C451AAD225
SHA-512:	1192F4DE6EB5895550B84337CE6867F33DCCC9B3738E3DA98A2CF6974E88EF9D4A0F31C6E6CC89DD232F122F8B2ADACCF2A8F248403098881E6BBA70A9C79CBD
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /out:"C:\Users\user\AppData\Local\Temp\38blrlsu.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\38blrlsu.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\4y2-_8hw.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	13976
Entropy (8bit):	4.416383721660342
Encrypted:	false
SSDEEP:	192:FBKQsc3UnVsnLbCfGSe9UZsjVqLQ0iAhb4ty1UYT2LX+NceB8Jqp48Zzc8x:vCPT26ceB8Jqp48Zzc8x
MD5:	AED5B24A55F77EA98B39403D954289ED
SHA1:	F6976209458DF983F25464D67567986430306823
SHA-256:	E0AE06CB676D75F69E7679ACFBA2F14793D2D75D6EB9D9A342850CDD695BA598
SHA-512:	CCBBD06AC21908639572124AE496A6DF5072B0D187CAA51C051958A3977A4D410507FF1B12B981A67B0E2CA8692B57801E0FC92A61A7CD40D45C8FB179BEAFEF
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterBIOS : System.Xml.Serialization.XmlSerializationWriter {.... public void Write6_bios(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"bios", @"");.. return;.. }.. TopLevelElement();.. Write5_BIOS(@"bios", @"", ((global::DriversHQ.DriverDetective.Common.BIOS)o), true, false);.. }.... void Write5_BIOS(string n, string ns, global::DriversHQ.DriverDetective.Common.BIOS o, bool isNullable, bool needType) {.. if ((object)o == null) {.. if (isNullable) WriteNullTagLiteral(n, ns);.. return;..

C:\Users\user\AppData\Local\Temp\4y2-_8hw.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (460), with no line terminators
Category:	dropped
Size (bytes):	463
Entropy (8bit):	5.579497644079537
Encrypted:	false
SSDEEP:	12:p3rfBA/kNoT7z5YfBAmL0ft0rHc9ow16Prf3n:VL+/kN8z2f+1ftKW1crf3n
MD5:	DBD07B75F99BA7D42C26497B0481350F
SHA1:	2243523E2CFD55E2DF8CDB7121C4ED13742D6BEF
SHA-256:	DF5B2BD232F80E0D3235D07BAE0E7C8802C495AE5028CFE8CC53C54BBCA9583F
SHA-512:	BB1CFB34F46E071AA5E6B226A382E39E44D94FCB8CAF6C8F342CED022BD8BD8F545B362A412A141A2AA6B784E4778A11A8F2D3E24F8468936D65DBFA1415EE65
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\4y2-_8hw.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\4y2-_8hw.0.cs"

C:\Users\user\AppData\Local\Temp\4y2-_8hw.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (557), with CRLF line terminators
Category:	dropped
Size (bytes):	764
Entropy (8bit):	5.592529750426684
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBA/kNoT7z5YfBAmL0ft0rHc9ow16Prf3uKai3SGzKIMBj6I5BFa:T+PxNzdL+/kN8z2f+1ftKW1crf3uKaiN
MD5:	109E4648AA8B82E40BB7A1CF738DC102
SHA1:	A040B524E08F8CCF0D7D9A8B58D5C7A194033F7A
SHA-256:	1E530258B026D87249D7AFDD6359ACA0291602C2E00BC0A34A724871D310EC26
SHA-512:	71EBD58C253D96264B7707AF10D31CC322D757E8E3F6C0A417D26FBDB9CE30A3307BFF473F9DD12D52A25DE6863678ECCAFF50EDFB54583EF7E88CBA08C2B7CE
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\4y2-_8hw.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\4y2-_8hw.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\CSC57E.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
File Type:	MSVC .res
Category:	dropped
Size (bytes):	664
Entropy (8bit):	3.2649614730858154
Encrypted:	false
SSDEEP:	12:DXtEki3nmJ1AHOa5YAk9aUGiqbiN5BryaGak7YnqqxpPN5Olq5I:SNWJ13g0NbGakSxpPNAqC
MD5:	FF899CF2AE1CBCD9E14B7DB3CA17F6C4
SHA1:	37A9D74B0CCDBAE7934C49997DFF2800721E19F1
SHA-256:	D6392173B4301AA6F9BD858380075C06CB510FF7F81BC36414B443675C3A7B6E
SHA-512:	2A725F2F23C06DC0E04C5FD6AF1C2902DBB0091B80C2BB609512EF90BBFEE53DD0CBC474472996AA0EE9A3ABDA68CFFEBFC421AB7F76DA459650A3CF8DE77045
Malicious:	false
Reputation:	unknown
Preview:	.... ...........................X...<...............0...........X.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...4.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...6...1.4...<.....I.n.t.e.r.n.a.l.N.a.m.e...2.q.m.j.n.y.c.u...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...2.q.m.j.n.y.c.u...d.l.l.....8.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...6...1.4...<.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...1.0...1...6...1.4...

C:\Users\user\AppData\Local\Temp\CSCE29.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
File Type:	MSVC .res
Category:	dropped
Size (bytes):	664
Entropy (8bit):	3.270685285596508
Encrypted:	false
SSDEEP:	12:DXtEki3nmJ1AHOa5YAk9aUGiqbiN5BryJGak7YnqqSpPN5Olq5I:SNWJ13g0NnakS0PNAqC
MD5:	46A4BC93C21F16C58DD6D259FBB9B1F8
SHA1:	55F81B9A9F31F437CCC16D72EC4D73B8A07FB803
SHA-256:	A70DE5BA7D6435A76EC3AF36E71C919B8CAB302A00BFF7B2714C31E0C7987EF8
SHA-512:	0CAD92E850D765790789B54F640868721F4FC71A5AC33DF3A6ABBC0E5319169975ECC61147CB9B10BD983E2525F77E1C514ADE330A324C357C4315F8891C2332
Malicious:	false
Reputation:	unknown
Preview:	.... ...........................X...<...............0...........X.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...4.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...6...1.4...<.....I.n.t.e.r.n.a.l.N.a.m.e...e.u.d.b.x.j.3.q...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...e.u.d.b.x.j.3.q...d.l.l.....8.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...6...1.4...<.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...1.0...1...6...1.4...

C:\Users\user\AppData\Local\Temp\CSCE37F.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
File Type:	MSVC .res
Category:	dropped
Size (bytes):	664
Entropy (8bit):	3.2527307437750563
Encrypted:	false
SSDEEP:	12:DXtEki3nmJ1AHOa5YAk9aUGiqbiN5BryVRbak7YnqqmRKPN5Olq5I:SNWJ13g0N4bakSGKPNAqC
MD5:	44E7B1B99A2189023FA3D8EAA3A2BB21
SHA1:	56D3E2638718206B0CE2371A6938496DE2986129
SHA-256:	7ED7A82165CB8F3ACEDF2691940EA06354256B62C922750ECCEC300215A6F52B
SHA-512:	71E4A3B4B8E11F7AFADA1DABA8067EF57EF3E87DDA4BBBA71C0253E90B7089BB23A8AB88322D9E0A3873843B4863BB5759B8A14E2CCFCA78C92D428074B10926
Malicious:	false
Reputation:	unknown
Preview:	.... ...........................X...<...............0...........X.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...4.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...6...1.4...<.....I.n.t.e.r.n.a.l.N.a.m.e...x.d.i.x._.t.k.b...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...x.d.i.x._.t.k.b...d.l.l.....8.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...6...1.4...<.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...1.0...1...6...1.4...

C:\Users\user\AppData\Local\Temp\CSCEA17.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
File Type:	MSVC .res
Category:	dropped
Size (bytes):	664
Entropy (8bit):	3.234198443660518
Encrypted:	false
SSDEEP:	12:DXtEki3nmJ1AHOa5YAk9aUGiqbiN5Bry+S3ak7YnqqrSePN5Olq5I:SNWJ13g0N43akSWePNAqC
MD5:	30C40D9F280D4A8998F924EF4CDDE418
SHA1:	096497BDD03F4AE90F92ED9E6923878EA4604CDC
SHA-256:	685E73A817472F873C6B4C0DC8F87ADBA1C4F64CB8751DC6FFF61E118724B573
SHA-512:	415F0EBFFF1CA004760B6340F89EA1DC585C7E3959B765B31C5881E02913DCD2AC351D44298094A78BA6E33D8F29D260BCD026CA98009B9D35368E80A3D601C1
Malicious:	false
Reputation:	unknown
Preview:	.... ...........................X...<...............0...........X.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...4.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...6...1.4...<.....I.n.t.e.r.n.a.l.N.a.m.e...1.c.w.r.y.i.a.m...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...1.c.w.r.y.i.a.m...d.l.l.....8.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...6...1.4...<.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...1.0...1...6...1.4...

C:\Users\user\AppData\Local\Temp\CSCF467.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
File Type:	MSVC .res
Category:	dropped
Size (bytes):	664
Entropy (8bit):	3.2415618513794073
Encrypted:	false
SSDEEP:	12:DXtEki3nmJ1AHOa5YAk9aUGiqbiN5BrydGak7YnqqWpPN5Olq5I:SNWJ13g0NsGakSWpPNAqC
MD5:	3F921832E47F25AB7A403641F1F97736
SHA1:	DA1EDD383AF9A61C41BF42D7C52E8D50A09C56D7
SHA-256:	B47857A9548DA39E2536E15B5958F7B3F0400D5AD586635476F9DF39E047A70C
SHA-512:	FD9C854FDAE155D9A230B93E03B4CD1A3664737C55B2BEC03932E5A2D0282ADD404E00C578AFA06F22A9532B1A7885A6D8BA0E8B8A9D75E36D7D5E681B12E848
Malicious:	false
Reputation:	unknown
Preview:	.... ...........................X...<...............0...........X.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...4.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...6...1.4...<.....I.n.t.e.r.n.a.l.N.a.m.e...o.m.w.b.8.e.u.e...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...o.m.w.b.8.e.u.e...d.l.l.....8.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...6...1.4...<.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...1.0...1...6...1.4...

C:\Users\user\AppData\Local\Temp\CSCFB3D.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
File Type:	MSVC .res
Category:	dropped
Size (bytes):	664
Entropy (8bit):	3.2430911306003334
Encrypted:	false
SSDEEP:	12:DXtEki3nmJ1AHOa5YAk9aUGiqbiN5BryOak7YnqqCPN5Olq5I:SNWJ13g0NRakSCPNAqC
MD5:	84094F298673543D4FA2E932E96C2A41
SHA1:	DF2775BA72BA03FEB2C8BBAF96A2923A9534200A
SHA-256:	917C3E99EA3B0232F779AB7A94CAF9911181108FCF29276DF2ACDAC9932ECB52
SHA-512:	7860307708A7A7304406A8735B86A5BB8B3CC0DA604B9B7A7F4F13625A96EE6F4C055925A1B9A23EA575C52F5DBF5BAB47870AB3B9579A87DF9958DEB55C76E1
Malicious:	false
Reputation:	unknown
Preview:	.... ...........................X...<...............0...........X.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...4.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...6...1.4...<.....I.n.t.e.r.n.a.l.N.a.m.e...n.u.j.z.o.c.0.o...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...n.u.j.z.o.c.0.o...d.l.l.....8.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...6...1.4...<.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...1.0...1...6...1.4...

C:\Users\user\AppData\Local\Temp\CSCFF64.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
File Type:	MSVC .res
Category:	dropped
Size (bytes):	664
Entropy (8bit):	3.2584845919315586
Encrypted:	false
SSDEEP:	12:DXtEki3nmJ1AHOa5YAk9aUGiqbiN5Bry7Gak7YnqqApPN5Olq5I:SNWJ13g0NtakS2PNAqC
MD5:	BA808BD256437E1662947F5C6992858F
SHA1:	ED557CA0EC607ADA6F255D72A631DC5660F4FF23
SHA-256:	7BA10F098B542B738F8EB5A094839966D9916E52AC49090503FDDA98050A15E0
SHA-512:	80B96E4F0E3FB922990EF6C7F2E03135C7BD6038CA31EDAE3D5C9EE4104F153AC315D17DE7FCFEA37BD7ACD67DF7E80D20D7522063D70125E14D9EA1B79FE1E2
Malicious:	false
Reputation:	unknown
Preview:	.... ...........................X...<...............0...........X.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...4.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...6...1.4...<.....I.n.t.e.r.n.a.l.N.a.m.e...j.1.2.i.-.f.j.-...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...j.1.2.i.-.f.j.-...d.l.l.....8.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...6...1.4...<.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...1.0...1...6...1.4...

C:\Users\user\AppData\Local\Temp\DriverSupport.exe

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	7325080
Entropy (8bit):	7.9704229669300934
Encrypted:	false
SSDEEP:	196608:l2LdhN+1Decdh63avQpUEMiGFCf+WEEaD:l2t+QC6ajEMPL+c
MD5:	4FDEDFFF4D3DAE398264E0338D536F3B
SHA1:	0094AA53ABEDEEBED8267EEE96754CA19E46EE0C
SHA-256:	CB2FEC51AC32E0954271572DB2665B75E000B59082A37BAAA378CEEB9A368428
SHA-512:	19E9CC9B17BDFB0545734CDB8E10F7B1B6D4BA855D4A48D0442256D4913268DD5454BFA85E59899525E548FC94DA64AA309D2E11E4D365CAC3304827A64F3CD2
Malicious:	true
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F......F...G.v.F......F..v...F...@...F.Rich..F.........................PE..L....c.W.................^..........+2.......p....@...................................p...@.................................(t......................@.o.X4...........................................................p...............................text....].......^.................. ..`.rdata..F....p.......b..............@..@.data................v..............@....ndata.......@...........................rsrc................z..............@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\RES57F.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
File Type:	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x40e, 9 symbols, created Thu Aug 15 09:48:42 2024, 1st section name ".debug$S"
Category:	dropped
Size (bytes):	1204
Entropy (8bit):	3.751185320840282
Encrypted:	false
SSDEEP:	24:H9J9YGYfMngYfHvUnhKzWJ13g0NbGakSxpPNAqx+t5r:yGMIsnhKzFibGa3xLJg7r
MD5:	8A3D680EBC471D760374DB58E403E44A
SHA1:	F58B33D45A27BF02974053F71D9ACBB6CD9759B0
SHA-256:	C0873F828377C9FB7A7343AC59260A3CE8054201F722565A5256B61A7011F5D9
SHA-512:	C8CEAA093FAFDEE7008AFDB557611CE924F66D6B18D717CED3ACF46187F7E81D1F3FD4578C02CDFABF72E452522D06247495FCD53B1E30EF87EB85DC05C7CFEE
Malicious:	false
Reputation:	unknown
Preview:	L.....f.............debug$S............................@..B.rsrc$01........X...T...............@..@.rsrc$02........X...................@..@.............c:\Users\user\AppData\Local\Temp\CSC57E.tmp.........................K}...........b...3.......C:\Users\user\AppData\Local\Temp\RES57F.tmp.+...................'.Microsoft (R) CVTRES.................................................0.......................H.......X...........H.........X.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...4.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...6...1.4...<.....I.n.t.e.r.n.a.l.N.a.m.e...2.q.m.j.n.y.c.u...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...2.q.m.j.n.y.c.u...d.l.l.....8.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...6...1.4...<.....A.s.s.e.m.b.l.y.

C:\Users\user\AppData\Local\Temp\RESE2A.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
File Type:	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x40e, 9 symbols, created Thu Aug 15 09:48:44 2024, 1st section name ".debug$S"
Category:	dropped
Size (bytes):	1204
Entropy (8bit):	3.7508266913686286
Encrypted:	false
SSDEEP:	24:He6J9YGYfiYfHjUnhKzWJ13g0NnakS0PNAqx+t5r:IGMnwnhKzFina3UJg7r
MD5:	23CB68189E6C659C012F2FAECFDC5782
SHA1:	EB27374A8A2696FAAD156423B00EBCCC3AF69A86
SHA-256:	8ED09C3158BBFBAC5DE99C9BBBE669ACACD796006FD9D22013DA9051B6E6C37A
SHA-512:	EC83F59FC84413AF96DFF74C9B90D4341B62392569EECB9D26C57A0A7622D4467B458F53C5D0FB89BBAA9C1A933A34B36A44D2F2AF2C89AB9D5E3C4EE8CD640C
Malicious:	false
Reputation:	unknown
Preview:	L.....f.............debug$S............................@..B.rsrc$01........X...T...............@..@.rsrc$02........X...................@..@.............c:\Users\user\AppData\Local\Temp\CSCE29.tmp.................F.........Y..........b...3.......C:\Users\user\AppData\Local\Temp\RESE2A.tmp.+...................'.Microsoft (R) CVTRES.................................................0.......................H.......X...........H.........X.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...4.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...6...1.4...<.....I.n.t.e.r.n.a.l.N.a.m.e...e.u.d.b.x.j.3.q...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...e.u.d.b.x.j.3.q...d.l.l.....8.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...6...1.4...<.....A.s.s.e.m.b.l.y.

C:\Users\user\AppData\Local\Temp\RESE380.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
File Type:	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x40e, 9 symbols, created Thu Aug 15 09:48:33 2024, 1st section name ".debug$S"
Category:	dropped
Size (bytes):	1204
Entropy (8bit):	3.7536202231916707
Encrypted:	false
SSDEEP:	24:HoJ9YG7fQ0GXDfHaiUnhKDWJ13g0N4bakSGKPNAqx+t5r:JGLyzcnhKDFi4ba3GmJg7r
MD5:	C9680B67B75600AEAA3B973C8A35146C
SHA1:	282BCBAA2BEC46883867160A939F31B74A8D74AD
SHA-256:	4BDC39229D7EE53C38F2C93B412162D3B36F82A258022B0CB5495149CFD07FDD
SHA-512:	8348B664E24EAB083C8243B623BD542D084710925A64B3F69B5C6065871E7754ABB313565287252383E1203FA7C079F412F6C427847F45000A667E4AD55E9397
Malicious:	false
Reputation:	unknown
Preview:	L.....f.............debug$S............................@..B.rsrc$01........X...T...............@..@.rsrc$02........X...................@..@......../....c:\Users\user\AppData\Local\Temp\CSCE37F.tmp................D..!..?....!......c...4.......C:\Users\user\AppData\Local\Temp\RESE380.tmp.+...................'.Microsoft (R) CVTRES................................................0.......................H.......X...........H.........X.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...4.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...6...1.4...<.....I.n.t.e.r.n.a.l.N.a.m.e...x.d.i.x._.t.k.b...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...x.d.i.x._.t.k.b...d.l.l.....8.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...6...1.4...<.....A.s.s.e.m.b.l.y.

C:\Users\user\AppData\Local\Temp\RESEA18.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
File Type:	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x40e, 9 symbols, created Thu Aug 15 09:48:35 2024, 1st section name ".debug$S"
Category:	dropped
Size (bytes):	1204
Entropy (8bit):	3.7234244595699395
Encrypted:	false
SSDEEP:	24:HiJ9YG7fGvXDfHqUnhKDWJ13g0N43akSWePNAqx+t5r:XGLGvz1nhKDFi43a3WCJg7r
MD5:	BE263AC86D8FDD1A011137CA7694E077
SHA1:	C1D22E7B6E9705513F6E545FF085AC7A06ED5911
SHA-256:	BE7A36C4C7E102417EC3E7E3D150303FFF863A9FF830C11241A3633D72140EDE
SHA-512:	B1971A4C4B8CDAEB1A7C4C95C4558144A2C06E1B02ECB540B674A5254A29929FF041BAD9F494E021D5A3C34DD7A92D19780754B5939185E29775B0C49B61B43A
Malicious:	false
Reputation:	unknown
Preview:	L.....f.............debug$S............................@..B.rsrc$01........X...T...............@..@.rsrc$02........X...................@..@......../....c:\Users\user\AppData\Local\Temp\CSCEA17.tmp................0...(.J...$.L.........c...4.......C:\Users\user\AppData\Local\Temp\RESEA18.tmp.+...................'.Microsoft (R) CVTRES................................................0.......................H.......X...........H.........X.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...4.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...6...1.4...<.....I.n.t.e.r.n.a.l.N.a.m.e...1.c.w.r.y.i.a.m...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...1.c.w.r.y.i.a.m...d.l.l.....8.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...6...1.4...<.....A.s.s.e.m.b.l.y.

C:\Users\user\AppData\Local\Temp\RESF478.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
File Type:	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x40e, 9 symbols, created Thu Aug 15 09:48:38 2024, 1st section name ".debug$S"
Category:	dropped
Size (bytes):	1204
Entropy (8bit):	3.7304179104797703
Encrypted:	false
SSDEEP:	24:H5J9YG7fGDXXDfHm/UnhKDWJ13g0NsGakSWpPNAqx+t5r:+GLGTzG8nhKDFisGa3WLJg7r
MD5:	C5CC2F4C16EC91F9B6F5CA1B698C8A7F
SHA1:	6DB4F451D68873D45D6F172BA37F921715332A9F
SHA-256:	134B7ABFC34FD31C553C49E7C8608DD6DD83E13AFABF0F45B1BEE4C2A0804D2E
SHA-512:	328739C44C4A6864D6FF34274AC8BDAF4BE88D87F9ECF8B3BDD1277BAF600A89D58AA30FF3E6D5A15833640C07236B78672909EACACE2C30C62D2A4E23F5E8B2
Malicious:	false
Reputation:	unknown
Preview:	L.....f.............debug$S............................@..B.rsrc$01........X...T...............@..@.rsrc$02........X...................@..@......../....c:\Users\user\AppData\Local\Temp\CSCF467.tmp................?..2..%.z@6A..w6......c...4.......C:\Users\user\AppData\Local\Temp\RESF478.tmp.+...................'.Microsoft (R) CVTRES................................................0.......................H.......X...........H.........X.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...4.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...6...1.4...<.....I.n.t.e.r.n.a.l.N.a.m.e...o.m.w.b.8.e.u.e...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...o.m.w.b.8.e.u.e...d.l.l.....8.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...6...1.4...<.....A.s.s.e.m.b.l.y.

C:\Users\user\AppData\Local\Temp\RESFB3E.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
File Type:	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x40e, 9 symbols, created Thu Aug 15 09:48:40 2024, 1st section name ".debug$S"
Category:	dropped
Size (bytes):	1204
Entropy (8bit):	3.7240124325095363
Encrypted:	false
SSDEEP:	24:HbJ9YG7fFXDfH/UnhKDWJ13g0NRakSCPNAqx+t5r:0GLFzcnhKDFiRa3OJg7r
MD5:	2DA2CCD4B1D0B713FCE13F022926203E
SHA1:	7389CCB71419F245C0AC923588BACF3D13B2A18C
SHA-256:	E3F1AA37FC7257FC4695ACC81D4C1621A1AF9FDE8D51E3FFDB9A14515EBA6ADD
SHA-512:	A801A330C5F7FA6945B067DAF1A9369D8E934FD8B8D03909146DBD4C1BEC46ECA091D20ED424782B63D8DED358D0D9D4585F9AF50EF2DD82272FC3EF330ADF30
Malicious:	false
Reputation:	unknown
Preview:	L.....f.............debug$S............................@..B.rsrc$01........X...T...............@..@.rsrc$02........X...................@..@......../....c:\Users\user\AppData\Local\Temp\CSCFB3D.tmp..................O).sT=O..2.l*A......c...4.......C:\Users\user\AppData\Local\Temp\RESFB3E.tmp.+...................'.Microsoft (R) CVTRES................................................0.......................H.......X...........H.........X.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...4.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...6...1.4...<.....I.n.t.e.r.n.a.l.N.a.m.e...n.u.j.z.o.c.0.o...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...n.u.j.z.o.c.0.o...d.l.l.....8.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...6...1.4...<.....A.s.s.e.m.b.l.y.

C:\Users\user\AppData\Local\Temp\RESFF74.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
File Type:	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x40e, 9 symbols, created Thu Aug 15 09:48:41 2024, 1st section name ".debug$S"
Category:	dropped
Size (bytes):	1204
Entropy (8bit):	3.7328071593460823
Encrypted:	false
SSDEEP:	24:HwJ9YG7fjXDfHWUnhKDWJ13g0NtakS2PNAqx+t5r:BGLjzhnhKDFita3KJg7r
MD5:	8273A465EDC1095B7F0003052F3572A2
SHA1:	5E1FD5459BCE050BF53E17FFA10EA0438C6B1BF8
SHA-256:	E694021C83DD1A86A3775C6BA112133CAE2AA8436F952715B3BB699C9123CA43
SHA-512:	BE0E63130F70573D7EB0D604BF59436EC5B73A2C42D2CB99809E72CD3C6F7BAAEA7450502D6C5F7481D6BD9C7DBD5A7965FB85850FF68794E018893169B4187F
Malicious:	false
Reputation:	unknown
Preview:	L.....f.............debug$S............................@..B.rsrc$01........X...T...............@..@.rsrc$02........X...................@..@......../....c:\Users\user\AppData\Local\Temp\CSCFF64.tmp....................VC~.b..\i.........c...4.......C:\Users\user\AppData\Local\Temp\RESFF74.tmp.+...................'.Microsoft (R) CVTRES................................................0.......................H.......X...........H.........X.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...4.....F.i.l.e.V.e.r.s.i.o.n.....1.0...1...6...1.4...<.....I.n.t.e.r.n.a.l.N.a.m.e...j.1.2.i.-.f.j.-...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...j.1.2.i.-.f.j.-...d.l.l.....8.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...1.0...1...6...1.4...<.....A.s.s.e.m.b.l.y.

C:\Users\user\AppData\Local\Temp\_3kjpg9g.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	14973
Entropy (8bit):	4.369480732958655
Encrypted:	false
SSDEEP:	192:FB0Tu0CKkfInVmnTTiwTgFOyuKZLwLR/tezXayqceB8tqp48Nzc8b:vHnhyIRgwceB8tqp48Nzc8b
MD5:	7C604D6B7402F4C27209CFB12C71A2EF
SHA1:	C4022315C75F59031CBEF63FA38E2B985C3A976F
SHA-256:	3DD9D87D4318F427ADE1AC5F917114279AB5277B9371B4DF07C786E686BBF6B3
SHA-512:	D0CF2147A381303A9EA79E3258945F517EF095DB4D0ED794913878408BD262F5F93763001661090E9B66BA77FE89E40593E5536EF772910865E793099F0AAFCA
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterCPUID : System.Xml.Serialization.XmlSerializationWriter {.... public void Write6_cpuID(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"cpuID", @"");.. return;.. }.. TopLevelElement();.. Write5_CPUID(@"cpuID", @"", ((global::DriversHQ.DriverDetective.Common.CPUID)o), true, false);.. }.... void Write5_CPUID(string n, string ns, global::DriversHQ.DriverDetective.Common.CPUID o, bool isNullable, bool needType) {.. if ((object)o == null) {.. if (isNullable) WriteNullTagLiteral(n, ns);.. return;

C:\Users\user\AppData\Local\Temp\_3kjpg9g.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (460), with no line terminators
Category:	dropped
Size (bytes):	463
Entropy (8bit):	5.565870753260714
Encrypted:	false
SSDEEP:	12:p3rfBA/kNoT7z5YfBAmL0fZOtfkUrHc9ow16PrfZOtfgH:VL+/kN8z2f+1fZOtfTW1crfZOtfC
MD5:	E4F9C057A035D049EF9D2442E1B3A189
SHA1:	25F6A044757033EED81CC7C3772035A14918A22A
SHA-256:	2B67D035196ECA3095984D859BBCA078DE2F2C1D794B60601AB67F51A6756CC1
SHA-512:	DB1390A9CFB16BD97C296932E2A70166C37439A81B2088673E2F0EF2F3F787DBD8A15C0971F13EAD0BC6D0EA321146DC79CC83D121C5029D6C5B3AD554B481EC
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\_3kjpg9g.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\_3kjpg9g.0.cs"

C:\Users\user\AppData\Local\Temp\_3kjpg9g.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (557), with CRLF line terminators
Category:	dropped
Size (bytes):	764
Entropy (8bit):	5.593128795132381
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBA/kNoT7z5YfBAmL0fZOtfkUrHc9ow16PrfZOtfgOKai3SGzKI5:T+PxNzdL+/kN8z2f+1fZOtfTW1crfZOw
MD5:	41808D61AEDEBFCA466597E27292E52F
SHA1:	89182B09C9E256C5E6A82A7B2743323A372DBF1F
SHA-256:	E2A5D4ABAF21CDB17282263A76C8B1DC031958D1F1407217284F302F0B89B1A3
SHA-512:	5903560C1E81C889653B00EA9375E0AD45305316E800F3D31CED44A9D09A72AF35B503D435D12C1DBCBE2E5C493886F2B8D57B5DE2D82763AF66D10D375E3711
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\_3kjpg9g.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\_3kjpg9g.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nit54525.kal.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tqz5tupe.npp.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\_p62xqhu.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (1098), with CRLF line terminators
Category:	dropped
Size (bytes):	130749
Entropy (8bit):	4.5786922753597254
Encrypted:	false
SSDEEP:	1536:vs2Aw2mKzECWwoT4tqL9o2Og+9X4o/5v/Gwep:stqL5l
MD5:	7AB11FA6CF8DEA1C57B030C643CB778F
SHA1:	8978BCCB8AD209C3086DDD7510D2ED36E8101869
SHA-256:	F8EB39E45F71013AFD483C777B398BF9CD69A9A31956C80F812F1E00EE743626
SHA-512:	CA997C671CA3A9F144245D12CEFBFFB265EA92B51DCA03AE03F98DB099DFCAC1BABC15F08C7629EADB891FF5A346F379C54D972AED7730A39BF5EF77E4805029
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterWhiteLabelMetaDataArray : System.Xml.Serialization.XmlSerializationWriter {.... public void Write12_ArrayOfWhiteLabelMetaData(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"ArrayOfWhiteLabelMetaData", @"");.. return;.. }.. TopLevelElement();.. {.. global::DriversHQ.DriverDetective.Common.WhiteLabelMetaData[] a = (global::DriversHQ.DriverDetective.Common.WhiteLabelMetaData[])((global::DriversHQ.DriverDetective.Common.WhiteLabelMetaData[])o);.. if ((object)(a) == null) {.. WriteNullTagLiteral(@"A

C:\Users\user\AppData\Local\Temp\_p62xqhu.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (460), with no line terminators
Category:	dropped
Size (bytes):	463
Entropy (8bit):	5.575087613885225
Encrypted:	false
SSDEEP:	12:p3rfBA/kNoT7z5YfBAmL0fhBrHc9ow16PrfhaHn:VL+/kN8z2f+1fhxW1crfhM
MD5:	6A4A563800BF0303AE60A538E01E6D12
SHA1:	B1D26F8DF0FD2B1923A7B2152E7A431B277DEF58
SHA-256:	43B181231D0BBAF8170744F4F1D3829201DA75ECE3E51253CBE930A5C57CBA65
SHA-512:	A3D074527F96A6B20F7D60848F488C351CD2605355F1E743CEF21C2307AA6A646E69A6155B308A1B704B19680EFF1A2CC1F431E3EA3A96E293F826A222D22E26
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\_p62xqhu.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\_p62xqhu.0.cs"

C:\Users\user\AppData\Local\Temp\_p62xqhu.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (557), with CRLF line terminators
Category:	dropped
Size (bytes):	1171
Entropy (8bit):	5.5549689128212405
Encrypted:	false
SSDEEP:	24:T+PxNzdL+/kN8z2f+1fhxW1crfh5Kai3SGzKIMl6I5Dv1+fhu1Rfhm17fhk01A:TcxHukWz2fghA1qh5Kb3xKxl6I5Dwhuh
MD5:	F1568C4F0BBA435E262E50BC23DF5A12
SHA1:	9D81F906CC7549840E37739A557862A6C9419CC2
SHA-256:	0619A1618427C818ED7FEA315BCB031408D7609B7F3A2BB80CF42D5E766783D3
SHA-512:	83F349789C957A98F8F7B0F8F552DB0DA082F3E8A0B690DA5E642869F4E7EC04B6A3E913F9F6EA03492D385AA37348AE993F94E42CE6501D209D31772C941C17
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\_p62xqhu.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\_p62xqhu.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....c:\Users\user\AppData\Local\Temp\_p62xqhu.0.cs(930,18): warning CS0219: The variable 'isNull' is assigned but its value is never used..c:\Users\user\AppData\Local\Temp\_p62xqhu.0.cs(1183,40): warning CS0219: The variable 'a_16' is ass

C:\Users\user\AppData\Local\Temp\_xrrw4wz.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5660
Entropy (8bit):	4.605474173769247
Encrypted:	false
SSDEEP:	96:Ff5+jo3JsKDOVhX50HgJceB8bqp48Gzc8Z:FBXsKDOTX50iceB8bqp48Gzc8Z
MD5:	839F9F7C3753A9AF213A030808D03A8C
SHA1:	FCFFC242D064A3FE810D7161E013AF4CC9922D6B
SHA-256:	92D098CC1F9B0F82822F0B71AAB86B7487495E23835E874DC7EB45D482BD34FE
SHA-512:	55F039BC0963271FDEF2EBCE8029213FE0C8B6C3EA54B78B6F5997D5AD5D26D9C3BED1CF3084F769F8D78A25159FB4DD1BC0423E075D290B4EA5AD9DAD7FC2BF
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterUserData : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_userData(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"userData", @"");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.DriverDetective.Common.UserData)o), @"userData", @"", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderUserData : System.Xml.Serialization.XmlSerializationReader {.... public obj

C:\Users\user\AppData\Local\Temp\_xrrw4wz.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (460), with no line terminators
Category:	dropped
Size (bytes):	463
Entropy (8bit):	5.5509525326689575
Encrypted:	false
SSDEEP:	12:p3rz5YkNoT7fBA/fBAmL0fhrHc9ow16Prfs:VX2kN8f+/f+1fRW1crfs
MD5:	F8E068ABEBD3591658785495088D13DA
SHA1:	71310FA3BBBA052A19F139F34F10AF2AE89A490D
SHA-256:	FDC80E32582E85DCD30BB3761C15CA46EFFB4106B3528D5EF2732C7F5B6E02B8
SHA-512:	4A57070A5F8E41EB3C8DBC59E00C136B956D33FC8FF2180629A0ADFE704520EC04667F577B01AABD91905F20A37755887DE6007EA3042C1981DC3ADE5DB25935
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\_xrrw4wz.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\_xrrw4wz.0.cs"

C:\Users\user\AppData\Local\Temp\_xrrw4wz.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (557), with CRLF line terminators
Category:	dropped
Size (bytes):	764
Entropy (8bit):	5.578855202562519
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rz5YkNoT7fBA/fBAmL0fhrHc9ow16PrfZKai3SGzKIMBj6I5BFR5y:T+PxNzdX2kN8f+/f+1fRW1crfZKai3S8
MD5:	3868A98710B2DBDC7E1CA5F649C80439
SHA1:	23562102B9B01A129EB00C29C78DCCABE8B9920F
SHA-256:	631E22EC5E5C266FD2D027F7D030BC276112F725F43382474DC10B080C3C4773
SHA-512:	68C08353A9340194D268E8C8217D9B75B71DE12DB0CF787AAE725604EE48DEE71A686094F3DF5B75E949FB406C8C743F5F53F2FD37BC05452A8406AEFDB02629
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\_xrrw4wz.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\_xrrw4wz.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\a9l5a1sr.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (534), with CRLF line terminators
Category:	dropped
Size (bytes):	64392
Entropy (8bit):	4.6779750875765735
Encrypted:	false
SSDEEP:	1536:bFnVrlwxUN1d0pRJHDAnanROEP2qDSOwYW2/OF2:BoH9
MD5:	9BBCED20A54D3C4A99846AB97F6B06C2
SHA1:	E4A3A76C0EA713F8E2E238610B7F9004E4493D35
SHA-256:	315F8D9CB48C00E05DD5ACC41A9521B687D7DF4F56A060B859F126B37DCA40BD
SHA-512:	BDC830E2A78DA938615AA320BA12A8F3FD40771B60ECD93CFCDA3B44A8CD6662A43A1C607A2257B34B2C5D617A70AA5B2A36844B1155D183D1AD46AA8F57AC51
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("2.1.0.0")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterManifest : System.Xml.Serialization.XmlSerializationWriter {.... public void Write13_manifest(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"manifest", @"urn:schemas-microsoft-com:PAG:updater-application-block:v2:manifest");.. return;.. }.. TopLevelElement();.. Write12_Manifest(@"manifest", @"urn:schemas-microsoft-com:PAG:updater-application-block:v2:manifest", ((global::Microsoft.ApplicationBlocks.Updater.Xsd.Manifest)o), true, false);.. }.... void Write12_Manifest(string n, string ns, global::Microsoft.ApplicationBlocks.Updater.

C:\Users\user\AppData\Local\Temp\a9l5a1sr.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (429), with no line terminators
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.539426847299308
Encrypted:	false
SSDEEP:	12:p3rz5YkNoT7fBAzz/AKfJ+rHc9ow16PrfJz:VX2kN8f+zvfCW1crf5
MD5:	CCF25718E8CD6034284E79F13D059E48
SHA1:	C72802D8C63BCF27F6861EC83938AFA836BCB680
SHA-256:	B3721CEF062D6B1722455EE9D86561C27E4BFA11D7819C51EAF5F48FBA0834C9
SHA-512:	EC6AC3C0040FEA821B3F4C1503BE4231B1FC8D4BDF527E8AD5C969BFC1AA4040901F1E4A3735E74B20B69051190B711D5DB8DB549129C2F3A6A363A923217F35
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.dll" /out:"C:\Users\user\AppData\Local\Temp\a9l5a1sr.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\a9l5a1sr.0.cs"

C:\Users\user\AppData\Local\Temp\a9l5a1sr.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (526), with CRLF line terminators
Category:	dropped
Size (bytes):	1000
Entropy (8bit):	5.52591343614581
Encrypted:	false
SSDEEP:	24:T+PxNzdX2kN8f+zvfCW1crf8Kai3SGzKIMl6I5Dv1+fP10fi1DF1:Tcxb2kWfs3v1q8Kb3xKxl6I5DwP1wi1b
MD5:	242373D558543C18511AA9CED2450949
SHA1:	C7587D53666C550405939AE2658A26AE3558B456
SHA-256:	862A76C584C11CCBE5798F32AF1203D46A2DA7EAD301B017F8B0B9BF50D11CC4
SHA-512:	B7573E6EFC01C032B8640666B678BD9103401500057385B46716BDD28F11F38D7E04AFBDB36D9904126B0EEAE9AE8436D1641DA9CB87755B9144FAC5C822E0E8
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Microsoft.ApplicationBlocks.Updater.dll" /out:"C:\Users\user\AppData\Local\Temp\a9l5a1sr.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\a9l5a1sr.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....c:\Users\user\AppData\Local\Temp\a9l5a1sr.0.cs(542,95): warning CS0219: The variable 'a_0' is assigned but its value is never used..c:\Users\user\AppData\Local\Temp\a9l5a1sr.0.cs(543,17): warning CS0219: The variable 'ca_0' is assigned but its value is never used..

C:\Users\user\AppData\Local\Temp\aj-eeo8o.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5836
Entropy (8bit):	4.630036176334209
Encrypted:	false
SSDEEP:	96:Ff56j7MhmSfUXk1eLO3eXhokgubJceB8JYqp48Jdzc8713Z:FBNnfUXk4LFXhV3ceB8JYqp48Jdzc87f
MD5:	8B5B4200F6202E1AD996A55C8D079DB3
SHA1:	FAD84F3F25AEFD194CF005FC5613490DC9669D14
SHA-256:	E34F0061B1235259AE12F45016FCEBF8C5994AD71ECF940FB37009CD1A57C02D
SHA-512:	DDA29AA3DB601B0FBEA224F45D4F0D3F33939500B300B64FE17ACFA4A46B215577449A670D52854E6626D7366A8700EBF1D0AE5DBBD7E7A0F72A45EF18937DC0
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterProcessorData : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_Processor(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"Processor", @"");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.DriverDetective.Client.Veloxum.ProcessorData)o), @"Processor", @"", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderProcessorData : System.Xml.Serialization.XmlSerializationRead

C:\Users\user\AppData\Local\Temp\aj-eeo8o.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (461), with no line terminators
Category:	dropped
Size (bytes):	464
Entropy (8bit):	5.524991691235583
Encrypted:	false
SSDEEP:	12:p3rz5YkNoT7fBABaSOfBAmL0f50rHc9ow16PrfD:VX2kN8f+BHOf+1f5KW1crfD
MD5:	1BE523EEB263C474EB047FFD82452DDB
SHA1:	B7FF8696498956085771AF6EB2418B1B4A5A22A9
SHA-256:	5B1ED371C3E7DA91FDE47A6D070491A9E55EB24F0855BF1870E0AE8BCA2E5E8A
SHA-512:	16008CECEAE45AF26DC07D40A989E36EB1B2AE0A3F8D765BDD5ACD64E02F57315303DA6795D44E68002EEB2CD3442C2E5C7A08650747CD2EFAF4270ED90EF18D
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\aj-eeo8o.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\aj-eeo8o.0.cs"

C:\Users\user\AppData\Local\Temp\aj-eeo8o.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (558), with CRLF line terminators
Category:	dropped
Size (bytes):	765
Entropy (8bit):	5.562205930270973
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rz5YkNoT7fBABaSOfBAmL0f50rHc9ow16PrfiKai3SGzKIMBj6I5G:T+PxNzdX2kN8f+BHOf+1f5KW1crfiKao
MD5:	A99B1E2F5A1415C93433ED0196041CB4
SHA1:	C0BB501CF6E1295BF7FB38F2C49C2C61640FA828
SHA-256:	405A4A5134087B60CFE474636AD343776A00526B1649492672E41BB2FE3AA7FD
SHA-512:	E2214F10231F1899086B067F4E998397A548B17884EB040D9C4C16D3AB2AF97141F0600FAAC12A1C6902285099415C819A8F5EA6DBE5327AD696BA649724B2EC
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\aj-eeo8o.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\aj-eeo8o.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\bri42vvk.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (326), with CRLF line terminators
Category:	dropped
Size (bytes):	293940
Entropy (8bit):	4.555649171625102
Encrypted:	false
SSDEEP:	768:vTFfT9Tk+J2bc4kdZFXN+I+mSmWJxWxLZFXj+I+/ZFX3+q+WZFXn+6+13Q3I3p2F:vTFfT9Tk+J2SN9GmWojFE33Lnrc2nhQi
MD5:	A6ADC52E09A4A10F33370A910CBED5D6
SHA1:	EC44E014DA8FF3D50F3A351351562FA235D4E49D
SHA-256:	3B3715C937190C2F81E3185F60515F7004DC321F90DB8CF93E68BC5C248B22F2
SHA-512:	F8591DFF12F771EAEA3E3BEF503A8924623A5697F0E7452AA89E1366A349168A797ED6690D427897B19A7033F38A7AA450CFBCB5F82DB1EFA557D38610197EE6
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterDevice : System.Xml.Serialization.XmlSerializationWriter {.... public void Write31_device(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"device", @"");.. return;.. }.. TopLevelElement();.. Write30_Device(@"device", @"", ((global::DriversHQ.DriverDetective.Common.Device)o), true, false);.. }.... void Write30_Device(string n, string ns, global::DriversHQ.DriverDetective.Common.Device o, bool isNullable, bool needType) {.. if ((object)o == null) {.. if (isNullable) WriteNullTagLiteral(n, ns);..

C:\Users\user\AppData\Local\Temp\bri42vvk.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (460), with no line terminators
Category:	dropped
Size (bytes):	463
Entropy (8bit):	5.552098886534719
Encrypted:	false
SSDEEP:	12:p3rfBA/kNoT7z5YfBAmL0fMsx0rHc9ow16PrfMshxn:VL+/kN8z2f+1f3KW1crfXxn
MD5:	D30F5CE3269F86EF8209970E3F4AC338
SHA1:	0D7D177FE6F54BF63F329FBAE5F5957F0776AB2D
SHA-256:	B4E564795065B02397670F617B56CCD04A9D6CF25B014075B9925DCA4985B955
SHA-512:	06067E44DF30CCAE2C42ECD4C330FC09A7D577994503ED8D95F65505250395C84BF1C3D2BA521600D881685E100E1833A618730C085F3613781D9DC8C45A65A4
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\bri42vvk.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\bri42vvk.0.cs"

C:\Users\user\AppData\Local\Temp\bri42vvk.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (557), with CRLF line terminators
Category:	dropped
Size (bytes):	764
Entropy (8bit):	5.573375781827411
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBA/kNoT7z5YfBAmL0fMsx0rHc9ow16PrfMshxuKai3SGzKIMBjS:T+PxNzdL+/kN8z2f+1f3KW1crfXxuKao
MD5:	44DB1F58407662C3EBC8DE75C8BCBCE0
SHA1:	8CE226A16099EDC58701A8B991CD537DDB96F638
SHA-256:	3B4DBDA51946A1CCB9DDD9C1A87D31871672E62EB72A2D04FA583F76A0CBC165
SHA-512:	699D45D75722CEE8CD36249DE4A622E1CFB8DD8340FF5CAE4675FE5C48DE829F17A44BEA9F2558F612E65E334CAE0BDDD661593957CDA2CE42B7FE2CD596C602
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\bri42vvk.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\bri42vvk.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\brqz2rcq.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (457), with CRLF line terminators
Category:	dropped
Size (bytes):	6706
Entropy (8bit):	4.781999836875643
Encrypted:	false
SSDEEP:	96:Ff5SjTj0o/8ZcLmj2/hcXr1ceB89Pqp489Ezc8vn:FBMFij2OXr1ceB8Rqp48+zc8v
MD5:	011F02566195E09E5E0EF04BF1981C62
SHA1:	8FE0B4CDD0C4CBB41978045400A269DFA0BC7F00
SHA-256:	A956BE47A2D750FBE34B7C9A719CCB6BF9EB9FB9D284D0B11E16EE1619D2C1FB
SHA-512:	6E04A06C6B022DC71541BC5899037BDA49B6169B44DE5134ACD324CC1E84C9B39A4825E3A83CA6444E2CD9E5F7E6975B23EAB08FDC84AFE080D92D69C2C313CC
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterGlobalEnvironmentEvents : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_globalEnvironmentEvents(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"globalEnvironmentEvents", @"http://rtm.drivershq.types/2011/10");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.RuleEngine.GlobalCache.GlobalEnvironmentEvents)o), @"globalEnvironmentEvents", @"http://rtm.drivershq.types/2011/10", true, true);.. }.... protected override void InitCallbacks() {

C:\Users\user\AppData\Local\Temp\brqz2rcq.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (458), with no line terminators
Category:	dropped
Size (bytes):	461
Entropy (8bit):	5.56793784678648
Encrypted:	false
SSDEEP:	12:p3rfBATz5YkNoT7fBAmL0fO0rHc9ow16PrfC:VL+Tz2kN8f+1fTW1crfC
MD5:	48A1DFB26365FFF13685019344C25E4C
SHA1:	21C678ECACF5267703DC9D795090958F0C6C8172
SHA-256:	22303E592AFD6EBF956C1168F35A95F3C4FC34F04AF768EDE1F6299BDBEC8C3A
SHA-512:	78D068414DAC1DEEC341B2A007E14C93252D8A806D540534FF44B7AE951A3D8B343E0E991889DAFD232F3237D24745FB14B127B9D72DF13387A8A864386BA26D
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\brqz2rcq.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\brqz2rcq.0.cs"

C:\Users\user\AppData\Local\Temp\brqz2rcq.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (555), with CRLF line terminators
Category:	dropped
Size (bytes):	762
Entropy (8bit):	5.5912136314334875
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBATz5YkNoT7fBAmL0fO0rHc9ow16Prf7Kai3SGzKIMBj6I5BFRI:T+PxNzdL+Tz2kN8f+1fTW1crf7Kai3S8
MD5:	59E4E83246CECA262218EFADE5A8C5EA
SHA1:	D61F6F67C424DF08D371D94172CFCAA11D70CD36
SHA-256:	8D5F7C7A176DAB56A801567F51A36C08A9E2508DE60DDB4187B0AE73C1293356
SHA-512:	A5A87291B0713F1BC69647842578ACD621CC2028EF785EAC1F30547CF4EE30F205DFEA87DE7DA2AD6E48971D154626551C78F17EB3C2D18C97042918F1F15AB5
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\brqz2rcq.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\brqz2rcq.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\cy5lhpqg.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5914
Entropy (8bit):	4.637826593151214
Encrypted:	false
SSDEEP:	96:Ff5ZjHYd1vXykK5kZXaKceB8uqp48nzc8O:FB4XykK5kXaKceB8uqp48nzc8O
MD5:	CB0872525A4D0CA126AB9B924C376FC8
SHA1:	C99854012E6F149FCCC29520E63D70FC550C188C
SHA-256:	54A9FC6475E3BF9DC86420B91D9DC15F73C8B7F027FC63B2E8FCCA206C0B41AB
SHA-512:	18B68A71829329610240BC9FAB8DE9E3102B3DBD8F5D5E56BE4D50DB7B33AA5A79CFAFCFC44A4DC560A7D130D8047D3F1E28E361D299AD1F9EEDB2746029210C
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterClientTestProgress : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_progress(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"progress", @"");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.DriverDetective.Client.Veloxum.ClientTestProgress)o), @"progress", @"", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderClientTestProgress : System.Xml.Serialization.XmlSeria

C:\Users\user\AppData\Local\Temp\cy5lhpqg.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (461), with no line terminators
Category:	dropped
Size (bytes):	464
Entropy (8bit):	5.568569082366386
Encrypted:	false
SSDEEP:	12:p3rz5YkNoT7fBABaSOfBAmL0f++rHc9ow16PrfE:VX2kN8f+BHOf+1f5W1crfE
MD5:	F02F02D7E8642231AA53018F6E3A011D
SHA1:	22B13A39D1DF9BF9A2A7AA3B576EDBB2D99245A2
SHA-256:	F6FC1D3F5614152FF6184B1A7868A89BAFE1F90F17D435E36E920C25AC4655F9
SHA-512:	75964FBDB7AE44EDD46331F5E4A03ECEDC021EBE0F4D6DB13FA9948974A6264599F2D5938240CB0E5D8B1AC4762E19DB1CF6B72FC594D55ABF08D3F9EAAA7EEF
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\cy5lhpqg.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\cy5lhpqg.0.cs"

C:\Users\user\AppData\Local\Temp\cy5lhpqg.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (558), with CRLF line terminators
Category:	dropped
Size (bytes):	765
Entropy (8bit):	5.585271469529304
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rz5YkNoT7fBABaSOfBAmL0f++rHc9ow16PrfRKai3SGzKIMBj6I5G:T+PxNzdX2kN8f+BHOf+1f5W1crfRKaiN
MD5:	071EB4A12BC2F18A360F37CD436491FA
SHA1:	0C5F7AF561B31A5FDC145F3EB3190D1E1672D6B2
SHA-256:	E508F23933B9967EEDD22DDE42F4B2E630938C262412EF452D8E560FA711A62D
SHA-512:	B1A0D039DCCA528DAEC6F1594593B7B5F9A6DC5A9F24AD3660BEEDEF2DFD5CDBCD598E99829E9FED0919C9AB415EA88CDD7E5F12C1DE1F4191EE4D02B8C85A0A
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\cy5lhpqg.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\cy5lhpqg.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\d-8slhn9.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (433), with CRLF line terminators
Category:	dropped
Size (bytes):	6274
Entropy (8bit):	4.7592896470343025
Encrypted:	false
SSDEEP:	96:Ff5GjYjg+Yrr2i4fudiacXJJceB8OJo8qp48Oyouzc8kC:FBCrIud0XJJceB8Z8qp48auzc8h
MD5:	5068053C152718AB91E8F213B9520814
SHA1:	97033EB5CAF13670FBABA72630C0C63894AFC430
SHA-256:	774AF43A260C83BEA16DA954A883982A7EE4413B458ECB069C6E4CE7C3DBA41E
SHA-512:	6A81B5EADF6094D30C5CEC433F02E30E9D05F8DD08B9CAAA834921F1EA65F9FEB9FF112DDE9DBB6A7BF976627725CB6243D264EBE9A5CDC0883D3A7865B62944
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterGlobalRules : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_globalRules(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"globalRules", @"http://rtm.drivershq.types/2011/10");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.RuleEngine.GlobalCache.GlobalRules)o), @"globalRules", @"http://rtm.drivershq.types/2011/10", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReade

C:\Users\user\AppData\Local\Temp\d-8slhn9.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (458), with no line terminators
Category:	dropped
Size (bytes):	461
Entropy (8bit):	5.5624007509507
Encrypted:	false
SSDEEP:	12:p3rfBATz5YkNoT7fBAmL0fnrHc9ow16Prf2xn:VL+Tz2kN8f+1fzW1crf2x
MD5:	380F062BB956981374DDCF1C9EABEEDD
SHA1:	F53325FC0E93F17C371E5466848E04A2486DE53B
SHA-256:	E9B281DE64E5B6CCF95E4867DA1E8EDE280F935F3D1B76694E6F4713E7090545
SHA-512:	78DF16A075922556D9AF1F1DF13DE2566DED5A462844E614E0F2FEB9E837AF247D6F0AC645C1A368BBB461B0F3E9634FBA247F435EA2354B5AD83D3F5FB5E46C
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\d-8slhn9.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\d-8slhn9.0.cs"

C:\Users\user\AppData\Local\Temp\d-8slhn9.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (555), with CRLF line terminators
Category:	dropped
Size (bytes):	762
Entropy (8bit):	5.584947516581007
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBATz5YkNoT7fBAmL0fnrHc9ow16Prf2xuKai3SGzKIMBj6I5BFa:T+PxNzdL+Tz2kN8f+1fzW1crf2UKai39
MD5:	1D49305C8ADAA927EBD94237E24A7791
SHA1:	97386F89A1A8ACE2017ECE3BF77887189C549B64
SHA-256:	AD6F7DA9F4A60377ACC89C1552197E2626C3FF25F69160238AC25D8F2445C478
SHA-512:	C126BC84A66C94E344F7CD16C5E66CFF8ECDFCDCB9F7976DFB2F454D461A2C95976859A89C0076AE51BF51F520DF5F365A51A060793163A25226527C2C9FE01B
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\d-8slhn9.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\d-8slhn9.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\dftx7twl.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (326), with CRLF line terminators
Category:	dropped
Size (bytes):	197436
Entropy (8bit):	4.650133642886762
Encrypted:	false
SSDEEP:	768:vaNfTlUdGYLM/Odon+I+LJI4QmWDdo9+I+udol+q+RdoI+6+iXP3x3v326:vaNfTlUdGYLMfn9hmWy9Fwl3VIrxo6
MD5:	05F1D5B0B7A22283449BD29F237CAD80
SHA1:	4F0EF879C145888F6463E766796CA7D877332C12
SHA-256:	C36A5E7D7760FF4341D8B45CB58F0C7F137E26D0F973F7AB31E9BB0916F5038C
SHA-512:	9A42C170E9E265F2DE515F9096F8D522BEFE39D5FEEC72EA67C115DF2A6CCEC60869AAF7C56719B431CDFA47D6AC11CC8C95D528B3456D5D21DFA0BC987E7864
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterSupportMetaData : System.Xml.Serialization.XmlSerializationWriter {.... public void Write23_supportMetaData(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"supportMetaData", @"");.. return;.. }.. TopLevelElement();.. Write22_SupportMetaData(@"supportMetaData", @"", ((global::DriversHQ.DriverDetective.Common.DAM.SupportMetaData)o), true, false);.. }.... void Write22_SupportMetaData(string n, string ns, global::DriversHQ.DriverDetective.Common.DAM.SupportMetaData o, bool isNullable, bool needType) {.. if ((object)o == nu

C:\Users\user\AppData\Local\Temp\dftx7twl.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (460), with no line terminators
Category:	dropped
Size (bytes):	463
Entropy (8bit):	5.536968529930151
Encrypted:	false
SSDEEP:	12:p3rfBA/kNoT7z5YfBAmL0fjbUrHc9ow16PrfjV:VL+/kN8z2f+1fjOW1crfjV
MD5:	8C45BCB502D31CB6FAA6041F27CBD7AC
SHA1:	A950F548A6F8D3E2A335C3BF29E63A325E5798FF
SHA-256:	F2895E4BDA25270797DAC44BBAFEE68400EFC7E447160EF86874CF00E1029572
SHA-512:	1EF0F5FFA97CA79E57D678CFB3462D1B971AD1A3589E203D7C7228105E2F78D6AE4028352B74A93DDF016DEE93D03E2D46B90EC839A6354B87F993F771E6EEDF
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\dftx7twl.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\dftx7twl.0.cs"

C:\Users\user\AppData\Local\Temp\dftx7twl.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (557), with CRLF line terminators
Category:	dropped
Size (bytes):	764
Entropy (8bit):	5.568601201957846
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBA/kNoT7z5YfBAmL0fjbUrHc9ow16PrfjwKai3SGzKIMBj6I5Bo:T+PxNzdL+/kN8z2f+1fjOW1crfjwKaiN
MD5:	89BBDF75F2B512313C5FE3EB23CA2432
SHA1:	7375454562E0295D97BF150E2D3F49B28B040D66
SHA-256:	B8614A50E36AE8AF8A67FB3AA26C0B748EC9817CA242225013098A3B72B08B4C
SHA-512:	A93A37EA3A0A61F8249B92DA4107DF6A90A0304BBF75FCB9D69F1E435F54361A03D14697127D2FDD38E3D5A726B5B0F115001D2006B90B643DEF039A4F42A007
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\dftx7twl.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\dftx7twl.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\eakxxyqi.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (465), with CRLF line terminators
Category:	dropped
Size (bytes):	6850
Entropy (8bit):	4.778695782767669
Encrypted:	false
SSDEEP:	96:Ff5Gj/bj+bMvIh+TOLWfRbcX3BceB8Nbqp48Ngzc8DS1y:FB4YLWyX3BceB8lqp48Czc8e1y
MD5:	FD565D5CE04480CC1EEA3A7D86B3AD73
SHA1:	461B369BB06281A0CBDC30A8BCAC4907666EC9C8
SHA-256:	9645B6DE768E7E0F79CFD6B17161CEB3B88E487787DDBBA361BB37A41B255794
SHA-512:	C248C21522B8C5E6C1E0F35322BE57A8197E20D9000367DDDCF3054A81D23857BB65847FED546249158B8B0EBFDE945064D70302035DA1700B65C62590920E52
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterGlobalEnvironmentProperties : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_globalEnvironmentProperties(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"globalEnvironmentProperties", @"http://rtm.drivershq.types/2011/10");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.RuleEngine.GlobalCache.GlobalEnvironmentProperties)o), @"globalEnvironmentProperties", @"http://rtm.drivershq.types/2011/10", true, true);.. }.... protected override vo

C:\Users\user\AppData\Local\Temp\eakxxyqi.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (458), with no line terminators
Category:	dropped
Size (bytes):	461
Entropy (8bit):	5.566973408429978
Encrypted:	false
SSDEEP:	12:p3rfBATz5YkNoT7fBAmL0fdDUrHc9ow16Prfdtn:VL+Tz2kN8f+1fdDqW1crfdt
MD5:	4207857EC359664DD6E809335D258868
SHA1:	D49E53324112D6CB98C8E443B0F23A29BAD918E9
SHA-256:	05B79D9946138C3D4C30B83ACBAD07115631AF5E21F8AC8D32504A91BE564901
SHA-512:	03F93F921482E19F705FD0CE3B206B29D4DB334D96B3F239C0C885AF32013A44BD8A29BE3B08E19BA94E45145A900E50C86462B987C9BA28AD836039383A0C47
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\eakxxyqi.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\eakxxyqi.0.cs"

C:\Users\user\AppData\Local\Temp\eakxxyqi.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (555), with CRLF line terminators
Category:	dropped
Size (bytes):	762
Entropy (8bit):	5.590793232049952
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBATz5YkNoT7fBAmL0fdDUrHc9ow16PrfdtuKai3SGzKIMBj6I5G:T+PxNzdL+Tz2kN8f+1fdDqW1crfdoKao
MD5:	F64E1C499F69A15BDD4AAA21700B3E6B
SHA1:	22AEEF4FE441D23590FDD2F88380EB1E6DE1C4B0
SHA-256:	ADFC29C6BD045A53BDE5C2397461570E2B4FBB698F3EF12CBDB1BEABE799814A
SHA-512:	23CEBA6B69F32CE51AF23B19A1BDC6A48887F7448090965CFAEBC3DA5AF711E493C5BDD8268345CECDA6D416FFB77EB7CD927401000C4083F582147FC7125795
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\eakxxyqi.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\eakxxyqi.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\eg-h6dx3.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	16202
Entropy (8bit):	4.496771042083914
Encrypted:	false
SSDEEP:	192:FB0qrI+OjCvhaEnM50NQTz1lsTXyTceB85qp48Bzc8b:vlrKm0EnMcMxlswceB85qp48Bzc8b
MD5:	4AB90BE389E88339100CB4B83452910E
SHA1:	C8EC8E41062684787C8473544E9583E9B92AFF37
SHA-256:	998908E5DC113AA52E5E5AB27F63F3C19FF217B21FA79F345C1EE7881A797DF6
SHA-512:	E97E8BA551A76A427F528C92F97747DD6D54A26308ECCB02B31C3BC0D3834B0BF3E25F47E0FA2A27B89C7BA326A240E9E52EB395791B8F7013EFB17BDFC187F1
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterBaseboard : System.Xml.Serialization.XmlSerializationWriter {.... public void Write6_baseBoard(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"baseBoard", @"");.. return;.. }.. TopLevelElement();.. Write5_Baseboard(@"baseBoard", @"", ((global::DriversHQ.DriverDetective.Common.Baseboard)o), true, false);.. }.... void Write5_Baseboard(string n, string ns, global::DriversHQ.DriverDetective.Common.Baseboard o, bool isNullable, bool needType) {.. if ((object)o == null) {.. if (isNullable) WriteNullTagLiteral(

C:\Users\user\AppData\Local\Temp\eg-h6dx3.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (460), with no line terminators
Category:	dropped
Size (bytes):	463
Entropy (8bit):	5.572025740784161
Encrypted:	false
SSDEEP:	12:p3rfBA/kNoT7z5YfBAmL0f9+rHc9ow16Prf6A:VL+/kN8z2f+1f+W1crf6A
MD5:	35C9350195EF029805518354B5CA40B9
SHA1:	E6CF6C5A8B895F84CF34B16052939AD02BBAD074
SHA-256:	E1F617456E0213888DF75D0BBDE9D2E3D938019FC9AE16906034519B06833F3F
SHA-512:	AE9F7EE8CB37566584261D91F61532875594F7C778512C8670B2B0794A1FA64C708317BC33D54FC403342CFCB717BC37F8F7642267B9B2F697FFC42B34B0BA4D
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\eg-h6dx3.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\eg-h6dx3.0.cs"

C:\Users\user\AppData\Local\Temp\eg-h6dx3.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (557), with CRLF line terminators
Category:	dropped
Size (bytes):	764
Entropy (8bit):	5.591199775743086
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBA/kNoT7z5YfBAmL0f9+rHc9ow16Prf61Kai3SGzKIMBj6I5BFa:T+PxNzdL+/kN8z2f+1f+W1crf61Kai39
MD5:	3FF4B7F19AB04C7EDBE0682EF0B4F6D7
SHA1:	C18EFB078CBAB91B97CA9B5199ADD19F21AF58F3
SHA-256:	32BA1BDABE75CE53CED66F18BE5960B269764551E734B89522BFCDB54928BC22
SHA-512:	45C1A4A30EC4E4E149D878DFDD38AFE64726E39051F671F6255DFCC79B8A8BB700E3296A992C511F693741C0E409A2ABD4530DDE31C5B9BCFB294BE24217FE92
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\eg-h6dx3.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\eg-h6dx3.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\el0dnk3r.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5848
Entropy (8bit):	4.693106299009774
Encrypted:	false
SSDEEP:	96:Ff5Gdjyj29oOf20YjswcXAiNceB8Crqp48CXWzc8UuXz:FBAD/YjsX9NceB82qp48Hzc8bXz
MD5:	1A61FAC1B5C955A442F2E9AFC2527A2D
SHA1:	CF9A2191C3114BD1CEFEB2C6C8E9C5A5EEA5857D
SHA-256:	A0455984A8EC56D7DD3605971BC928811EECF0AB184DC6CD7CE76BBE671506BC
SHA-512:	375343C481E65597720138CCEA582EEA1828C985086B807EAFAC0953109F3B742281DA2E1A3E17A9E4272605CD1E2A9276C9FC0DC868B3422D80EA5ED63541BD
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterTrigger : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_trigger(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"trigger", @"http://rtm.drivershq.types/2011/10");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.RuleEngine.Types.Trigger)o), @"trigger", @"http://rtm.drivershq.types/2011/10", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderTrigger : System.Xml.Seri

C:\Users\user\AppData\Local\Temp\el0dnk3r.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (458), with no line terminators
Category:	dropped
Size (bytes):	461
Entropy (8bit):	5.541465835160375
Encrypted:	false
SSDEEP:	12:p3rfBATz5YkNoT7fBAmL0fAB1D+rHc9ow16PrfAB1P:VL+Tz2kN8f+1fAB1DYW1crfAB1P
MD5:	4BAB43755F3FE3AAEBDDB379C4AD7868
SHA1:	7363A9777D0A7EC80A18647EB440329950F6F871
SHA-256:	E787A3C9E3B8B0A4DE0E6C0F7857147F7D482A23456CE8CE5290560C2E3ED4EE
SHA-512:	7FAE1DBB7D343E710AA7CBCED6103FFC357F18D4E8635144BB7EE9DEF9C589ADF7A38941EE5B40CB74ABB587D6743EFCA4CE1190E0E92EE111F0BC28E976639A
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\el0dnk3r.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\el0dnk3r.0.cs"

C:\Users\user\AppData\Local\Temp\el0dnk3r.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (555), with CRLF line terminators
Category:	dropped
Size (bytes):	762
Entropy (8bit):	5.572859593819101
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBATz5YkNoT7fBAmL0fAB1D+rHc9ow16PrfAB12Kai3SGzKIMBjS:T+PxNzdL+Tz2kN8f+1fAB1DYW1crfABZ
MD5:	ABBF81841D4454A63E4A66D4EBB0B781
SHA1:	0E602D31510BB29B19C8075466EE3EEF4B150ABA
SHA-256:	B34A9064F5BE75905A893187E9573D6F06B6FE67EBEFA120722015B966814493
SHA-512:	69625CEA041ADDBD36C6D4F126B3BC91EA6684199134321024F763392D43C6FDBF12614F4686321F49BA4A925CBFC47F47575AF18A19566B53A6513CFAB7562E
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\el0dnk3r.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\el0dnk3r.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\elkbkrcx.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (453), with CRLF line terminators
Category:	dropped
Size (bytes):	6634
Entropy (8bit):	4.729332548767314
Encrypted:	false
SSDEEP:	96:Ff56jEj2Fo0hkO4axWScXptceB88Dqp488qzc82C:FB6dEaxUXptceB8Eqp48hzc8H
MD5:	DA51EE4F7615DE1F11E0F715ACBF50BF
SHA1:	B1ED43016939B486E41954FADA9866DE3359C862
SHA-256:	DB9A93FA6E49BF2E09673386A9C4992CB5385011E6496A1F03C7CF2B4C2624EF
SHA-512:	7FEEDD082B35C3141CEBE49DC8041910F5F91830F8A7AC8BD5F6EDC6A173021C2140F437D9492338EE90FF553584D7E8BEA18711EFCDCE4F7DFCB01A682DEECC
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterRuleHistoryController : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_ruleHistoryController(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"ruleHistoryController", @"http://rtm.drivershq.types/2011/10");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.RuleEngine.Controllers.RuleHistoryController)o), @"ruleHistoryController", @"http://rtm.drivershq.types/2011/10", true, true);.. }.... protected override void InitCallbacks() {..

C:\Users\user\AppData\Local\Temp\elkbkrcx.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (458), with no line terminators
Category:	dropped
Size (bytes):	461
Entropy (8bit):	5.5469782621409065
Encrypted:	false
SSDEEP:	12:p3rfBATz5YkNoT7fBAmL0fy/rHc9ow16Prfy6:VL+Tz2kN8f+1fybW1crfy6
MD5:	C2C80AFDC415936C5CF40B3B66CD85F2
SHA1:	350804DE9015552BE58DF6CCB24777DF1461DFD2
SHA-256:	C88B56E60C090BF22545964315B34F9E8EF97EFD361DEA4CC63DB21FA2117C9F
SHA-512:	34D9102B060A5A041F3D14A4E692BD899370CCE7E24B61C327EFBCD5DBF300F6ECFACAB25B32FBE294BCF0DD5705D207000F5C6E18D6C82F4A787D0C269F6DD0
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\elkbkrcx.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\elkbkrcx.0.cs"

C:\Users\user\AppData\Local\Temp\elkbkrcx.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (555), with CRLF line terminators
Category:	dropped
Size (bytes):	762
Entropy (8bit):	5.576983334669202
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBATz5YkNoT7fBAmL0fy/rHc9ow16PrfyzKai3SGzKIMBj6I5BFa:T+PxNzdL+Tz2kN8f+1fybW1crfyzKaiN
MD5:	534A58C0CBED26504B0C6F979B0B0A9D
SHA1:	EE74A41EF51EB2D20CE724FAC0DFC3454FD91DF8
SHA-256:	889576AEC61CB49C5A2EA97CACF92BE1907311EB951170EF8AA89B633CAB084A
SHA-512:	94CB3E0A27A43FFF09014669EA19A638464CB718D4CAAFBA757535FCF8294C8C681D784DBC254C6BA62605FC16C606F2DDD63D56A7014B006BE3AF2CF5A9D6DD
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\elkbkrcx.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\elkbkrcx.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\eqfsbx8e.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	192842
Entropy (8bit):	4.856343491980059
Encrypted:	false
SSDEEP:	384:vyxexolVV9rkkQ1oQ+xexokcFScFS5zWbcFMV3lqObkfzXXqpx/jYw5QxF3YT1pT:vyAQdrAfHYX3lca
MD5:	523395E9E0DEAB6F923346863271C188
SHA1:	7E084770E7A2B89A5D24FF2BB9B630507E54ABE8
SHA-256:	9982C0B56CD71C0A4FCC34ACC61899C4E9A133BEECAA63C3B32BE0500357D13F
SHA-512:	777E585F08B6B21AD8B8EA076A3250736014E637BD51C7E0D5CE38A6C98D8E89E7C7515CC53DC883BD21F821FD9DB97212501EA393CD374A4358771575B49CE4
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterDDManufacturerService : System.Xml.Serialization.XmlSerializationWriter {.... public void Write7_Item(object[] p) {.. WriteStartDocument();.. TopLevelElement();.. int pLength = p.Length;.. if (pLength > 0) {.. Write5_DefaultHeader(@"DefaultHeader", @"http://webservices.drivershq.com/2011/12/manufacturerservice", ((global::DriversHQ.DriverDetective.Client.Communication.WSManufacturer201112.DefaultHeader)p[0]), false, false);.. }.. if (pLength > 1) {.. Write6_EncryptionHeader(@"EncryptionHeader", @"http://webservices.drivershq.com/2011/12/manufacturerservice", ((gl

C:\Users\user\AppData\Local\Temp\eqfsbx8e.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (681), with no line terminators
Category:	dropped
Size (bytes):	684
Entropy (8bit):	5.522425638814063
Encrypted:	false
SSDEEP:	12:p3rz5YkNoT7XL1862fBAqUNvwfNArHc9ow16PrfNLGA:VX2kN8bkf+qDfNGW1crfNLGA
MD5:	D8385B2BD9EECB2612EBF95D396B22B9
SHA1:	E93DB4F794ED31BE055FB514FE43242756F4556B
SHA-256:	9B3B56B3205700E7302CB3740FD0048F8667ED547BA0C06537D89F950758FC75
SHA-512:	06111D7BC6B1DF9689EBDF18A83B0C30B1287584E9A71A7036AFE622F31752AC6D11576BEE19AE88031B9387BAB205C6FFC02DE7647C0A4AEC01669B5DB21C63
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Communication.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /out:"C:\Users\user\AppData\Local\Temp\eqfsbx8e.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\eqfsbx8e.0.cs"

C:\Users\user\AppData\Local\Temp\eqfsbx8e.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (778), with CRLF line terminators
Category:	dropped
Size (bytes):	985
Entropy (8bit):	5.591267279636605
Encrypted:	false
SSDEEP:	24:T+PxNzdX2kN8bkf+qDfNGW1crfNLG1Kai3SGzKIMl6I5Dvy:Tcxb2kWbkfxDNL1qNy1Kb3xKxl6I5Da
MD5:	0726C4EB7F39BADAB3FAF06FB7D4C50F
SHA1:	6B73A95D7A6DEF01F5D7C677BD4D77C9DBA87C85
SHA-256:	43E5B6BB7E33B4416BDD4D31FD3035546E58C75BFED0AE436AEED1E293FD77F7
SHA-512:	266962A573FFF8FC4FC78F9E5F102FC46D0CB6539DCEC96BBD5926680B1A952464D010CF29990396174EAA942620B860F4BB98CDCB7E7C65ACDFBC97DF3E5B1B
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Communication.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /out:"C:\Users\user\AppData\Local\Temp\eqfsbx8e.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\eqfsbx8e.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\eudbxj3q.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (1098), with CRLF line terminators
Category:	dropped
Size (bytes):	124067
Entropy (8bit):	4.59519399275511
Encrypted:	false
SSDEEP:	1536:vq2Aw2mKzECWwl8CqdIUjPDoYMtDY/w2fsv+h:XCqdrf
MD5:	0E28ACC7198ED786666B211EEF914D72
SHA1:	CF3326FBAC64BCC7A66C11BA3E591B4A96F456E9
SHA-256:	2335EE18FEF3264BB1148D985EED34442599B302D695286C5D22CB9CC32FC68F
SHA-512:	C9E9BE621DB77DE916BB51D9CA1AFFE7591D40493DA4FFC2C027A4FD6F1D16FEC8BD91ADA0120634B8AEB4F63D35F997A427F501B84E7C3845FA385EDA5B77B5
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterWhiteLabelMetaData : System.Xml.Serialization.XmlSerializationWriter {.... public void Write12_WhiteLabelMetaData(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"WhiteLabelMetaData", @"");.. return;.. }.. TopLevelElement();.. Write11_WhiteLabelMetaData(@"WhiteLabelMetaData", @"", ((global::DriversHQ.DriverDetective.Common.WhiteLabelMetaData)o), true, false);.. }.... void Write11_WhiteLabelMetaData(string n, string ns, global::DriversHQ.DriverDetective.Common.WhiteLabelMetaData o, bool isNullable, bool needType) {.. if

C:\Users\user\AppData\Local\Temp\eudbxj3q.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (460), with no line terminators
Category:	dropped
Size (bytes):	463
Entropy (8bit):	5.564264125139598
Encrypted:	false
SSDEEP:	12:p3rfBA/kNoT7z5YfBAmL0fJln0rHc9ow16PrfJ/:VL+/kN8z2f+1fXKW1crfh
MD5:	48A60D6D87F02948E831136351E6056A
SHA1:	35843C34826BCE96AB6F6431683A08A612C07A9B
SHA-256:	F08104FC051965729971526097D5089C719A2074D7DB0506CEEA2B190FCD04CD
SHA-512:	A8D9B26AE643620B487420F9345F19414E08DAA9A8D3DA8F23F99D4E37EE0E5B65FB42A018D9750E0F07C5EE6E46A9DE0BED4206BD45E18841929B22A5DE59C2
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\eudbxj3q.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\eudbxj3q.0.cs"

C:\Users\user\AppData\Local\Temp\eudbxj3q.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	57344
Entropy (8bit):	4.565208266071057
Encrypted:	false
SSDEEP:	768:FkWRorSCLg2mSbazAbM4jUy1XDv/wP8gukgS9dAO:FkWGrSug2dbA444Uz7KO
MD5:	4C83A1F257BD1C7754525ECDD06228E8
SHA1:	80CF72D964A4889065C7394974477EB7A80ED4A9
SHA-256:	CA54D1B3D8D35C2DF078E4D3DBE2456E719146F60C737765A3A7641AC0634F4C
SHA-512:	A79D60B1F7BF0027657CDFD50AA6855261A2AB08F10FA30B147AA24A4F61D124C81CCAF7C1ADA355ADB2DBE1CDE3F5869D84C05C381602A17129628AAF540693
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f...........!......... ........... ........@.. ....................... ............@.................................@...K.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\eudbxj3q.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (557), with CRLF line terminators
Category:	modified
Size (bytes):	1171
Entropy (8bit):	5.549039071023537
Encrypted:	false
SSDEEP:	24:T+PxNzdL+/kN8z2f+1fXKW1crfEKai3SGzKIMl6I5Dv1+fI1Rff17fJ01A:TcxHukWz2fgXn1qEKb3xKxl6I5DwI1Jn
MD5:	BAF14405C37335D9B9A4D93B212EDC7F
SHA1:	48D9D84AF5188C253D8B300EFE925C177A063647
SHA-256:	05B0FF288BC0B22EE6451B40814998B3876A1224FF19FD9126EB538ED2A2015C
SHA-512:	14B13CE9F4CD959EFFCC6F89ACC1D5F20C01FF20370D9390C7C2C46BF1BD2F3146C137A69F6937F550BDCC4344FB8AAE70B59ADBDCCDA3DD7B1D3991B9FC958E
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\eudbxj3q.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\eudbxj3q.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....c:\Users\user\AppData\Local\Temp\eudbxj3q.0.cs(870,18): warning CS0219: The variable 'isNull' is assigned but its value is never used..c:\Users\user\AppData\Local\Temp\eudbxj3q.0.cs(1123,40): warning CS0219: The variable 'a_16' is ass

C:\Users\user\AppData\Local\Temp\fdkusb_u.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5740
Entropy (8bit):	4.68261473837956
Encrypted:	false
SSDEEP:	96:Ff5Ij0joUETo4YTmacXJvceB8AE0qp48AE3zc86Ex:FBwZYT2XJvceB8Aqp48rzc8/
MD5:	7FC7E116F05BE78862EDE6771F427DB3
SHA1:	61594DFB01F0B0854F279FE9F2926534D5721375
SHA-256:	F955B0B0FF1A244B832B92D9EF4B7AFD8465B1583B40F778708AF1B966187DB9
SHA-512:	362D2C87C6B7FCA194A33957128E8C93EDF353CFFD39AF536892F11EE86F0C7D8FC51D82E5B44BB80D4308A9D8B4011DF4358C88E8FA42A3D429616F141DD450
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterRule : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_rule(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"rule", @"http://rtm.drivershq.types/2011/10");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.RuleEngine.Types.Rule)o), @"rule", @"http://rtm.drivershq.types/2011/10", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderRule : System.Xml.Serialization.XmlSeria

C:\Users\user\AppData\Local\Temp\fdkusb_u.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (458), with no line terminators
Category:	dropped
Size (bytes):	461
Entropy (8bit):	5.550540263020457
Encrypted:	false
SSDEEP:	12:p3rfBATz5YkNoT7fBAmL0fm0rHc9ow16Prf+xn:VL+Tz2kN8f+1fmKW1crf6
MD5:	05839C2B6A527137428885620C371C88
SHA1:	9DE6B6DDE43A6A83AD6B196A106EFD5F67C47B77
SHA-256:	722997640B9C4397F7D5B42DBF27883818F21D3682D39A9DEEEBD6DBAF127A27
SHA-512:	F2C15BCD26A954572D8D75C5A9DFCD734F07CFEF2CEDDFA7739D7949B3680F9E6C935DCCD2ADD14069AA47027BEBBFEA17A864E6A8ADB164BF80EDDE3EFD688A
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\fdkusb_u.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\fdkusb_u.0.cs"

C:\Users\user\AppData\Local\Temp\fdkusb_u.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (555), with CRLF line terminators
Category:	dropped
Size (bytes):	762
Entropy (8bit):	5.582448062856739
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBATz5YkNoT7fBAmL0fm0rHc9ow16Prf+xuKai3SGzKIMBj6I5Bo:T+PxNzdL+Tz2kN8f+1fmKW1crfzKai39
MD5:	122BA0958CE4D99C7E868C0AB1E24115
SHA1:	CA79EB0C9B28259933B3E70FC58A3E1854AB81F8
SHA-256:	2851BE41C235B91BFC49BEDC457566EDDD2928B6517D110CF83E6590F3A60593
SHA-512:	DE4131B21739F4C277CD01A23558243FE18E4DE935D32A4E1B12B358F236BD7993360FD396B4800B31542B1E17486502FD9C9127D30E6490832036FDA4ED70E4
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\fdkusb_u.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\fdkusb_u.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\g3zgyoyo.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	12748
Entropy (8bit):	4.476990340668383
Encrypted:	false
SSDEEP:	192:FBIlJMjxIn7wnXWg0OPZ4bXyinkceB8Hpqp48hzc8X:v+MLZ4/nkceB8Hpqp48hzc8X
MD5:	28985142BDD479D06E3B47E03EB17FF4
SHA1:	A009C3233EBCFBD72207F8DF0E6D3CAAD1BBA283
SHA-256:	A51F2CFDDEE9AB80E61121174C389E06343EF2D3F9D6952B44EAE1A762C0EDAC
SHA-512:	CC425994AFEEBDF79E9CEF9650B2A8D17143313E794C3B21609BAE55DCE5D5F50205307BCD46C66752DFF731F52216424543ED57CAB07678F15EA9DEABB8E012
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterMachineImageContent : System.Xml.Serialization.XmlSerializationWriter {.... public void Write6_machineImageContent(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"machineImageContent", @"");.. return;.. }.. TopLevelElement();.. Write5_MachineImageContent(@"machineImageContent", @"", ((global::DriversHQ.DriverDetective.Common.MachineImageContent)o), true, false);.. }.... void Write5_MachineImageContent(string n, string ns, global::DriversHQ.DriverDetective.Common.MachineImageContent o, bool isNullable, bool needType) {..

C:\Users\user\AppData\Local\Temp\g3zgyoyo.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (460), with no line terminators
Category:	dropped
Size (bytes):	463
Entropy (8bit):	5.545718932168225
Encrypted:	false
SSDEEP:	12:p3rfBA/kNoT7z5YfBAmL0fRKZUrHc9ow16PrfRK7H:VL+/kN8z2f+1fRLW1crfRK
MD5:	FF9641F33F8A1C5A875B2B8B3F2E7575
SHA1:	74A554188CBC1DDA12C03E5778C79A27452167BB
SHA-256:	6CA03305AAF1621789A2A59E3A7EE6E395738BDD9DCE44FB25E65E698FD97790
SHA-512:	B3B71C3DAF05F6ADB8E7E377284DE3EBA4AB33F13C0A640CFCFFA03AB5C78E9C7CE6127F819368166BBAC0E9EE6DBD0A2CCBFBED28D383F1D2F5DD9DC35130DD
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\g3zgyoyo.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\g3zgyoyo.0.cs"

C:\Users\user\AppData\Local\Temp\g3zgyoyo.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (557), with CRLF line terminators
Category:	dropped
Size (bytes):	764
Entropy (8bit):	5.580747547188879
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBA/kNoT7z5YfBAmL0fRKZUrHc9ow16PrfRK7OKai3SGzKIMBj6v:T+PxNzdL+/kN8z2f+1fRLW1crfRDKaiN
MD5:	162EEC19D370D47262D5A4751CBA474E
SHA1:	B0A9C95F3F16D3189B323A15554EF4FF45CFF708
SHA-256:	68691E4FB62E5E8D3A79F8B4AB9E8927ED1C4554D507995728CA82175EFF75A1
SHA-512:	F5B210FAC3C822AD61E973E5AA9430C1605E067888C4E972AE7F3F2D21166E17F631520750284645E764A658F405DD4D1FBEEB57F551AA5BEDF21642F288AC52
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\g3zgyoyo.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\g3zgyoyo.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\gfpgz2jt.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	15410
Entropy (8bit):	4.789733695034291
Encrypted:	false
SSDEEP:	192:FBHbvcFadeQYnm+W9FX5TceB8wqp48Pzc8r:vjcFadejW9HceB8wqp48Pzc8r
MD5:	DABBE13E0C202CB9E8BCCB01606E2B04
SHA1:	E54EEB75F0DD71994471874A0A363BF4D6041A3F
SHA-256:	A633B06F39923FD18E95F0F5BF6BCEBFFF204D5234ED1380EFF43602F38CCF5B
SHA-512:	A88198BE0074BCF14D79678F783E30BB3F91D8D4691E6F3F7E4668ABA5139A4FB1C5D9523292D087C42DBCD6122791DF0682861DABDC335F8EDE569A44409D22
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterRegistrationHeader : System.Xml.Serialization.XmlSerializationWriter {.... public void Write5_RegistrationHeader(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteEmptyTag(@"RegistrationHeader", @"http://webservices.drivershq.com/2011/12/miscservice");.. return;.. }.. TopLevelElement();.. Write4_RegistrationHeader(@"RegistrationHeader", @"http://webservices.drivershq.com/2011/12/miscservice", ((global::DriversHQ.DriverDetective.Client.Communication.WSMisc201112.RegistrationHeader)o), false, false);.. }.... void Write4_RegistrationHeader(string n, s

C:\Users\user\AppData\Local\Temp\gfpgz2jt.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (517), with no line terminators
Category:	dropped
Size (bytes):	520
Entropy (8bit):	5.563293364443699
Encrypted:	false
SSDEEP:	12:p3rz5YkNoT71862fBAVfUrHc9ow16PrfR:VX2kN8kf+VfqW1crfR
MD5:	CCB8C6AE319422DCE335B9DC466F1421
SHA1:	8C5BE28CC5A7FB45466E96FE13BED6912217950C
SHA-256:	0D479424E8A3D495353C54C49C5566EF37F80D57EC188019BFC5EB5FFBA3F85F
SHA-512:	180207614923F84B38FDEE78C1DB0951F25EAC3417D0A613C0E46AF0D51B1E8CE17F5819C1F4DDC9879251B6A2FB849AC576C5CFE755C967694441D0547DE7D6
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Communication.dll" /out:"C:\Users\user\AppData\Local\Temp\gfpgz2jt.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\gfpgz2jt.0.cs"

C:\Users\user\AppData\Local\Temp\gfpgz2jt.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (614), with CRLF line terminators
Category:	dropped
Size (bytes):	821
Entropy (8bit):	5.600514734746215
Encrypted:	false
SSDEEP:	24:T+PxNzdX2kN8kf+VfqW1crf0Kai3SGzKIMl6I5Dvy:Tcxb2kWkfWH1q0Kb3xKxl6I5Da
MD5:	5C778E25A1A98AFC039BF553682655AA
SHA1:	00B4EDA92DEE9F32EED04D044C3CAACEF5B71C63
SHA-256:	3EEC5993B42A30EDFE5A7DBE62F2A31AD2F995BB813E334F2C5B3F27347CD42A
SHA-512:	BA9D10A49E6A9EF38A43EAF138FE1F09C9C26C686025F76F90910743A6A19A30D644AA1957B95754705F3BA04A058225FB51ABE14A61CF2BE877B31690E40990
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Communication.dll" /out:"C:\Users\user\AppData\Local\Temp\gfpgz2jt.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\gfpgz2jt.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\j12i-fj-.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	340645
Entropy (8bit):	4.845441005715548
Encrypted:	false
SSDEEP:	768:vJLP0Q0itOae/CwAg68faeT6yGICYX/2lay6+:vNeqFlU+
MD5:	05A46C36B996ADCDF13ED3241D43A7BD
SHA1:	9E61305489F0B59534D1160AD396AE094EC02257
SHA-256:	AC3D309532F0DF28C440CEB07E6BFB56D2B410665DDC4C49CC2D470483461F74
SHA-512:	03BADCA71A665A43EC6ABEF77776BF486911117F4824FF0120A82171E41816DA38A6D89CC5E56F2C9BDDC24B313D489B634259417CEC14BA24B11EA292E4BFA6
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterDDDriverService : System.Xml.Serialization.XmlSerializationWriter {.... public void Write8_GetSupportMetaDataInHeaders(object[] p) {.. WriteStartDocument();.. TopLevelElement();.. int pLength = p.Length;.. if (pLength > 0) {.. Write3_DefaultHeader(@"DefaultHeader", @"http://webservices.drivershq.com/2011/12/driverupdateservice", ((global::DriversHQ.DriverDetective.Client.Communication.WSDriver201112.DefaultHeader)p[0]), false, false);.. }.. if (pLength > 1) {.. Write4_EncryptionHeader(@"EncryptionHeader", @"http://webservices.drivershq.com/2011/12/driverupdateser

C:\Users\user\AppData\Local\Temp\j12i-fj-.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (681), with no line terminators
Category:	dropped
Size (bytes):	684
Entropy (8bit):	5.540038000953829
Encrypted:	false
SSDEEP:	12:p3rz5YkNoT7XL1862fBAqUNvwfErHc9ow16PrfjLBHn:VX2kN8bkf+qDf6W1crf3BH
MD5:	2D65363A7BDA56AE0DA6A4EF95D34E6A
SHA1:	EC483D60D1D516C6FCB60A5E31C9BCF23897C0D7
SHA-256:	3EA1C439F24F0E3FC757038BD9334D6E63D1E06A5374023B6E63995DB6A501A1
SHA-512:	6AC02CE707E84A82DE5F83D709EA7A7E8DF67779A10C18EF26D91374CBFC5B8B247DA7FE1A329933AD6D9D52A4A41A18076960602944D19A0949A1698016319A
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Communication.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /out:"C:\Users\user\AppData\Local\Temp\j12i-fj-.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\j12i-fj-.0.cs"

C:\Users\user\AppData\Local\Temp\j12i-fj-.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	147456
Entropy (8bit):	4.470414665135819
Encrypted:	false
SSDEEP:	3072:vBA0OLNwOcAlf/YojMMthKM2+kISMsnl6UsvMZd5uY9zpXKeqmDqMrny60cWLNwu:K0
MD5:	3D05B69A93450ED3FACE1FD6DBDB735B
SHA1:	9FBC5197A497AA78A4EA80B9522239D6172F22A6
SHA-256:	D044212B9AFDD3BD33ABA6CF974B6F7B9EECFA05498BB382E9F0ED6F4C9F5D20
SHA-512:	3D9A10DD259E00664A299CC019C34A0418FCCC88E2D9A233B231FC66E1098B6458BB69712E9E90CB6CD81A0D43A38242E45EFA94C7A24313A0B692B526821D7D
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f...........!......... ......~'... ...@....@.. ....................................@.................................$'..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@....... ..............@..@.reloc.......`.......0..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\j12i-fj-.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (778), with CRLF line terminators
Category:	modified
Size (bytes):	985
Entropy (8bit):	5.6021479775500875
Encrypted:	false
SSDEEP:	24:T+PxNzdX2kN8bkf+qDf6W1crf3BOKai3SGzKIMl6I5Dvy:Tcxb2kWbkfxDX1qkKb3xKxl6I5Da
MD5:	41B31998A9788A677239DDFE2E1CE46C
SHA1:	FEEA830C8D7FB71F5F9104C49490ADF22DED28EE
SHA-256:	AD507CAC1A2A677F0C2EDACE4D9C1DAEF83932C042FD35DBC7DEFDD6D1F92A8C
SHA-512:	05251E38B043F5D3B27EA380AF3315BB2D64C7FB7A147A12AEC8226C48BE239202909C407C287D2E753A7F964AD0D6227003C737F7E28F76EE457C327FB71B85
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Communication.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /out:"C:\Users\user\AppData\Local\Temp\j12i-fj-.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\j12i-fj-.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\jgyhajkp.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5920
Entropy (8bit):	4.696006053616094
Encrypted:	false
SSDEEP:	96:Ff5ejjjakPnmWvCPtcXT/lceB8/Xqp48/4zc8Fn:FBWxvCiXT/lceB8vqp48wzc8p
MD5:	2CE8118BD23B44092811F444B1A866C8
SHA1:	89D4C17B5B15FF6D685CA0637BD680E61B09C14C
SHA-256:	1028293B9A89CF8B9A29F16A5B3E9DA3CDC802883526F4D4EDCD37CBF5709D96
SHA-512:	2207B69DDB7E734EB7ED136CB58181CA987B06094244144F8B0559BB8FA03A90ECA2234F553603D134382C0FD1169302094AD3B49393975CD16343CC2E5ED369
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterCondition : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_condition(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"condition", @"http://rtm.drivershq.types/2011/10");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.RuleEngine.Types.Condition)o), @"condition", @"http://rtm.drivershq.types/2011/10", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderCondition : Sys

C:\Users\user\AppData\Local\Temp\jgyhajkp.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (458), with no line terminators
Category:	dropped
Size (bytes):	461
Entropy (8bit):	5.576154518661516
Encrypted:	false
SSDEEP:	12:p3rfBATz5YkNoT7fBAmL0frIrHc9ow16PrfrF:VL+Tz2kN8f+1f6W1crfB
MD5:	2ADA11141074CBC6C82133DAE5E82047
SHA1:	D40CE4A10D5D55A3B4E92A43BA0C90A6F7F39A4D
SHA-256:	C5A0F5A6596781A3AF077E9D5182EA4BA573FBFF782664FEA593F8012431D5A7
SHA-512:	4CC4EA976E68115C9D69756FC0E12EB6D7CA8CE0575DEDAF538EB65F3B3B93C630F6AC47750DAE781E895E22B156CC5AD2E74D6836F6D5AACEB2CCD3FA3E7A65
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\jgyhajkp.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\jgyhajkp.0.cs"

C:\Users\user\AppData\Local\Temp\jgyhajkp.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (555), with CRLF line terminators
Category:	dropped
Size (bytes):	762
Entropy (8bit):	5.595877655081974
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBATz5YkNoT7fBAmL0frIrHc9ow16PrfrgKai3SGzKIMBj6I5BFa:T+PxNzdL+Tz2kN8f+1f6W1crfkKai3S8
MD5:	0C57E4EC1E8F90249B7F7E86DBB8F499
SHA1:	900998A6CF20A0A98629E5E0959236989ABCE2C3
SHA-256:	37F6317B8A3485861A579F6616041A795DDAC0A31BCE4970C7DEFC8FE7A41C2B
SHA-512:	296EEA4178631DFB8267C746F9DCF99731E9D386B674B4B3AD7DE201D92554E7E6C20E848A0D77BB34D467CEFDDFB5BC9239FA6638D8EF9316A467E8620FDFBF
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\jgyhajkp.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\jgyhajkp.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\k8kczfez.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	10743
Entropy (8bit):	4.573255135173306
Encrypted:	false
SSDEEP:	192:FBVCLAyI4YmBNrmrXujceB8Pqp48Hzc8f:vaI8rmsceB8Pqp48Hzc8f
MD5:	E5866B81E78BB7EEA775CA80254FC80C
SHA1:	67031EC9A76AE77A3C6B3DADA9D5D6D978FB8206
SHA-256:	84085552594696033E888136CD503CCA4158C06DC405CB6C68049458912DBCE5
SHA-512:	C9AD254571952092D938B966192748742DBB4ED7040DC2F05BD3895ED2902F3E7CA220D5BAED686A25A4ED24FF688B7F52B1DDC99915436EFAE797BB6E458458
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterInstalledAV : System.Xml.Serialization.XmlSerializationWriter {.... public void Write6_installedAV(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"installedAV", @"");.. return;.. }.. TopLevelElement();.. Write5_InstalledAV(@"installedAV", @"", ((global::DriversHQ.DriverDetective.Common.InstalledAV)o), true, false);.. }.... void Write5_InstalledAV(string n, string ns, global::DriversHQ.DriverDetective.Common.InstalledAV o, bool isNullable, bool needType) {.. if ((object)o == null) {.. if (isNullable) Writ

C:\Users\user\AppData\Local\Temp\k8kczfez.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (460), with no line terminators
Category:	dropped
Size (bytes):	463
Entropy (8bit):	5.565188736153789
Encrypted:	false
SSDEEP:	12:p3rfBA/kNoT7z5YfBAmL0fRB0rHc9ow16PrfRb:VL+/kN8z2f+1fRBKW1crfRb
MD5:	BBE8548C4AA4C6FB90F966775D9BF00B
SHA1:	B3FE85BA3E38F7D470F1A85577AECE9C01DA5CCC
SHA-256:	E44CAB53E0CF3ECEB61C04F3E2909773939A3746BB23DF5DD2C20033DCD78126
SHA-512:	BA3C1ACEEDE226FF190587253405E14765DA035E9A670A7B8BD8B8B8BA645D8B8EEDB11D4C640756ABFEA385800C94E5671C2B52E6C64EEC35133F9A20E852DD
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\k8kczfez.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\k8kczfez.0.cs"

C:\Users\user\AppData\Local\Temp\k8kczfez.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (557), with CRLF line terminators
Category:	dropped
Size (bytes):	764
Entropy (8bit):	5.588265777156455
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBA/kNoT7z5YfBAmL0fRB0rHc9ow16PrfRaKai3SGzKIMBj6I5Bo:T+PxNzdL+/kN8z2f+1fRBKW1crfRaKao
MD5:	E046E3365D428C18C8997D3D1223D007
SHA1:	EE8A3D856CE7507E7AC4B28F9DBC89BA11D6D7F7
SHA-256:	6A79A00BBCC9BCC44BC332AA6FA0A82C1286BDBC381F57344692F942ACD9541F
SHA-512:	2B162483141E3DE90631DC4B6A1C4BD1DF19F33F9737B6D696C355786028808F05BAE67CC1AF69299504742EAC1A6EC8B94D5ACC2B52545E33BF47177F769D84
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\k8kczfez.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\k8kczfez.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\kbnqt6lt.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	13706
Entropy (8bit):	4.418806165035206
Encrypted:	false
SSDEEP:	192:FBXd2hUyb2NBWnYsnVx2+zCIzouEHEY5YRBXGPceB8xqp48pzc8L:vtXIsuS5Y4ceB8xqp48pzc8L
MD5:	86BFA3B1CC996B1F58DC5DDA5AC22D1B
SHA1:	3D6628E80A6A04E6453D2010D49063D61EC23664
SHA-256:	BE8C7FEA7B2456B1032A190BC528DE371AD1E11AA8D60B3849D0D97295694A78
SHA-512:	FA54C7221417D08CA4D8DF9056EBA47EBF876CA18DB4093DC872EE0115D191453F3B8D1AD0D4BED6E3C747DF866978C928BB9EDEA1259EEA0E57F8AA2324D962
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterComputerSystemProduct : System.Xml.Serialization.XmlSerializationWriter {.... public void Write6_computerSystemProduct(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"computerSystemProduct", @"");.. return;.. }.. TopLevelElement();.. Write5_ComputerSystemProduct(@"computerSystemProduct", @"", ((global::DriversHQ.DriverDetective.Common.ComputerSystemProduct)o), true, false);.. }.... void Write5_ComputerSystemProduct(string n, string ns, global::DriversHQ.DriverDetective.Common.ComputerSystemProduct o, bool isNullable, bool needTyp

C:\Users\user\AppData\Local\Temp\kbnqt6lt.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (460), with no line terminators
Category:	dropped
Size (bytes):	463
Entropy (8bit):	5.54542378331588
Encrypted:	false
SSDEEP:	12:p3rfBA/kNoT7z5YfBAmL0fKuCrHc9ow16PrfKuH:VL+/kN8z2f+1f98W1crf9H
MD5:	2C7840BAA0153CC79E359F09DDDCABCF
SHA1:	0F81597C799F3D7F32B0EC1AAAA3AD2890EAE16B
SHA-256:	8DFCC32D6C1D618D941030E6CA9083D7C2F6DA2545808E0560907405A9720809
SHA-512:	0A81C88B23BC82A490A47AA90F0A1E82A5533BCDF839BEF6F09E64F7A2908DA51498964F0C63C8ECA80352D22F94A2FB6CC34001BC2DFD3301F083B2F3924058
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\kbnqt6lt.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\kbnqt6lt.0.cs"

C:\Users\user\AppData\Local\Temp\kbnqt6lt.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (557), with CRLF line terminators
Category:	dropped
Size (bytes):	764
Entropy (8bit):	5.580402639810597
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBA/kNoT7z5YfBAmL0fKuCrHc9ow16PrfKuOKai3SGzKIMBj6I5G:T+PxNzdL+/kN8z2f+1f98W1crf9OKaiN
MD5:	D5F1D65EA15B47947E18331E1A0229A1
SHA1:	9B8BE357643CBFCD3DEA82A32255BAB33FDC2F45
SHA-256:	71799BEB9D372F951B7F5CDA29A4338E39CF055D58684710F0324A2C67940B9C
SHA-512:	8199643A0C25BC2E225F990F521949FB467677B74E72DF5CCCB893A0602504A1AB052CFB2E8740FEF1CB0E2657E7059E643CD13B4B84105A66160EEBDEF257A9
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\kbnqt6lt.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\kbnqt6lt.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\kix02kjb.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (323), with CRLF line terminators
Category:	dropped
Size (bytes):	17904
Entropy (8bit):	4.576211160691455
Encrypted:	false
SSDEEP:	384:YcWJ2lg7EFOGEFOKfFkcceB8jgqp48jUzc89F:YWg7AM
MD5:	1E0DAA2AFB46CC3ED210D700127928C4
SHA1:	2F93BC3F42A53F49F1411796AF76785AD1A857C7
SHA-256:	396939402896E762FD8447196132CA25E9961221EFEC1DAD12E6D7AA83A48E99
SHA-512:	0F74450E291061C5E1DDAE30FD722728607AF0D3E12779336C279A1207C7985DA7B60A23DB41EA27A7D8895509BBF8F09B11BB8A776951091A180065E42CDEC7
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("2.0.0.0")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterList1 : System.Xml.Serialization.XmlSerializationWriter {.... public void Write7_drivesInfo(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"drivesInfo", @"");.. return;.. }.. TopLevelElement();.. {.. global::System.Collections.Generic.List<global::DriversHQ.DriverDetective.Common.DriveInformation> a = (global::System.Collections.Generic.List<global::DriversHQ.DriverDetective.Common.DriveInformation>)((global::System.Collections.Generic.List<global::DriversHQ.DriverDetective.Common.DriveInformation>)o);.. if ((object

C:\Users\user\AppData\Local\Temp\kix02kjb.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (460), with no line terminators
Category:	dropped
Size (bytes):	463
Entropy (8bit):	5.561912958442224
Encrypted:	false
SSDEEP:	12:p3rfBA/kNoT7z5YfBAmL0fIGrHc9ow16PrfIb:VL+/kN8z2f+1fIwW1crfIb
MD5:	BCF7EFDBC51E0EC74FA0D8E1E85D5145
SHA1:	2845725195C216C5E00E06A89C560EDC546483F9
SHA-256:	8756223A5345E94AEEC28A0C4438D1A37ED3E5E612BFC6388BE2C9BF19CA1956
SHA-512:	4366F40462DB5F55F979FD9E8DF449C5F832C6BA0409BBDF9440958183C9A25D2EB657C313A0CFDC3BD38676B55D643A2628229A9207541898E63B44F2C2525D
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\kix02kjb.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\kix02kjb.0.cs"

C:\Users\user\AppData\Local\Temp\kix02kjb.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (557), with CRLF line terminators
Category:	dropped
Size (bytes):	764
Entropy (8bit):	5.582166166492659
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBA/kNoT7z5YfBAmL0fIGrHc9ow16PrfIaKai3SGzKIMBj6I5BFa:T+PxNzdL+/kN8z2f+1fIwW1crfIaKaiN
MD5:	33759B189E1FB50AF8A4388B78B5DDC9
SHA1:	EB72FF077C99507D329BD1D5AB9E326EBB31B885
SHA-256:	2D2B74494DE1339019C6B72E9336A36F2C79C01AD7FBE4F863ABAECA931D56F4
SHA-512:	C953386F6BC70F427B6ED9A7D572CA4E05013CBC92A88BF3FCE7091E978206B171B33458AA06CCDFA1F5F0FD540A66709C1F4BD8A0876B80601D218C52A5F8F7
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\kix02kjb.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\kix02kjb.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\kqt-ipnw.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	201923
Entropy (8bit):	4.820721962391714
Encrypted:	false
SSDEEP:	768:vLJNXUVZxdPu3WDai/51AfAGGA/a3zMHC:vzUVZxdPuE/
MD5:	56CB75778C6DA61B5D8942014A8BEB2C
SHA1:	7824667EB1ADF28C77CCDFEBDA20599E240964D1
SHA-256:	33331C10C982490636B6FF78ADD74B13C622EE8827800DA5ADC24BC9E67AD38C
SHA-512:	3F21F1DFB59FE810EF5D53C12D8901A1B1505BC66403B1216271A64FAF9C3FE4E31FA2A50C2A12D0FDECD8EBC3E01FD8DAB7F38136CA67FCC56031F00F6636BC
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterActionMessage : System.Xml.Serialization.XmlSerializationWriter {.... public void Write32_actionMessage(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"actionMessage", @"");.. return;.. }.. TopLevelElement();.. Write31_ActionMessage(@"actionMessage", @"", ((global::DriversHQ.DriverDetective.Client.RTM.UX.ActionMessage)o), true, false);.. }.... void Write31_ActionMessage(string n, string ns, global::DriversHQ.DriverDetective.Client.RTM.UX.ActionMessage o, bool isNullable, bool needType) {.. if ((object)o == null) {..

C:\Users\user\AppData\Local\Temp\kqt-ipnw.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (799), with no line terminators
Category:	dropped
Size (bytes):	802
Entropy (8bit):	5.548641728704274
Encrypted:	false
SSDEEP:	12:p3rz5YkNoT7UNvvfBABaSOfBAmLbfBA/kD1xB1kDhXikOfBrHc9ow16PrfMn:VX2kN8Yf+BHOf+Kf+/kDFc2fxW1crfMn
MD5:	4BE79D3911F02CC7C5EA2E470578137C
SHA1:	FA8B6941ED25DC1BE8E1B376C32A091F197CEA77
SHA-256:	08FCB451AE62B3C3F401912D0806470BB2CF624993B1685332CCD7286E04CCFC
SHA-512:	4DECE6B23701E868F0F4F60712149D582BD2D91B0800CB9E7F67AC2153AA046969FD11EEE34AC9F98595BFB77528CF0ABB27B824E3E30DFBA1B964EB210D37E1
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\kqt-ipnw.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\kqt-ipnw.0.cs"

C:\Users\user\AppData\Local\Temp\kqt-ipnw.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (896), with CRLF line terminators
Category:	dropped
Size (bytes):	1240
Entropy (8bit):	5.588968671328737
Encrypted:	false
SSDEEP:	24:T+PxNzdX2kN8Yf+BHOf+Kf+/kDFc2fxW1crfMuKai3SGzKIMl6I5Dv1+fj1d:Tcxb2kWYfSufLfukDFcqA1q5Kb3xKxlQ
MD5:	28D37C6804C35AC0633B575E7DA79467
SHA1:	00C94BBEADD8ADCEBFCC0A0B65757BE17A39CE80
SHA-256:	A03891BB6978CE4F5FAEC06C9A44628E80FCB8FA34D5A5B808567260282F328A
SHA-512:	5753C3EE3E925C950AC5C923BDC09175FD3D69113E53DF5D96FF49E9B1E407907CE66CB17A66FB0FC8F0CA8E5F9DD5BC36615371053FB8687AB03EF988922E46
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\kqt-ipnw.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\kqt-ipnw.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 20

C:\Users\user\AppData\Local\Temp\kvbsyzka.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5812
Entropy (8bit):	4.698076372257443
Encrypted:	false
SSDEEP:	96:Ff5Qj4jYcYLCW0/iucXpnceB8sDqp48sczc8m8:FBIf0/WXpnceB8sqp48Hzc8n
MD5:	754AC66FC23EF212539F4337F853FF4C
SHA1:	089986B1EC1B363B041F7A1D90EA9A47C8A451C0
SHA-256:	61F45323DE7D6980D54447AB647D44CA6989ED0CA7591A47D8CE43CF6D8E84C2
SHA-512:	8ABFF0D491C3B576E5B02FD664457AE8141F0BA8E8E9C5D8AF02AD50ECD7004F3C59E289FC1748F67902EB104E660BC445D667DFE295E0E670B8F3966F21086D
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterAction : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_action(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"action", @"http://rtm.drivershq.types/2011/10");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.RuleEngine.Types.Action)o), @"action", @"http://rtm.drivershq.types/2011/10", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderAction : System.Xml.Serializat

C:\Users\user\AppData\Local\Temp\kvbsyzka.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (458), with no line terminators
Category:	dropped
Size (bytes):	461
Entropy (8bit):	5.565240068758345
Encrypted:	false
SSDEEP:	12:p3rfBATz5YkNoT7fBAmL0fqCrHc9ow16Prfqlx:VL+Tz2kN8f+1fhW1crfc
MD5:	CD7178532E9423F80AE54BB411C147EA
SHA1:	2088B8E1B2025C34B73A753FA164234A8CE8BEFE
SHA-256:	B63E23E5EB516D964495DD8262D606E59E6EB89BEC16A2413DD1609C5A27C360
SHA-512:	CC7DB10862AC748149B766A3D648D27CB167367B2AC6E5871726B299DFD3376CA0901458A12FBCCBE59BB4F6EF2769DBA5EFF01E13A793635CF4E5BD0E808D80
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\kvbsyzka.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\kvbsyzka.0.cs"

C:\Users\user\AppData\Local\Temp\kvbsyzka.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (555), with CRLF line terminators
Category:	dropped
Size (bytes):	762
Entropy (8bit):	5.5909173037349476
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBATz5YkNoT7fBAmL0fqCrHc9ow16PrfqlUKai3SGzKIMBj6I5Bo:T+PxNzdL+Tz2kN8f+1fhW1crfJKai3S8
MD5:	5305E86EA96F6226DF6CBBDD126F3995
SHA1:	84503482CDF32CCF555186F4645C8FB06E2193B7
SHA-256:	8B6B340F6C9A5FD0106504D2B6952B7A6530EB3F72D128F9F279027F9AF12035
SHA-512:	97A00EDFAFC8C0EF12A5236D298DDC1E8BE0D2648DEBB21C3C55806D66E4A5FE121AF13F8D2AB22C22E12EF0FE08D0905E1E8C16D4D3D763D2063B2463CF8C39
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\kvbsyzka.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\kvbsyzka.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\lgpoerax.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	6346
Entropy (8bit):	4.709262973251037
Encrypted:	false
SSDEEP:	96:Ff5e8j6jdBWZMkjmFYcXkd6ceB8FDqp48FS9zc8P/tg:FB9rjm1X66ceB8dqp48Ozc8Xtg
MD5:	ABD343F7BA67FEE4A6D76D44D1A6C7AC
SHA1:	56397A6F261F75FBBC6A81EAC502F8E3B5D80282
SHA-256:	CBFDD1E13CAD848C41F4D473C800E643E87931D962B1AB6F738B8479046BEAE3
SHA-512:	4F3628D9E0D62497A1F3C24023B03ED2FDF8A8513744B22EAE63362959A4BC282DC8E6E2BC9E258423DEA78FF605D8FCA440EB2039A551CBE6218CCF0A1F0C88
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterEnvironmentPropertyContainer : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_parameters(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"parameters", @"http://rtm.drivershq.types/2011/10");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.RuleEngine.Collections.EnvironmentPropertyContainer)o), @"parameters", @"http://rtm.drivershq.types/2011/10", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... pub

C:\Users\user\AppData\Local\Temp\lgpoerax.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (458), with no line terminators
Category:	dropped
Size (bytes):	461
Entropy (8bit):	5.522779875912874
Encrypted:	false
SSDEEP:	12:p3rfBATz5YkNoT7fBAmL0f/crHc9ow16Prf/5:VL+Tz2kN8f+1f/CW1crf/5
MD5:	B10EEC26259224F9842BC355CE40E93D
SHA1:	9A9A504ED711CE11698DFC97290071902AFDAAAD
SHA-256:	7646FFDF77F97D949D9C26BE7E981B16A9BBC9FA97AA7B5A117E7609B9E464EA
SHA-512:	D3118C632D432CDCA128884276F32E21D6A8397EAF7907C44E400CA4DC7CF9E53A13DD3C0309D5DEEB34C6E40DCE196445590CD499F2EDA365ED36E80A1F71EC
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\lgpoerax.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\lgpoerax.0.cs"

C:\Users\user\AppData\Local\Temp\lgpoerax.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (555), with CRLF line terminators
Category:	dropped
Size (bytes):	762
Entropy (8bit):	5.56203219545373
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBATz5YkNoT7fBAmL0f/crHc9ow16Prf/8Kai3SGzKIMBj6I5BFa:T+PxNzdL+Tz2kN8f+1f/CW1crf/8KaiN
MD5:	F71CAD7E7E2848472C5BE9FEDFB9F9D9
SHA1:	5A63E1B300B2E2584A5BB3F798BC2E98AEC7E457
SHA-256:	3AB51A665DAAFA7628D2AD793C56D269DC0470ACBE8CD4737F4FC920122155AC
SHA-512:	3EFB33FB0CABBF2A8E0D523D0B5E28E64D6E09B4723ECCDDF71BF837601D666BD21C88E7B5B556478FB516C7713891CA1900623EF7846F82211D63B78DFD1CF1
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\lgpoerax.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\lgpoerax.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\m7q_5rs-.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	25297
Entropy (8bit):	4.540890033676716
Encrypted:	false
SSDEEP:	192:FBqJC4IfWtIHYNU3AkTkJIF966UEMCv0/p2NbNYUJJPFXzDMnInxTJAnvIEqr8Fz:vCD296olhWqmmN7ceB8bqp480zc81
MD5:	02F5FAE78171B89091B2278B4B84C11F
SHA1:	F56104C5E62758DF1EDE04ED83DB58ED61DA9848
SHA-256:	F806C4535A9555AABF2A0BA8A8F1A57C74664FB1EAADE50B0345813123656B4F
SHA-512:	FA6E8F74A5ECAD285A7E0A149EB71CF8ED02C2322477F9784E739DA99D81BEF7E3ECDFAB45CF5FB297E74A59F6D69DEA00467287057F1F5C7AFC8064560092E4
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterMachineIntelligence : System.Xml.Serialization.XmlSerializationWriter {.... public void Write8_machineIntelligence(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"machineIntelligence", @"");.. return;.. }.. TopLevelElement();.. Write7_MachineIntelligence(@"machineIntelligence", @"", ((global::DriversHQ.DriverDetective.Common.MachineIntelligence)o), true, false);.. }.... void Write7_MachineIntelligence(string n, string ns, global::DriversHQ.DriverDetective.Common.MachineIntelligence o, bool isNullable, bool needType) {..

C:\Users\user\AppData\Local\Temp\m7q_5rs-.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (460), with no line terminators
Category:	dropped
Size (bytes):	463
Entropy (8bit):	5.550439445822663
Encrypted:	false
SSDEEP:	12:p3rfBA/kNoT7z5YfBAmL0fnQXyrHc9ow16PrfnQX3n:VL+/kN8z2f+1fQXMW1crfQX3
MD5:	FCFDA839B209146EF019FA005B9FB12D
SHA1:	4E89B5101281FF0B2B4BC230DFCA096431F7EE6F
SHA-256:	A5F234CFDF06DC5F3CF376CB45FE703B1E3357A49884F468D589BE4023E05EBA
SHA-512:	4CB1EF96F7B6DF808769FE83DAD27E7B20543B6830A0C7D0E231226AE5B55F84F94EA6B94B508AFC5FB7EB44070463A4880E62378651EE8607B6CD3A74D0382C
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\m7q_5rs-.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\m7q_5rs-.0.cs"

C:\Users\user\AppData\Local\Temp\m7q_5rs-.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (557), with CRLF line terminators
Category:	dropped
Size (bytes):	764
Entropy (8bit):	5.578988919660884
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBA/kNoT7z5YfBAmL0fnQXyrHc9ow16PrfnQX3uKai3SGzKIMBjS:T+PxNzdL+/kN8z2f+1fQXMW1crfQX+KR
MD5:	87D30E37F48A0DA7C6D962FF9902EB21
SHA1:	C40787D9B502EDE7791A618F4F952F153105EDEA
SHA-256:	B9154C6655C42B57377C08A9A61480DCEF41632514B0B8A81BC4D14EC3804177
SHA-512:	BDB7A02B1CE68489C0C2562ABA22727A2CA9EA9F6AA77DA63F2A0F3E57E96E9EB6BAD9AC903A8DD78894955EEAF92A411C83407547CC39F9423BCA98DEA209D7
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\m7q_5rs-.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\m7q_5rs-.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\mnlalpdp.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5818
Entropy (8bit):	4.588219703780823
Encrypted:	false
SSDEEP:	96:F95OjbaSMmMHuGXLPceB8Bqp48ozc8U2a:FrGMmMHTXLPceB8Bqp48ozc8U2a
MD5:	291FCA785EA69368A6BB153EAEDC8491
SHA1:	6B91BBA96BC3BD918B00E2D2FCEE83D605CCA767
SHA-256:	75EDDECD7DDECD0C3FFB038D5F3FB24EF248CBCF4A9BEBD878E02AE09C62ED1A
SHA-512:	9485B31941B0751856DA2A1DC8AD0F12F26BD54BB3986FCEA68F5DA0C7D3DF77B12BDB08C3314936F4B0EDEC3A198CE9B0F44AEDB46BCB297A5741ECF6B55A05
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("1.0.6920.17393")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterSerializableSize : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_imageSize(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"imageSize", @"");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.Common.Serialization.SerializableSize)o), @"imageSize", @"", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderSerializableSize : System.Xml.Serialization.XmlSerialization

C:\Users\user\AppData\Local\Temp\mnlalpdp.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (400), with no line terminators
Category:	dropped
Size (bytes):	403
Entropy (8bit):	5.521667893310475
Encrypted:	false
SSDEEP:	6:pAu+HmFpw+o3kLAwoT7R5BAn9ALV5wkn23fqgwzxscHc9olm14sQPIwkn23fqgCA:p3rz5YkNoT7fBAmL0fyrHc9ow16PrfsA
MD5:	F4BFAF810966185DCD98179B8E75C8B8
SHA1:	88A5D75167AB31C627AB92B2544153B861014E32
SHA-256:	29716B932F43303AFAA9F7511206D4DF6DAF7174742145F57B1916D67F7ADA2A
SHA-512:	BEF8DDC1A83E8A4A2E5DD716E4CE9C880BB7B9BAE14766044EC9DA7C43169DB6C052CC00F955F7835E497931B5B7A870BD908021D7594DA2844A6CD2015CE94B
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\mnlalpdp.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\mnlalpdp.0.cs"

C:\Users\user\AppData\Local\Temp\mnlalpdp.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (497), with CRLF line terminators
Category:	dropped
Size (bytes):	704
Entropy (8bit):	5.572740653206189
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rz5YkNoT7fBAmL0fyrHc9ow16Prfs1Kai3SGzKIMBj6I5BFR5y:T+PxNzdX2kN8f+1fMW1crfs1Kai3SGzT
MD5:	A910FE07838428F4C17D964F6143E292
SHA1:	2E5ADB97EB6FD8FE862AFDC6C8FEB814DF0FF426
SHA-256:	E8CBCBAD6E8EE713B19F6EFAFBD7D2FF8E9893F0661CB89DF32D0C948E20DD5B
SHA-512:	6FF94334C9224E44F8E3BF7F32543796306228BE9D1AFD42F1885E47DD1C5ACB7728A49FEEAE12A590DD15C39C2E44027AB282DF8E353631C1CA908626F11232
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\mnlalpdp.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\mnlalpdp.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\nsd2E88.tmp

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe
File Type:	data
Category:	dropped
Size (bytes):	1439216
Entropy (8bit):	6.266231616875723
Encrypted:	false
SSDEEP:	6144:EhR3qP0HaGJRlECG239X4U8uBOK2R3UGpuxu/ZU/jTaTOGf7GlwO5M8oGoPP5YZu:RaeL5aroktjN4w8ZCWhVJdsElV
MD5:	AF507F01E07BF620D4020AD1EB9AE2E0
SHA1:	10233C97C82BB9F127FF59CCE507DCAFD2F3B39E
SHA-256:	9C345F12CBE464921587EAE90C138A46EADE8DBD6BD40964C45651ABDC565745
SHA-512:	14F47C1D1A2F846D1A7AFE99C162C609C32A85826DCE93EF96F8BB43CC7F507A0C837382AEA7E27B7C1253F14C34EBD45F2AE0F9EB68F441C1C249BB945E8FBF
Malicious:	false
Reputation:	unknown
Preview:	bM......,.......,.......D........n.......E......2M......................................................B...............'...........8.......................................................................................................................................................J...N...............................x...............................................f.......z...~...........3.......................................j.......................3.......................................................................................................}...........N...\.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\Linker.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	5.460803751121593
Encrypted:	false
SSDEEP:	96:tg6us/vKUU2vg4pRmr7IGMQao//g/XQV3LXOEsqCj9T5T0mRQY6r7CtR4:MizU2/RmyI/eQ1zIqCjtv6O+
MD5:	14B655F0567E2D13459A4C77B2641AD8
SHA1:	16F073C74680F4EF8B6B477E86B75D8F136824C2
SHA-256:	D5684110F61200AC1142648F06A4DF3EE30ACF38B96538496C33CAC69942C4CC
SHA-512:	F64AB83CBB87986D0356A7B9F0EBD0314D1341AECB6BE627861B6A35DF80D765CF85157293950EFF82D44901F65068DE177780A829C4D34F55A4F5089A0DDEBE
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... ...N..N..N.....N..O..N......N......N......N.Rich..N.........................PE..L....p.M...........!......................... ...............................`......................................@%..d.... ..d....@.......................P..P.................................................... ...............................text............................... ..`.rdata....... ......................@..@.data...@....0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\System.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	5.770803561213006
Encrypted:	false
SSDEEP:	192:vPtkumJX7zB22kGwfy0mtVgkCPOsE1un:k702k5qpdsEQn
MD5:	2AE993A2FFEC0C137EB51C8832691BCB
SHA1:	98E0B37B7C14890F8A599F35678AF5E9435906E1
SHA-256:	681382F3134DE5C6272A49DD13651C8C201B89C247B471191496E7335702FA59
SHA-512:	2501371EB09C01746119305BA080F3B8C41E64535FF09CEE4F51322530366D0BD5322EA5290A466356598027E6CDA8AB360CAEF62DCAF560D630742E2DD9BCD9
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L...tc.W...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..`....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\ThreadTimer.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3584
Entropy (8bit):	3.753232549945461
Encrypted:	false
SSDEEP:	48:aRz5EwdiMcBez0cMBd4+oPVqhgbDpX1DfeZWON8u:Xwcj2r8IqhEDjDf
MD5:	CC888FEC62967CF5D03F9898E0CB65CB
SHA1:	B219E1F82C318797EB36700D9D88D3EB461D382E
SHA-256:	7D9235C4C34BE7EF9B31EFCCCFD97BC604D0CD4FB37DF9B62CCBD1D460C20D96
SHA-512:	3578F5B36A85CD8726EFF15335F6586A583DBEE8542A95C5D4DF6744AC0C5C41115C7F100CD4B7FB74094D13B22058152EC9FA6662587889427992444668CE41
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........y.v...%...%...%..%...%...%...%.;.%...%.`}%...%.`t%...%.`e%...%.`f%...%Rich...%................PE..L....U.P...........!......................... ...............................P......................................P!..W...8 ..<............................@..p.................................................... ..0............................text............................... ..`.rdata....... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\UserInfo.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	3.285067995764591
Encrypted:	false
SSDEEP:	48:qKpB4n2rZ4vuXXqQr1wH+zL/o0o/X/3MVyjlZS515gaoFU:5I4ZxKQruHkJwvcVy24FU
MD5:	D1E37112390E6BCCA8362788D61BECF5
SHA1:	D97888F0F69D34DE202E7C68B8FF5B2C2FEC4C5F
SHA-256:	77B40D42606D48F817B901F1E5ABEA114B4288B344B8C193BF3E3C52E469A926
SHA-512:	04121E5241AD14890095A6CF5E698979820FA97D911918B9B77F2064A713E20F4827F72C057D5DA1789BC340D63F391872FE5DFBB79E6C33D3995F82C37FA51F
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..................[.........Rich..........................PE..L...tc.W...........!................i........ ...............................P...................................... "......L ..<............................@..p.................................................... ..L............................text............................... ..`.rdata....... ......................@..@.data...x....0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\WinShell.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3072
Entropy (8bit):	3.9390046214087047
Encrypted:	false
SSDEEP:	48:iiP9lTRDIh4+g/7SPL2pPaH+l7N0Zp7vTBB:Xl9Im5+PL2aHAN0H7LB
MD5:	5C6B12FEFC626A0594F4412B5BE04B22
SHA1:	B7E8AF03E3F264FA066224687547DE7E62318DB3
SHA-256:	83D8C52C47D81DD019C8986DEB1108166518248ED0D0C691906F8CF9DE57A672
SHA-512:	B4306C41B1F60E9AAAF55867340DBB3648C792B48CEE770202F9274E7FA94C144E1B619ECE631F769E9BC3D6A2E96181BCF43BDAA5F19A68BEEF4996C3211B7D
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................[.........[.....[.....[....Rich..........PE..L.....1T.........."!......................... ...............................0..................................................<............................ ..@....................................................... ............................text...2........................... ..`.reloc..V.... ......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\modern-header.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PC bitmap, Windows 3.x format, 150 x 56 x 24, resolution 11811 x 11811 px/m, cbSize 25366, bits offset 54
Category:	dropped
Size (bytes):	25366
Entropy (8bit):	1.951991237718907
Encrypted:	false
SSDEEP:	96:94Wfp8b3VhJht3xFzCshwAOKuFzRHlkOJJqtSu6RaUFqG0eeSN:3p8bTthFGYbslkqJGS1rqBeeA
MD5:	35D7EB41B24263B9DC6C3D7CED252E48
SHA1:	87E93A4E3B2DF3EC0338E001FA7D1586AC4E816A
SHA-256:	0639625E61BAA52BA4DDBB1CB3397599E6128A176B7DA1633AE70410CCCAA49D
SHA-512:	3A88E7E099519048F09E9C3256DFF1D58B5413E4FF9E0FC5E103F00DFBB0E4B3C7EA6572B082960BE17D67E71F17491BCD277646810B8500580C9AE5EBD9DDAE
Malicious:	false
Reputation:	unknown
Preview:	BM.c......6...(.......8...............#...#.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\modern-wizard.bmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PC bitmap, Windows 3.x format, 164 x 314 x 24, resolution 3780 x 3780 px/m, cbSize 154542, bits offset 54
Category:	dropped
Size (bytes):	154542
Entropy (8bit):	5.825709124499547
Encrypted:	false
SSDEEP:	3072:3HZRVSyGpBSdo6XO6F3dKMbUvnoTGnXot4a4jhsvUInY:3HZRVFWYXOkRGXooaY
MD5:	C1C422963F7DBAE1C51841B875BD5041
SHA1:	5CED5704EC9BF115368DCDBCB1EEFC9E339BF926
SHA-256:	3A7511B1FD458F568E044780F40B7261C6D6EAC58D2F8BE7176B3830175055EF
SHA-512:	3EE0FCC5D5BD70E74140040C2CDCF831BF0F711FE00FC15701832D63ACCB9BAD5DF7DAE42679C7C408FA87392BAD4EE6BBE0038968CBC21D59421EA639EF1BC8
Malicious:	false
Reputation:	unknown
Preview:	BM.[......6...(.......:...............................111223223223223433433433433433433544544544544544655655655655655655766766766766766766777777777777777777998998998998998::9::9::9::9::9::9::9;;;;;;;;;;;;<<<<<<<<<<<<<<<<<<<<<============>>>>>>>>>>>>>>>>>>>>>>>>???????????????@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAAAAACBBCBBCBBCBBCBBCBBDDCDDCDDCDDCDDCEEDEEDEEDEEDEEDFFEFFEFFEFFEFFEFFEFFEFFEFFEGGGGGGGGGGGGGGGHGHHGHHGHHGHHGHHGHHGHIIHIIHIIHIIHIIHIIHJJIJJIJJIJJIJJIJJIJJIJJIKKJKKJKKJKKJKKJKKJKKJLLLLLLLLLLLLLLLLLLLLLLLLMMMMMMMMMMMMMMMMMMMMMMMMNNNNNNPPPNNN223223433433433544544544544655655655655655655655655655766766766777777777777777777998998998998::9::9::9::9::9::9::9::9;;;;;;;;;;;;;;;<<<<<<<<<<<<==================>>>>>>>>>>>>>>>>>>???????????????@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAACBBCBBCBBCBBCBBCBBCBBDDCDDCDDCDDCEEDEEDEEDEEDEEDFFEFFEFFEFFEFFEFFEFFEGGGGGGGGGGGGGGGHGHHGHHGHHGHHGHHGHIIHIIHIIHIIHIIHJJIJJIJJIJJIJJIJJIJJIJJIJJIKKJKKJKKJKKJKKJKKJLLLLLLLLLLLLLLLLLLMMMMMMMMMMMMMMMMMMMMMMMMNNNNNNNNNNNNNNNNNNNNNN

C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\nsExec.dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6656
Entropy (8bit):	4.994861218233575
Encrypted:	false
SSDEEP:	96:U7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNN3e:mXhHR0aTQN4gRHdMqJVgNE
MD5:	B648C78981C02C434D6A04D4422A6198
SHA1:	74D99EED1EAE76C7F43454C01CDB7030E5772FC2
SHA-256:	3E3D516D4F28948A474704D5DC9907DBE39E3B3F98E7299F536337278C59C5C9
SHA-512:	219C88C0EF9FD6E3BE34C56D8458443E695BADD27861D74C486143306A94B8318E6593BF4DA81421E88E4539B238557DD4FE1F5BEDF3ECEC59727917099E90D2
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d..7..7..7..7..7,..7..7..7..7..7..7Rich..7........PE..L...rc.W...........!......................... ...............................P.......................................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..,.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\LangDLL.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	5632
Entropy (8bit):	3.9380716837453535
Encrypted:	false
SSDEEP:	48:im1FYsjq8W2MPUptuMMFvx/om/ycNSCwVGfOY0vB6/JvR0Jjof5d2D:F1mBl91Z7/ycNSCwV8TLZR0Ad2
MD5:	6793C09E72665CD78CFBCC3CF871DD25
SHA1:	97B0D5136C463850A215744F483B73B48EF45C0E
SHA-256:	AD097FB5894AC4A5B7D72FA7930A54D87CE842B056880B4C4B7B71A198FB093D
SHA-512:	C5BD33E0D2ED3188983DF307D5B4BD48269334AD3725209C2C709FBB0B4EC788FAAB85E19ABBD046714EF6B2720FB3C6A4BFC925AD424CC7E01534F8E760BD38
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9...}.}.}.}.e.....z.)........\|....\|.Rich}.........PE..L...pc.W...........!......................... ...............................`......................................p"..I...` ..P....@..`....................P....................................................... ..`............................text...h........................... ..`.rdata....... ......................@..@.data...l....0......................@....rsrc...`....@......................@..@.reloc..l....P......................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\Linker.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	8192
Entropy (8bit):	5.460803751121593
Encrypted:	false
SSDEEP:	96:tg6us/vKUU2vg4pRmr7IGMQao//g/XQV3LXOEsqCj9T5T0mRQY6r7CtR4:MizU2/RmyI/eQ1zIqCjtv6O+
MD5:	14B655F0567E2D13459A4C77B2641AD8
SHA1:	16F073C74680F4EF8B6B477E86B75D8F136824C2
SHA-256:	D5684110F61200AC1142648F06A4DF3EE30ACF38B96538496C33CAC69942C4CC
SHA-512:	F64AB83CBB87986D0356A7B9F0EBD0314D1341AECB6BE627861B6A35DF80D765CF85157293950EFF82D44901F65068DE177780A829C4D34F55A4F5089A0DDEBE
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......... ...N..N..N.....N..O..N......N......N......N.Rich..N.........................PE..L....p.M...........!......................... ...............................`......................................@%..d.... ..d....@.......................P..P.................................................... ...............................text............................... ..`.rdata....... ......................@..@.data...@....0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\System.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	5.770803561213006
Encrypted:	false
SSDEEP:	192:vPtkumJX7zB22kGwfy0mtVgkCPOsE1un:k702k5qpdsEQn
MD5:	2AE993A2FFEC0C137EB51C8832691BCB
SHA1:	98E0B37B7C14890F8A599F35678AF5E9435906E1
SHA-256:	681382F3134DE5C6272A49DD13651C8C201B89C247B471191496E7335702FA59
SHA-512:	2501371EB09C01746119305BA080F3B8C41E64535FF09CEE4F51322530366D0BD5322EA5290A466356598027E6CDA8AB360CAEF62DCAF560D630742E2DD9BCD9
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L...tc.W...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..`....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\UserInfo.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	3.285067995764591
Encrypted:	false
SSDEEP:	48:qKpB4n2rZ4vuXXqQr1wH+zL/o0o/X/3MVyjlZS515gaoFU:5I4ZxKQruHkJwvcVy24FU
MD5:	D1E37112390E6BCCA8362788D61BECF5
SHA1:	D97888F0F69D34DE202E7C68B8FF5B2C2FEC4C5F
SHA-256:	77B40D42606D48F817B901F1E5ABEA114B4288B344B8C193BF3E3C52E469A926
SHA-512:	04121E5241AD14890095A6CF5E698979820FA97D911918B9B77F2064A713E20F4827F72C057D5DA1789BC340D63F391872FE5DFBB79E6C33D3995F82C37FA51F
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..................[.........Rich..........................PE..L...tc.W...........!................i........ ...............................P...................................... "......L ..<............................@..p.................................................... ..L............................text............................... ..`.rdata....... ......................@..@.data...x....0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\modern-header.bmp

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe
File Type:	PC bitmap, Windows 3.x format, 150 x 56 x 24, resolution 11811 x 11811 px/m, cbSize 25366, bits offset 54
Category:	dropped
Size (bytes):	25366
Entropy (8bit):	1.951991237718907
Encrypted:	false
SSDEEP:	96:94Wfp8b3VhJht3xFzCshwAOKuFzRHlkOJJqtSu6RaUFqG0eeSN:3p8bTthFGYbslkqJGS1rqBeeA
MD5:	35D7EB41B24263B9DC6C3D7CED252E48
SHA1:	87E93A4E3B2DF3EC0338E001FA7D1586AC4E816A
SHA-256:	0639625E61BAA52BA4DDBB1CB3397599E6128A176B7DA1633AE70410CCCAA49D
SHA-512:	3A88E7E099519048F09E9C3256DFF1D58B5413E4FF9E0FC5E103F00DFBB0E4B3C7EA6572B082960BE17D67E71F17491BCD277646810B8500580C9AE5EBD9DDAE
Malicious:	false
Reputation:	unknown
Preview:	BM.c......6...(.......8...............#...#.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\modern-wizard.bmp

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe
File Type:	PC bitmap, Windows 3.x format, 164 x 314 x 24, resolution 3780 x 3780 px/m, cbSize 154542, bits offset 54
Category:	dropped
Size (bytes):	154542
Entropy (8bit):	5.825709124499547
Encrypted:	false
SSDEEP:	3072:3HZRVSyGpBSdo6XO6F3dKMbUvnoTGnXot4a4jhsvUInY:3HZRVFWYXOkRGXooaY
MD5:	C1C422963F7DBAE1C51841B875BD5041
SHA1:	5CED5704EC9BF115368DCDBCB1EEFC9E339BF926
SHA-256:	3A7511B1FD458F568E044780F40B7261C6D6EAC58D2F8BE7176B3830175055EF
SHA-512:	3EE0FCC5D5BD70E74140040C2CDCF831BF0F711FE00FC15701832D63ACCB9BAD5DF7DAE42679C7C408FA87392BAD4EE6BBE0038968CBC21D59421EA639EF1BC8
Malicious:	false
Reputation:	unknown
Preview:	BM.[......6...(.......:...............................111223223223223433433433433433433544544544544544655655655655655655766766766766766766777777777777777777998998998998998::9::9::9::9::9::9::9;;;;;;;;;;;;<<<<<<<<<<<<<<<<<<<<<============>>>>>>>>>>>>>>>>>>>>>>>>???????????????@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAAAAACBBCBBCBBCBBCBBCBBDDCDDCDDCDDCDDCEEDEEDEEDEEDEEDFFEFFEFFEFFEFFEFFEFFEFFEFFEGGGGGGGGGGGGGGGHGHHGHHGHHGHHGHHGHHGHIIHIIHIIHIIHIIHIIHJJIJJIJJIJJIJJIJJIJJIJJIKKJKKJKKJKKJKKJKKJKKJLLLLLLLLLLLLLLLLLLLLLLLLMMMMMMMMMMMMMMMMMMMMMMMMNNNNNNPPPNNN223223433433433544544544544655655655655655655655655655766766766777777777777777777998998998998::9::9::9::9::9::9::9::9;;;;;;;;;;;;;;;<<<<<<<<<<<<==================>>>>>>>>>>>>>>>>>>???????????????@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAACBBCBBCBBCBBCBBCBBCBBDDCDDCDDCDDCEEDEEDEEDEEDEEDFFEFFEFFEFFEFFEFFEFFEGGGGGGGGGGGGGGGHGHHGHHGHHGHHGHHGHIIHIIHIIHIIHIIHJJIJJIJJIJJIJJIJJIJJIJJIJJIKKJKKJKKJKKJKKJKKJLLLLLLLLLLLLLLLLLLMMMMMMMMMMMMMMMMMMMMMMMMNNNNNNNNNNNNNNNNNNNNNN

C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\nsDialogs.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	9728
Entropy (8bit):	5.067450252961874
Encrypted:	false
SSDEEP:	96:oyqZ4zC5RH3cXX1LlYlRowycxM2DjDf3GEst+Nt+jvDYx4yqndYHnxss:oyq+CP3uKrpyREs06YxKdGn
MD5:	13B6A88CF284D0F45619E76191E2B995
SHA1:	09EBB0EB4B1DCA73D354368414906FC5AD667E06
SHA-256:	CB958E21C3935EF7697A2F14D64CAE0F9264C91A92D2DEEB821BA58852DAC911
SHA-512:	2AEEAE709D759E34592D8A06C90E58AA747E14D54BE95FB133994FDCEBB1BDC8BC5D82782D0C8C3CDFD35C7BEA5D7105379D3C3A25377A8C958C7B2555B1209E
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L...qc.W...........!......... ...............0.......................................................................6..k....0.......`.......................p.......................................................0...............................text...Q........................... ..`.rdata..{....0......................@..@.data........@......................@....rsrc........`....... ..............@..@.reloc..l....p......."..............@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\nsisdl.dll

Download File

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	14848
Entropy (8bit):	6.055040438888998
Encrypted:	false
SSDEEP:	384:fck76gi51kE5aYOMLDC4UnDp9B0Jc5HNw2gE:fck76gibLCMLDLCx04HNVgE
MD5:	8E80CEF975174BE7D6538D24710D8425
SHA1:	138F3FB1BE3C625ADE00375D3A6831553499AB6F
SHA-256:	4E4577EFEB769D74FA8D799B080CFAC33A731F2D35214384485D6C570B9A5726
SHA-512:	0CFA10544B98D197B489B91FA025F2AB71EE9859A902577BDBA9709EB78708D4F3FE632663743BD122B69878E6D093D330B9FF21A3D77822BDFFE105D7F56FDD
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._.lI_.lI_.lI.bI\.lI_.mIg.lI..1IV.lI..\I^.lI..]IZ.lI..hI^.lIRich_.lI........................PE..L...sc.W...........!.....&...p.......".......@.......................................................................D.._....@..d....................................................................................@...............................text....$.......&.................. ..`.rdata.......@.......*..............@..@.data....d...P.......0..............@....reloc..p............6..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsz71DA.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	data
Category:	dropped
Size (bytes):	27654456
Entropy (8bit):	6.461726756551042
Encrypted:	false
SSDEEP:	196608:LfUA3ITbAwIEXAYnAV+AGVtI3aFhOmD7H0mq17OdwK4C6S09ANsD3zmK7dRY:LfCQ2temD7H0H7OKcwPlRY
MD5:	FE4FFE50866354FA72CF78E30978E611
SHA1:	98C04C5A36C9858B2234AE8B584612C91E71D78F
SHA-256:	D9F985FF686C86805E29AD7F4198CEDC06903A9F3AEB6AA0607C72890520D53D
SHA-512:	053447BCE1FDCA43EC6B9434741D741D52C66FB476E85415D541276A9D6ED155CEE4925E74AE4FADB42F8EF2F46CD5BEB1501E598416AD60A3A09D1F8DF23353
Malicious:	false
Yara Hits:	Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\AppData\Local\Temp\nsz71DA.tmp, Author: Joe Security
Reputation:	unknown
Preview:	........,.......,.......D......................q.......................................................>.......+...e.......................................................................................................................................................................J...N...............................x...............................................f.......z...~...........3.......................................j.......................3.......................................................................................................:....................d..................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nujzoc0o.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (433), with CRLF line terminators
Category:	dropped
Size (bytes):	6002
Entropy (8bit):	4.6559752167305515
Encrypted:	false
SSDEEP:	96:Ff5gC4jrv1Cgi9obO4T6b+e1xqmxa8DkZQXJJp5IA7BceB82XDxqp482Xohzc8Ee:FBdnDyU39X1VceB8mqp48Xzc8/
MD5:	788C1D61DF1CB4BD0A0C96EA8E1499BA
SHA1:	02B6148E4635AD522C11271FA7B4DA5712EF4DAE
SHA-256:	4DD20476ADB8649BC3CF100B43947FEEF4EA6B6B4767AD3B5EE9C04074B9FFDC
SHA-512:	0699E02A827638849180DE3763D5A49326DF12D71E3577A24B9D245A934904E229D6036E3D49ADD0BF65EED498637C5D952D73EBD7349C2FE6370485C0429135
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterScanManager : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_scanManager(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"scanManager", @"");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.DriverDetective.Client.ScanManager)o), @"scanManager", @"", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderScanManager : System.Xml.Serialization.XmlSerializationReader {....

C:\Users\user\AppData\Local\Temp\nujzoc0o.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (705), with no line terminators
Category:	dropped
Size (bytes):	708
Entropy (8bit):	5.532303497875942
Encrypted:	false
SSDEEP:	12:p3rz5YkNoT7UNvvfBABaSOfBAmLbfBA/1kDhXikOfcrHc9ow16Prf5:VX2kN8Yf+BHOf+Kf+/c2fCW1crf5
MD5:	C1774DC0818CBF8B1A4022C282F8497D
SHA1:	4AC340DCC3F2DC35F1005460D42C6EB2EA05032D
SHA-256:	337C1CDFACB41E77B2ED763446D9C08EB0941F928011B5F7912E2C28277734E8
SHA-512:	5A7806A3F5F409F3F61F88197E544CFDCB6C5CF991C0205B2E08084F5028BC5E74954CA8FA2A33DAC9699041C02993905119DAF8B953A2FDE5B5451904777B1F
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\nujzoc0o.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\nujzoc0o.0.cs"

C:\Users\user\AppData\Local\Temp\nujzoc0o.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.268475544181077
Encrypted:	false
SSDEEP:	96:aRD1BR823iyqvZeM8neJod4zYmm6HLVdvhamncvda1B2rozflkrbLK:258Rh8neJo2fAmZwO
MD5:	F88808DCE819DAE6000FA321D36E2342
SHA1:	BD7EEC2EC183B8138168774918096ED5CD62C850
SHA-256:	13C58AD353E8CAA06E13EB7503EA175CC38019AF1B67F5B24D4452EB2542D047
SHA-512:	73E674F7000F3E29A618C6660FC656FC3241A3ADA593D81416A52F98A76D12768638A4A495C6CA6207795E0A71C213F662199B82B2027862FF73B5F3180352B7
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f...........!................N/... ...@....@.. ....................................@.....................................S....@.......................`....................................................... ............... ..H............text...T.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................0/......H........"..D.............................................................(.....-..r...pr...p(.....(......t....r...pr...p..(.......(.....0.............(....o....&.(....o.....3\.(....o.....{....3B.(....o.....{....3/......(.... 4...........(....t....(....t.....+..(....z..r...p(.........(....o....r...po....}......(....o....r...po....}......(.....s.....s......(....F.r...pr...po....6.t.....o....2.t....o......(.....s.....s....*....0..4........{....-%s......r5..pr...

C:\Users\user\AppData\Local\Temp\nujzoc0o.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (802), with CRLF line terminators
Category:	modified
Size (bytes):	1009
Entropy (8bit):	5.572869096688606
Encrypted:	false
SSDEEP:	24:T+PxNzdX2kN8Yf+BHOf+Kf+/c2fCW1crf8Kai3SGzKIMl6I5Dvy:Tcxb2kWYfSufLfucqv1q8Kb3xKxl6I5G
MD5:	5207C56BDCD7784EB4D98057A2120F4B
SHA1:	7B6C2FD3AEB7DA787049B1A1D5A03D4E918224C2
SHA-256:	29B37ADC96E91D01D568DC1AF27505503AA785F3D45BAEDCE68B9F47CB42842B
SHA-512:	DBF0CFF4AB210CD75F45EFCA390FD2C48149417883024724503AF47BA9E5D8FDFFA6679CC51A9EDFD1807C80F3320FA71571EDFBE461E61E3EBA9A756A7F1423
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\nujzoc0o.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\nujzoc0o.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights rese

C:\Users\user\AppData\Local\Temp\o39r11ir.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	6004
Entropy (8bit):	4.645974602016214
Encrypted:	false
SSDEEP:	48:F1/6/6FV56BjnGVywjubByC8sy9f0E6rx8rrkykhoJXNpaRALYrYdbd8/ycIdbe9:Ff5AjnoabO6Cpk2XNDceB8gqp48Dzc8/
MD5:	F4460B1775EACA0BAD9FAC8CA5427EC7
SHA1:	09BDCE6094AB0DA19D641E29794772B40E9DDE21
SHA-256:	269169AD3EA9897930229802B5EC13D39D83FCBF054C56A885B7E3C342271CAB
SHA-512:	D36DFA1187163C751543D4F5EE2ED6C92F8E5AC795927AB7325C2746D10C4C61393EDBC3FE5A1BA5E803C907A2A004B7DD62386D297B6198B0404EDF9BC75377
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterDownloadResource : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_downloadResource(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"downloadResource", @"");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.DriverDetective.Client.Util.e.DownloadResource)o), @"downloadResource", @"", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderDownloadResource : System.Xml.Seria

C:\Users\user\AppData\Local\Temp\o39r11ir.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (705), with no line terminators
Category:	dropped
Size (bytes):	708
Entropy (8bit):	5.5274471969424575
Encrypted:	false
SSDEEP:	12:p3rz5YkNoT7UNvvfBABaSOfBAmLbfBA/1kDhXikOfJRarHc9ow16PrfJR/:VX2kN8Yf+BHOf+Kf+/c2fJmW1crfJd
MD5:	D862FAE8C3EF0B2EE15EC981F89E9FE2
SHA1:	9EEB6CED6579A79C9815C8465588F82B29A7F40E
SHA-256:	AAFC5388676155D640E4E833D6A34A000E9500D138EB4A6039BF48CB62C7136D
SHA-512:	32595DB2D229D6B8CFF8F2DD907FDE18B2E57B6AF011E7FA6027F6ECBF5852F4577D443A4CACB16C245CF84E94A1870638FBC6577A1D8798BE35C7F246E7ADB9
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\o39r11ir.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\o39r11ir.0.cs"

C:\Users\user\AppData\Local\Temp\o39r11ir.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (802), with CRLF line terminators
Category:	dropped
Size (bytes):	1009
Entropy (8bit):	5.56811438564918
Encrypted:	false
SSDEEP:	24:T+PxNzdX2kN8Yf+BHOf+Kf+/c2fJmW1crfJYKai3SGzKIMl6I5Dvy:Tcxb2kWYfSufLfucqt1qKKb3xKxl6I5G
MD5:	C51651AF33DEE6F7BA5D3801DF6DF291
SHA1:	1EE30F12509730E5753841F0F51DF4CD46692A83
SHA-256:	138819FABC902D1CA5446340ADFC3927DC0F3BEC07F6CE9F705AC3F5CD153393
SHA-512:	1004F4B98DB5F8649C711CF3BB317786F4E855202F73963D20D01B5E157C0F89DA49C660865EA6B6DA122C151EF44682B14B36321B0A44E397D7165F5C9DAC8B
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\o39r11ir.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\o39r11ir.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights rese

C:\Users\user\AppData\Local\Temp\oaj2dofm.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (326), with CRLF line terminators
Category:	dropped
Size (bytes):	293940
Entropy (8bit):	4.555649171625102
Encrypted:	false
SSDEEP:	768:vTFfT9Tk+J2bc4kdZFXN+I+mSmWJxWxLZFXj+I+/ZFX3+q+WZFXn+6+13Q3I3p2F:vTFfT9Tk+J2SN9GmWojFE33Lnrc2nhQi
MD5:	A6ADC52E09A4A10F33370A910CBED5D6
SHA1:	EC44E014DA8FF3D50F3A351351562FA235D4E49D
SHA-256:	3B3715C937190C2F81E3185F60515F7004DC321F90DB8CF93E68BC5C248B22F2
SHA-512:	F8591DFF12F771EAEA3E3BEF503A8924623A5697F0E7452AA89E1366A349168A797ED6690D427897B19A7033F38A7AA450CFBCB5F82DB1EFA557D38610197EE6
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterDevice : System.Xml.Serialization.XmlSerializationWriter {.... public void Write31_device(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"device", @"");.. return;.. }.. TopLevelElement();.. Write30_Device(@"device", @"", ((global::DriversHQ.DriverDetective.Common.Device)o), true, false);.. }.... void Write30_Device(string n, string ns, global::DriversHQ.DriverDetective.Common.Device o, bool isNullable, bool needType) {.. if ((object)o == null) {.. if (isNullable) WriteNullTagLiteral(n, ns);..

C:\Users\user\AppData\Local\Temp\oaj2dofm.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (460), with no line terminators
Category:	dropped
Size (bytes):	463
Entropy (8bit):	5.527983576474726
Encrypted:	false
SSDEEP:	12:p3rfBA/kNoT7z5YfBAmL0fd0rHc9ow16Prfdx:VL+/kN8z2f+1fkW1crff
MD5:	FE83F2A6297D7E24DAA4AEC0D010E9A8
SHA1:	1566524B581CF69CF16A08059D48312BE14DB1F7
SHA-256:	D51E8B4532A23E76C029106D84265108A8214C970687732E2B0C380FA6110D9F
SHA-512:	E68B08D57D5464ADDA08C3825C26A6267ABF579D23ADA4E063F87768A03F93B7B57C86547E2A73414FD768BD0AE7065013F67694DE6C29DA3DB0959FE9036F8E
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\oaj2dofm.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\oaj2dofm.0.cs"

C:\Users\user\AppData\Local\Temp\oaj2dofm.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (557), with CRLF line terminators
Category:	dropped
Size (bytes):	764
Entropy (8bit):	5.563070003168132
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBA/kNoT7z5YfBAmL0fd0rHc9ow16PrfdUKai3SGzKIMBj6I5BFa:T+PxNzdL+/kN8z2f+1fkW1crfGKai3S8
MD5:	DAE0359A97BF2864E635BAC4C047EA22
SHA1:	AD59A8BD054136E748F3FCDAF5B97191271B4B16
SHA-256:	0B47117CF8F232ACD2E52DB100911E869BCDC90E2B0D0FC06A93E85E29EC8891
SHA-512:	0E91934B943474AF9D910D94208B84362C17730343255E354474D41BBAA7FA88832A90AF8317A05F45E4DAC1B1A11E98C7EBD3F32BE15835F85BBD9477FD8B8C
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\oaj2dofm.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\oaj2dofm.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\omwb8eue.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (423), with CRLF line terminators
Category:	dropped
Size (bytes):	6056
Entropy (8bit):	4.664840653308781
Encrypted:	false
SSDEEP:	96:Ff5Kj0OotJPk5AlRXzpceB8pqp48Ozc8v68:FBmopk5AHXzpceB8pqp48Ozc8v68
MD5:	EE24A6411B5519C81A3F9CD97FBE62F2
SHA1:	62F5B6B397292EDFBFE3A62A73579B786C52F899
SHA-256:	B16480FAAE61ABA18C11D73AB5B853664D429121DD16B412B5BD5FDF37392872
SHA-512:	753D4E9BBF47AC58C9346246F7516E6E2D3265000937F81768B44ACC1A3399A780BCA72B4ECD4F2B50C05B6077928B80680D4773B702C89656B4BB3D8B3B582C
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWritere : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_downloadResourceManager(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"downloadResourceManager", @"");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.DriverDetective.Client.Util.e)o), @"downloadResourceManager", @"", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReadere : System.Xml.Serialization.XmlSerializationR

C:\Users\user\AppData\Local\Temp\omwb8eue.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (705), with no line terminators
Category:	dropped
Size (bytes):	708
Entropy (8bit):	5.515940035178909
Encrypted:	false
SSDEEP:	12:p3rz5YkNoT7UNvvfBABaSOfBAmLbfBA/1kDhXikOfOxrHc9ow16PrfO8:VX2kN8Yf+BHOf+Kf+/c2fsW1crfX
MD5:	37F07B8AE92F7AB7D790D75B76BFD44D
SHA1:	6498489E7FB346EEA6BBE0B66608DC97CF8E1EEA
SHA-256:	683CF4F85148A24EDC932D66482092524207C0DE5796DAFD19CEFA37976167E1
SHA-512:	8DC8A321D1CA988EBA270DB11CAE0ACC24F2C91986911DA653AE5E5B0F259CC3B3F1A371F7D72F1BF4F2BFEAD96A563A1369E6FFC4DD3253631DE58889BD4CDC
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\omwb8eue.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\omwb8eue.0.cs"

C:\Users\user\AppData\Local\Temp\omwb8eue.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	6144
Entropy (8bit):	4.315262085049689
Encrypted:	false
SSDEEP:	96:Q5XSR+23iy6bB0UG3HqGqhamFQOdaqoQvQymWMKmkrbhK:A++gUG3gAmkzKf4
MD5:	4E8E22C1F96026851AB3571CCBF555A3
SHA1:	DB2667A674E78F6B1EF464238A94B6817FF42C9A
SHA-256:	2F4012FE3A500E31F723F7CAE8B1493C77934732E79A4A76F7B47B7E24474BB4
SHA-512:	5D35D041716B3E3C1BBC9E33496BF37857A91FC57A1197D4C743B14EC0C04968C854A20F3899EB7D95ACBBD5B988F077D789CCA5959051EC74896864560EC244
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f...........!................./... ...@....@.. ....................................@.................................h/..S....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................./......H........"................................................................(.....-..r...pr1..p(.....(......t....r...pr1..p..(.......(.....0.............(....o....&.(....o.....3\.(....o.....{....3B.(....o.....{....3/......(.... 4...........(....t....(....t.....+..(....z..r3..p(.........(....o....r...po....}......(....o....r1..po....}......(.....s.....s......(....F.r...pr1..po....6.t.....o....2.t....o......(.....s.....s....*....0..4........{....-%s......re..pr...

C:\Users\user\AppData\Local\Temp\omwb8eue.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (802), with CRLF line terminators
Category:	modified
Size (bytes):	1009
Entropy (8bit):	5.563114203745316
Encrypted:	false
SSDEEP:	24:T+PxNzdX2kN8Yf+BHOf+Kf+/c2fsW1crfeKai3SGzKIMl6I5Dvy:Tcxb2kWYfSufLfucqB1qeKb3xKxl6I5G
MD5:	380966C1E45A7C821A5A3C0A9315557C
SHA1:	777FACE5EEB872694A1198E198AC7BF99129D79F
SHA-256:	B528A306F2E098C6B9136C6B876788D88B7FE6D322A872DA7F9E2211C6018C0E
SHA-512:	6E873CDBA23E843EB11B6406D9929DA95929CAB4270E81594E00357EF52569F72E60184B535A118BD380B8241D64E6A8CAC1CE13ECF48123F340D9F899800E91
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\omwb8eue.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\omwb8eue.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights rese

C:\Users\user\AppData\Local\Temp\pxf0sjbm.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\Agent.CPU.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (957), with CRLF line terminators
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	384:vPU/qZe2Q8axpjHzzftfW13jyVlukFSz9xLdAWvWHbqgkBoiDJ2KhmU9yZcUD13/:vUv9FSz9Eq3CnLwK
MD5:	67F7157E15A80E00C713D5C9F632E1AD
SHA1:	65E4A2A895B37A21AD689B3065CA18FB6FB156ED
SHA-256:	F379288EC27A2FF90E950F6018C12677A0FCBC45D6201482153A144161D3FA70
SHA-512:	89888469DFA35E15D836191AC26444A88902ACDB165467691B75D982F8159C67CA63D256AAFE5A0361C98DD7A120AE1B333F14F3110165B973B94786BFABE026
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterDDConfig : System.Xml.Serialization.XmlSerializationWriter {.... public void Write6_config(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"config", @"");.. return;.. }.. TopLevelElement();.. Write5_DDConfig(@"config", @"", ((global::DriversHQ.DriverDetective.Common.DDConfig)o), true, false);.. }.... void Write5_DDConfig(string n, string ns, global::DriversHQ.DriverDetective.Common.DDConfig o, bool isNullable, bool needType) {.. if ((object)o == null) {.. if (isNullable) WriteNullTagLiteral(n, ns);..

C:\Users\user\AppData\Local\Temp\pxf0sjbm.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\Agent.CPU.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (498), with no line terminators
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	12:p3rkD1xBknoT7fBA/z5DfsxrHc9ow16PrfsaFH:VgDFkn8f+/zZf6W1crfxH
MD5:	7D6AE19E935204EFA4A58488D47747C7
SHA1:	86B1301DCA8DB54D4DDE029ACCE24400D553F72D
SHA-256:	3D49B5DE5204DB720441DE2B47027035A1C612F8096663833AC61AAC311C6177
SHA-512:	3E62230CD9E225CB2CBF41C1D985737E55D8FA540E3CD460C6A533E8FCFB2B11613C98D19D1A37CD1135F2C01615E2ED7DB8983DE5F47E7528ABDFBF047A590E
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll" /R:"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /out:"C:\Users\user\AppData\Local\Temp\pxf0sjbm.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\pxf0sjbm.0.cs"

C:\Users\user\AppData\Local\Temp\pxf0sjbm.out

Download File

Process:	C:\Program Files (x86)\Driver Support\Agent.CPU.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (593), with CRLF line terminators
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	24:T+PxnzdgDFkn8f+/zZf6W1crfxOKai3SGzKIMl6I5Dv1+fxv1d:TcxuDFk8fuzBX1qkKb3xKxl6I5Dwd1d
MD5:	2B349D134C04546715C123DE6ECDD1B5
SHA1:	61520761B98A55974E2E4F8EA3CC76DF531EE734
SHA-256:	24B7F3EBAF2C3C7F6EF751C0E277BB68ABEFE4A40421C862B6C595F78103B295
SHA-512:	930CD07A4A585D4498B7EA97DBCE22AAD62DA5F99DF5F631157B9441CAC79475B74E50B3BB03B3D0D33419B41DD892B964082018D5AB2F5D65D118336BA3FF26
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll" /R:"C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /out:"C:\Users\user\AppData\Local\Temp\pxf0sjbm.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\pxf0sjbm.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....c:\Users\user\AppData\Local\Temp\pxf0sjbm.0.cs(613,18): warning CS0219: The variable 'isNull' is assigned but its value is never used..

C:\Users\user\AppData\Local\Temp\pzb2rbxy.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5880
Entropy (8bit):	4.660214157467804
Encrypted:	false
SSDEEP:	96:Ff5ij+ZYoHAhkRIXE6X1XceB8uqp48nzc8k:FBdmgAhkRI06X1XceB8uqp48nzc8k
MD5:	F51B2A006AFE274FF4E79D1C7C9C54B8
SHA1:	CD25DCA82858B36ECA47701D0D3B9C4CAF159F39
SHA-256:	5C1E8D149D65B898D5510E1B3FEC6EECC8F4D4E200E6FC185D0979A724780676
SHA-512:	A6E9DA0C6F6BEE893134E061F6CB337272C9354DD2C51BA2025D36924CEF1FFB1B8D65E6ECA4CDD355332BE3DB224865BD7C9228FBB1771C6F725DAF71A6A815
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterVeloxumManager : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_VeloxumManager(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"VeloxumManager", @"");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.DriverDetective.Client.Veloxum.VeloxumManager)o), @"VeloxumManager", @"", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderVeloxumManager : System.Xml.Serialization.Xm

C:\Users\user\AppData\Local\Temp\pzb2rbxy.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (705), with no line terminators
Category:	dropped
Size (bytes):	708
Entropy (8bit):	5.536202432761045
Encrypted:	false
SSDEEP:	12:p3rz5YkNoT7UNvvfBABaSOfBAmLbfBA/1kDhXikOfBrHc9ow16PrfM:VX2kN8Yf+BHOf+Kf+/c2fxW1crfM
MD5:	F39748DB5DDD67845D9E91C1C913043D
SHA1:	9EFF6EB20BCF83591403F96599188337D7747F2E
SHA-256:	3723AEB3D5B80924448F9183977BC4C8F4A5FAB0993B113ECA731BE7C97AD17B
SHA-512:	839778350FFF33433448EDE23BEA737FF49E5C7A3E6F28154B26C85C57589021745FAABC29B3D9793056D5F4E6EE1027863E7C94779A0E4599DB85D91F96239B
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\pzb2rbxy.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\pzb2rbxy.0.cs"

C:\Users\user\AppData\Local\Temp\pzb2rbxy.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (802), with CRLF line terminators
Category:	dropped
Size (bytes):	1009
Entropy (8bit):	5.577079918872542
Encrypted:	false
SSDEEP:	24:T+PxNzdX2kN8Yf+BHOf+Kf+/c2fxW1crf5Kai3SGzKIMl6I5Dvy:Tcxb2kWYfSufLfucqA1q5Kb3xKxl6I5G
MD5:	694028FDB6523CB12C75894B12D0F8E4
SHA1:	8ABB4D5D18A4F54879AE66BB74550F536DF02A75
SHA-256:	BD28E723A9E37BF3EC6047DC32C17FA17DB6461FBF88C072449D814F1079AE77
SHA-512:	A72E9E683EC079B03909BC1EC582A1D3D97452389E7361962803AF06B10C19860CB027CE707C8CF8B9C83461B35D15B7D49A26568DA190134E6A703C435FA48D
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\pzb2rbxy.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\pzb2rbxy.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights rese

C:\Users\user\AppData\Local\Temp\rg0y8lwu.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (437), with CRLF line terminators
Category:	dropped
Size (bytes):	6346
Entropy (8bit):	4.772678120368921
Encrypted:	false
SSDEEP:	96:Ff52j0jg2kbjaUWaJG+cXhhceB8CHqp48Cyzc8gm:FBy6aJkXhhceB8Kqp48Pzc8x
MD5:	8311E2D0A8CAD00954B1151CE783B8F5
SHA1:	234531C4B3A2FFC82A2C08A68043AAAA623A4D80
SHA-256:	EBD9318F4789009B82A11537256191A9BB692C83A7D97233E39AB264DC89DFC2
SHA-512:	B6F38A23DE066936A7C2A754F365B2556CCB1B572E75344213EB9A23D92060C436FCF7E6AD555603ECBC43AADE502478EC564E4F87062D62A72A35A4687B9BF0
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterGlobalActions : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_globalActions(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"globalActions", @"http://rtm.drivershq.types/2011/10");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.RuleEngine.GlobalCache.GlobalActions)o), @"globalActions", @"http://rtm.drivershq.types/2011/10", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializ

C:\Users\user\AppData\Local\Temp\rg0y8lwu.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (458), with no line terminators
Category:	dropped
Size (bytes):	461
Entropy (8bit):	5.544021503130068
Encrypted:	false
SSDEEP:	12:p3rfBATz5YkNoT7fBAmL0f1H0rHc9ow16Prf9xn:VL+Tz2kN8f+1f1HKW1crfv
MD5:	608F701022190D13D6E34B95DBE7801D
SHA1:	4EA94C60BAF3F88D0B5C714AAC3028D00D1558C2
SHA-256:	B077E55683BABA582875E443AA8F802A8DFBC55330536F0DE3EB896D6156F8BD
SHA-512:	CD20560C0ECC450EF44DCB8FC7B3200BB9D65D2898399D07210BEC42B2E8323AF412E1B6447FF505E33E8EB21654BEED5301156009D218D8BAE4CBB7FC0E5741
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\rg0y8lwu.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\rg0y8lwu.0.cs"

C:\Users\user\AppData\Local\Temp\rg0y8lwu.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (555), with CRLF line terminators
Category:	dropped
Size (bytes):	762
Entropy (8bit):	5.574418128119814
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBATz5YkNoT7fBAmL0f1H0rHc9ow16Prf9xuKai3SGzKIMBj6I5G:T+PxNzdL+Tz2kN8f+1f1HKW1crfWKaiN
MD5:	A788AA1303FFD21501D7CEDAF0000334
SHA1:	832439F0AF0B5F5AF32A1F3FC59A30172A93BAE4
SHA-256:	23CF0407E558A82723A32D0A11B96EC3F586815098406BACEB85135ACD79FDE3
SHA-512:	27189D6ED2C1763B615736E224B093982ADEFA84718E217A5205067B40924C5611C8A9DED4AA3C66F7DE544A027A5251D14CE556279085E674C5BFCA325087E0
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\rg0y8lwu.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\rg0y8lwu.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\shwwieom.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	6110
Entropy (8bit):	4.639570077360065
Encrypted:	false
SSDEEP:	96:Ff5Q0jDica+k7WxOXq+ceB8cqp483zc8XcY:FBK+k7W0Xq+ceB8cqp483zc8XcY
MD5:	BE50162E1164E542F3672C167543EDAB
SHA1:	C059D30832B855B70824D6B420668ECB3B287A2B
SHA-256:	8F3750B3ADC08F0CB99DA0FAC51A3EAC3D7D913C7CF197EA194A983C4C2843A1
SHA-512:	9E71B5805EB3EF50A75EB305FD3EBF7B06B6078CF1818C3B487004D114EA76B17ECF9F58FE3CE4C33068196D56EA250C71F68947DC5DC169BDA8D383EB3DC5DE
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterTransientState : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_postActionTransientProps(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"postActionTransientProps", @"");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.DriverDetective.Client.UXState.TransientState)o), @"postActionTransientProps", @"", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderTransientState

C:\Users\user\AppData\Local\Temp\shwwieom.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (705), with no line terminators
Category:	dropped
Size (bytes):	708
Entropy (8bit):	5.523214140398446
Encrypted:	false
SSDEEP:	12:p3rz5YkNoT7UNvvfBABaSOfBAmLbfBA/1kDhXikOfnrHc9ow16Prfi:VX2kN8Yf+BHOf+Kf+/c2fzW1crfi
MD5:	1F9EE8A1D85D6AAF23A331823C47C1AA
SHA1:	0E750E25EDA0135B82E39814F33C4FF2266B38EE
SHA-256:	3947250090954537573B9AFDCC386E26CA9FF0801D3056DE312FABB67BC380FD
SHA-512:	D0CBC74CD708F30B18A2287B609C7E0404931EF2A576BBD9E6EF3A196A34CF9576A467C02FFDF6A07EE1FA3E6C1C2CC25F5FE53B42530E697CC3585DF59BF794
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\shwwieom.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\shwwieom.0.cs"

C:\Users\user\AppData\Local\Temp\shwwieom.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (802), with CRLF line terminators
Category:	dropped
Size (bytes):	1009
Entropy (8bit):	5.562790507980154
Encrypted:	false
SSDEEP:	24:T+PxNzdX2kN8Yf+BHOf+Kf+/c2fzW1crfbKai3SGzKIMl6I5Dvy:Tcxb2kWYfSufLfucqa1qbKb3xKxl6I5G
MD5:	E7D9A71D31E1883FE397CDB8BA63CD52
SHA1:	9BB47A046AC8E6AE966CC269267C8BEE0C9A5A36
SHA-256:	86EBBB872D3D8FC4DA9EDF2E2F79485C073579AB220D12E42BF3D6915FA91FC0
SHA-512:	48AA15B68CE693E6095374BA737BF45AAE56FC3F4A2A5C47AEBCB08746E59BF5964C5BE2E924A469E90425923BFDA5B812FEF3BC2A1EC5ED1088D0E53679C1FE
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\shwwieom.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\shwwieom.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights rese

C:\Users\user\AppData\Local\Temp\sxydb4ep.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5985
Entropy (8bit):	4.702069956257416
Encrypted:	false
SSDEEP:	96:Ff5xj+jv3aYCG0f/jeNUcXQUXO8ceB8RXzqp48RX+zc8/XW:FBRFnSpXQqlceB8hqp48szc8+
MD5:	884D21B36296FD67328D84E14988E956
SHA1:	3B06ABBDA6398ED1B41E4CCC794B0794140FE814
SHA-256:	3EEA0F241D6E92484B394B6E74C9BED7A4CB02D7E053110EF5F167100087C957
SHA-512:	215E696A0C4446BC2C86A63E9DB8173A85E4C96C39F4F7FFDC947B7C8DD0E7D1DD422E9C35D92EE44CA724EADE1368909C95A67917F77851E1A8F124093C2614
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterEnvironmentEvent : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_event(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"event", @"http://rtm.drivershq.types/2011/10");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.RuleEngine.Types.EnvironmentEvent)o), @"event", @"http://rtm.drivershq.types/2011/10", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderEnvironmentEv

C:\Users\user\AppData\Local\Temp\sxydb4ep.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (458), with no line terminators
Category:	dropped
Size (bytes):	461
Entropy (8bit):	5.543909949526065
Encrypted:	false
SSDEEP:	12:p3rfBATz5YkNoT7fBAmL0fUkrHc9ow16PrfUh:VL+Tz2kN8f+1fNW1crfI
MD5:	2DF5AC72F3A9E3AC3BAAD6B3401833DF
SHA1:	E35D6475C97CE31EACA998EC4F6A39B01D31637F
SHA-256:	CE68E58D0CE22966D9937331269A9952D5F06CC44833E7F8D4C7F6ACA80A08E1
SHA-512:	C9D2701B6D1A67730DF4436CB7B568C311D01107FD550453479300E83166DFBE14FDA7DBA18D26389A78CF29D7DD457F4ACD350C9AE91B83BBD490C2A07E54F0
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\sxydb4ep.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\sxydb4ep.0.cs"

C:\Users\user\AppData\Local\Temp\sxydb4ep.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (555), with CRLF line terminators
Category:	dropped
Size (bytes):	762
Entropy (8bit):	5.578690107117668
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBATz5YkNoT7fBAmL0fUkrHc9ow16PrfUEKai3SGzKIMBj6I5BFa:T+PxNzdL+Tz2kN8f+1fNW1crf9Kai3S8
MD5:	9E4648EF3EEEBF6F368A0FFCC8D6A6BE
SHA1:	A3BB3905B45EAB64138A05A0375E8D77974800B0
SHA-256:	E749F51284FE6F8CE7C56AFD6CDF97FE86A3795AE3FEEF5420A32F58DD7541D7
SHA-512:	20AACB109BB9D1F9FC9A02E1521462C8CA782458642B304B555FDBCE42364A10C5A668DC7FA9A0DAF6FB450CC41AD2186A0A15086A8B9219FCCBE96FA80DFE3D
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\sxydb4ep.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\sxydb4ep.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\tmp1BE5.tmp

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	15837424
Entropy (8bit):	7.992136691900696
Encrypted:	true
SSDEEP:	393216:foCymRznxy8qYpExe3BR8FQqlp11Bi+pI/OeYAVCb/qe6uNMGc4:fotmpn34eRRwlp7f2/OwVe1MGc4
MD5:	904FE42B9A5AB084991433F2E2D3BCDA
SHA1:	4BF161497A246B5B0410292E73D7F3BBE9656348
SHA-256:	B234383E574DE471993C265AA4E4EA5B9F5DB46509471878C15CE996F69B9154
SHA-512:	17E2E4FE01B6E0E5624AF54CCD3CB770A617162A167CB7D188BEEEB08F0E4E0431002B68E572D3A48526A760CD0D328872549134F1FB451D26F3DA4D2560F4FC
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1p.:u..iu..iu..i...iw..iu..i...i...id..i!2.i...i...it..iRichu..i........PE..L....n3T.................\...........2.......p....@..........................p......<.....@..................................s..........`...........x...x............................................................p...............................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data................r..............@....ndata...p...@...........................rsrc...`............v..............@..@................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\tmp4363.tmp

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	PNG image data, 200 x 150, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	14056
Entropy (8bit):	7.9643395665817565
Encrypted:	false
SSDEEP:	384:jlWHPQ8zUt2Yo8zhzFzPvsBgK3cADLHuEtrBBHhv3Seh:jlEPQUUt2X819PECK3Z3nrB3Seh
MD5:	CC33430A952C75536908A6A744A8AD69
SHA1:	211BC89FC2BA3B7350A01441DBC32BD5BC8A715C
SHA-256:	423B76D79113EDEE2F5DF7F61589F20D45363EFBAA707F4D2A73BDB07BA2A620
SHA-512:	AC15EC79C5101A88B3EB8A605330C821FDED6BE77B70C8A77D091053CEC9C5828625DE825779591F065010D7C371AF1ECF3DC1A70AB15E6D1896037D9C4B5B83
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........+....6}IDATx^.}..l.U..z........hf$.F#i...BH.. ..&0.`.......6v..8....0..(.,;l.f......I.F.h4.4..}...{U..y....Uu...Uu......{o..y..\|U..=k.......i....i~~.n...Coo/..Whll.&&.R.POO.Z;.7$AVWW...t..........i..G.....4N.h..,k....j(H..!.i..........h..I}V....jh....6....j.Un'.e.}W..#\|..h.Z.+K+.r...F.{.}.g..'..E...E!.}.4......j.....[\......F.K..........<..@..L.Lc.12..... Q.cdE.x1aB0qjU:{..U.<C.c;.......:v.n..T.U.....g........~._^.._^qw..F..9..v.....`...Y).....B.F.~L....4........K..\...z....u.rC........;N..........uk LR>.$.a..`Q.Yd.W."..9.mi..D.....uWk4..g....=....(...&H.V.s.......S...._.Z..tc#...E>.....%G.wj .2.5%....t..x.O..>H..Q......z}......v^a.;b5.Z..A.w...T..u4.m..}~Y.2..........y09...,..L.n..=..dv....x..c].$9.!..-.a...)....G..].v..$......-...&GG.....$.v....vWVH..D.f`}.rx'.5.C.L..,..#s..}.W.KAt.@..._...6....M...J.,//..~....m....:s\|E-[..>.d.\.b=...!.B.C.A3-.,f..`

C:\Users\user\AppData\Local\Temp\tmp4364.tmp

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	PNG image data, 200 x 150, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	8278
Entropy (8bit):	7.941146423398454
Encrypted:	false
SSDEEP:	192:LpFFFFFFFFFFFFziGWuo6SHeUfsBv0OoKhwXT5r1rzP+GDkhUutYDB9zEL2FGTsH:9FFFFFFFFFFFFW56PpBoXNN+Y0tYd3F5
MD5:	367F9B4B1D20F28F528B64E1582C3CD1
SHA1:	DDBA3B3DDA10972A62ED60B6ED31866DA6E00618
SHA-256:	F76B60430379627259311CAF241E6954BA7F32640821FA46A0AB64C412F2DED0
SHA-512:	6B32BE5476F317A8DE92613B4868D12247E6BECD4E3CA93E5F2A021A8C04CCD78B32F53953204534E0C7E5A620FEEDD18A21E0D25A4F74102D957179C08DF6BE
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............PN....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..w.mE..p.9!..$..$G.,(.D......H.D.-I...PDA..D..A.k@@r..%. .T.9.~{..f.O...U...U1.k......gf..L.jh..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..zAK..^.......j..-..z. ..9D.!....?.......]z<...o....~.oC.Cyuj..G.X....N./..!......_.9.g2t..%#=......2......`.O.x:.:.BF.v..I.!..-...O.5Q...F.1.f..)...!....O.h.).'...gz*4.I[.....Cx..<.7.?T?...?.Y[...../Z.54!...d....z....LZ...h..`0......PiHg.w..g9.{..b0.Pd....)0S.e]..>...?...1...t....`.....#J......i../...k...J[9>.....c.......s>.sQ[l...m....._.C.L.......>...C].A....-J...`p.vu....{.UW]{.....#.5..0.......{.?...~..+...;.x.G......D....;...../..K.A.a^.-32K...z..[o%......?.....O'N...NQ..%."@.3...._....dh<F".3.F...E.St....7...?..5......Y.Sd2.0v...U;

C:\Users\user\AppData\Local\Temp\tmp4895.tmp

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	PNG image data, 200 x 150, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	14056
Entropy (8bit):	7.9643395665817565
Encrypted:	false
SSDEEP:	384:jlWHPQ8zUt2Yo8zhzFzPvsBgK3cADLHuEtrBBHhv3Seh:jlEPQUUt2X819PECK3Z3nrB3Seh
MD5:	CC33430A952C75536908A6A744A8AD69
SHA1:	211BC89FC2BA3B7350A01441DBC32BD5BC8A715C
SHA-256:	423B76D79113EDEE2F5DF7F61589F20D45363EFBAA707F4D2A73BDB07BA2A620
SHA-512:	AC15EC79C5101A88B3EB8A605330C821FDED6BE77B70C8A77D091053CEC9C5828625DE825779591F065010D7C371AF1ECF3DC1A70AB15E6D1896037D9C4B5B83
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.....................sRGB.........gAMA......a.....pHYs..........+....6}IDATx^.}..l.U..z........hf$.F#i...BH.. ..&0.`.......6v..8....0..(.,;l.f......I.F.h4.4..}...{U..y....Uu...Uu......{o..y..\|U..=k.......i....i~~.n...Coo/..Whll.&&.R.POO.Z;.7$AVWW...t..........i..G.....4N.h..,k....j(H..!.i..........h..I}V....jh....6....j.Un'.e.}W..#\|..h.Z.+K+.r...F.{.}.g..'..E...E!.}.4......j.....[\......F.K..........<..@..L.Lc.12..... Q.cdE.x1aB0qjU:{..U.<C.c;.......:v.n..T.U.....g........~._^.._^qw..F..9..v.....`...Y).....B.F.~L....4........K..\...z....u.rC........;N..........uk LR>.$.a..`Q.Yd.W."..9.mi..D.....uWk4..g....=....(...&H.V.s.......S...._.Z..tc#...E>.....%G.wj .2.5%....t..x.O..>H..Q......z}......v^a.;b5.Z..A.w...T..u4.m..}~Y.2..........y09...,..L.n..=..dv....x..c].$9.!..-.a...)....G..].v..$......-...&GG.....$.v....vWVH..D.f`}.rx'.5.C.L..,..#s..}.W.KAt.@..._...6....M...J.,//..~....m....:s\|E-[..>.d.\.b=...!.B.C.A3-.,f..`

C:\Users\user\AppData\Local\Temp\uy5zsjsg.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	13706
Entropy (8bit):	4.418806165035206
Encrypted:	false
SSDEEP:	192:FBXd2hUyb2NBWnYsnVx2+zCIzouEHEY5YRBXGPceB8xqp48pzc8L:vtXIsuS5Y4ceB8xqp48pzc8L
MD5:	86BFA3B1CC996B1F58DC5DDA5AC22D1B
SHA1:	3D6628E80A6A04E6453D2010D49063D61EC23664
SHA-256:	BE8C7FEA7B2456B1032A190BC528DE371AD1E11AA8D60B3849D0D97295694A78
SHA-512:	FA54C7221417D08CA4D8DF9056EBA47EBF876CA18DB4093DC872EE0115D191453F3B8D1AD0D4BED6E3C747DF866978C928BB9EDEA1259EEA0E57F8AA2324D962
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterComputerSystemProduct : System.Xml.Serialization.XmlSerializationWriter {.... public void Write6_computerSystemProduct(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"computerSystemProduct", @"");.. return;.. }.. TopLevelElement();.. Write5_ComputerSystemProduct(@"computerSystemProduct", @"", ((global::DriversHQ.DriverDetective.Common.ComputerSystemProduct)o), true, false);.. }.... void Write5_ComputerSystemProduct(string n, string ns, global::DriversHQ.DriverDetective.Common.ComputerSystemProduct o, bool isNullable, bool needTyp

C:\Users\user\AppData\Local\Temp\uy5zsjsg.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (460), with no line terminators
Category:	dropped
Size (bytes):	463
Entropy (8bit):	5.548003673939817
Encrypted:	false
SSDEEP:	12:p3rfBA/kNoT7z5YfBAmL0f1QwnUrHc9ow16Prf1QwhH:VL+/kN8z2f+1f1QwnqW1crf1QwhH
MD5:	3E0CD2DE6BDEE0D0C5A2AD42C78C7025
SHA1:	8B6FE7953F349B69474BF6B5245EE6DC064B66FE
SHA-256:	5D7CD4E8C205165977B41DADA2281C00EB1F37CBC8A78D41EC3FEDCB7A92ABA9
SHA-512:	ACE29434EF4C16A30CAD054D6510302F78873E92552446BCD06A48805C9A505A21A1C2CA8ACC6178435D623284DB455A78010458D6B4DB41CA6CE016EA7859ED
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\uy5zsjsg.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\uy5zsjsg.0.cs"

C:\Users\user\AppData\Local\Temp\uy5zsjsg.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (557), with CRLF line terminators
Category:	dropped
Size (bytes):	764
Entropy (8bit):	5.580782487126321
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBA/kNoT7z5YfBAmL0f1QwnUrHc9ow16Prf1QwhOKai3SGzKIMBW:T+PxNzdL+/kN8z2f+1f1QwnqW1crf1QW
MD5:	44AA423A7786DA92472370ECC3FE8B2D
SHA1:	FE010260B3ED13910B396992FF24A7B4E7652F78
SHA-256:	C0905EA27F0217629B7300D3AC54789403E88768F1D51FCCCD49C1BC36392287
SHA-512:	56B3D9D0D91774255AC5E2B97696FC95B1B516389563E4DD802D75F821EF7B53B219FB3F38F2F1FB2E35F29DBE95CDF159CCB47E9A9C5957C30CFDB7F1BB65A5
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\uy5zsjsg.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\uy5zsjsg.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\vmwxj0vz.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5910
Entropy (8bit):	4.622826604104254
Encrypted:	false
SSDEEP:	96:Ff59jGJDek4DanXmAhJceB80qp481zc8G:FB4ek4DEXm+ceB80qp481zc8G
MD5:	0CE583C25F7B30484370A5ADFD2CBDE1
SHA1:	342C83AFB8A28E5EF0FC8563B80023077A90222A
SHA-256:	BB52110BE1991E38DE40BCEDAF8E1C402DAB53209D42B2A6922139C2DBF1C967
SHA-512:	5124C854B3F22D72C67A9E85450B46F87992EAAA60EA6446FD5C9E95EB40BB177DF96B251D22F8AAC51C34CA0B5A476663295345CE6DF664EBFACB8D903E466C
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterClientSystemData : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_systemData(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"systemData", @"");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.DriverDetective.Client.Veloxum.ClientSystemData)o), @"systemData", @"", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderClientSystemData : System.Xml.Serialization.XmlSeria

C:\Users\user\AppData\Local\Temp\vmwxj0vz.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (461), with no line terminators
Category:	dropped
Size (bytes):	464
Entropy (8bit):	5.5594035302350155
Encrypted:	false
SSDEEP:	12:p3rz5YkNoT7fBABaSOfBAmL0flYrHc9ow16PrflV:VX2kN8f+BHOf+1flOW1crflV
MD5:	F35A5B3B9F7EFCE88B94387AC674E0EE
SHA1:	9FA6C836DBBCF24E84B5774580DFB9752A3DD4E1
SHA-256:	5BC42A370E16BF66C08EE9747A4CE8A0831D6891E501861C5800BB7F8EC4A0DD
SHA-512:	0D1E60CD05EC280301E751C3ACFD1665AA3CDEA566CBB52C80A193474E211E1D65178386AA28ADA0E3E7C64ECF98477432B61E85FA599D47621A5BD352FA6F70
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\vmwxj0vz.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\vmwxj0vz.0.cs"

C:\Users\user\AppData\Local\Temp\vmwxj0vz.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (558), with CRLF line terminators
Category:	dropped
Size (bytes):	765
Entropy (8bit):	5.581820428879853
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rz5YkNoT7fBABaSOfBAmL0flYrHc9ow16PrflwKai3SGzKIMBj6IU:T+PxNzdX2kN8f+BHOf+1flOW1crflwKR
MD5:	FBE1DBF40B4DDBC44DB1A47BE4FCAE71
SHA1:	28EDB3B136BD3CAF271CF6C75F7707458E88A515
SHA-256:	8D64CE7FB08CF852B7197B39E0AB9A73874628AC77DD1CFDCFBE76B872A049B8
SHA-512:	8D71B0EE3C19E5FCC893ED36F568557C7AF7A7309C09FBDAFD3DF17EA427610D9E6C966088A4E6D0E1C54EB87A84CC1C7222DBBD8A5A4AFED03F102A07A4AC46
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\vmwxj0vz.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\vmwxj0vz.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\wnzesklh.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5977
Entropy (8bit):	4.6463181037749655
Encrypted:	false
SSDEEP:	96:Ff5lXjnKUoqC3bl5/FyijTniUKydXilSe5qnceB83xNqp483Gzc8pKwiAs:FBa9MiviYdXsvGceB8BNqp48Wzc8K
MD5:	628D041451AFD5035031024D67470245
SHA1:	75BC6DCE8F6D46F51A6C7444CF8E3CAB7F2807E9
SHA-256:	057EC89D96144612C926D6000E431EC6AA6946D83305EA6D7D7D2399246C59D1
SHA-512:	312779C6A46FA9264693C39A6A3864A22FC55F98805F6302858E4ABDB82D11F4C86891C3CE8A92D5F3DEAABE7C57007A734B003FCD4BB825414E4BE07ECE9316
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterClientNetworkMediaStatus : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_media(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"media", @"");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.DriverDetective.Client.Veloxum.ClientNetworkMediaStatus)o), @"media", @"", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderClientNetworkMediaStatus : System.Xml.Serialization

C:\Users\user\AppData\Local\Temp\wnzesklh.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (461), with no line terminators
Category:	dropped
Size (bytes):	464
Entropy (8bit):	5.55672196702028
Encrypted:	false
SSDEEP:	12:p3rz5YkNoT7fBABaSOfBAmL0fuM+rHc9ow16PrfuW:VX2kN8f+BHOf+1fqW1crfR
MD5:	D583893EC3B078989F3B38422935033B
SHA1:	C52676E1BE8618246189AD2F327576028DBA9BFC
SHA-256:	EFFCB3D6EC31E4C412097E61C221561E7A3706FB5CDA955D46335AB31234BE2B
SHA-512:	EBAA564253406E9551D7D56BE0AA5473163EB5F6AC1EF6C4FD2272CCB52C4A1EA0C6BD6A76AD52B2DE4161BB4DBDB5D2CF227EA2A43885D8BF6C85C15FEF0933
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\wnzesklh.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\wnzesklh.0.cs"

C:\Users\user\AppData\Local\Temp\wnzesklh.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (558), with CRLF line terminators
Category:	dropped
Size (bytes):	765
Entropy (8bit):	5.576735322218927
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rz5YkNoT7fBABaSOfBAmL0fuM+rHc9ow16PrfuXKai3SGzKIMBj6v:T+PxNzdX2kN8f+BHOf+1fqW1crf0KaiN
MD5:	3575113A07EED98CC464E3E9D0B42BDB
SHA1:	4633343FC400DBE0F42E81CFDABAAF7F3D3B16A6
SHA-256:	EB195A83A96A8419C42F18DBFFB294397BC821385909393BE46023761EB4CC8D
SHA-512:	269FCC65056D666DDB0EF65CBE362476AFB102DA38CBA354F153FF57F5931A0B2E2D43E43F574C537D8B82001585F8EA93F79548395FE230F245844BCC44C021
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\wnzesklh.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\wnzesklh.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\xdix_tkb.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (957), with CRLF line terminators
Category:	dropped
Size (bytes):	53075
Entropy (8bit):	4.671435465750053
Encrypted:	false
SSDEEP:	384:vPU/qZe2Q8axpjHzzftfW13jyVlukFSz9xLdAWvWHbqgkBoiDJ2KhmU9yZcUD133:vUv9FSz9Eq3Ck9eB
MD5:	4BC17C761A330A3098627F7BE6FE61A3
SHA1:	5BC592EC76C7CCE5E5EA8A3DC1B0FBE34DA0CB62
SHA-256:	943112BBB18792B2DF5587F54EACCE595E7A46E7AEC8D84199DF28CDF869605A
SHA-512:	36CCF3B84163867ACD2072D5F873C037E5175CCBD202AD67AEEAA7F0A1C3CA8F99F6428D59F1D20D881658FC0B0F63EE39EEFBE5CD757923262EF90A60AFFAF1
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterDDConfig : System.Xml.Serialization.XmlSerializationWriter {.... public void Write6_config(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"config", @"");.. return;.. }.. TopLevelElement();.. Write5_DDConfig(@"config", @"", ((global::DriversHQ.DriverDetective.Common.DDConfig)o), true, false);.. }.... void Write5_DDConfig(string n, string ns, global::DriversHQ.DriverDetective.Common.DDConfig o, bool isNullable, bool needType) {.. if ((object)o == null) {.. if (isNullable) WriteNullTagLiteral(n, ns);..

C:\Users\user\AppData\Local\Temp\xdix_tkb.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (500), with no line terminators
Category:	dropped
Size (bytes):	503
Entropy (8bit):	5.570555111859497
Encrypted:	false
SSDEEP:	12:p3rfBA/kNoT7z5YkD1xqfrrHc9ow16PrfG:VL+/kN8z2kDWfnW1crfG
MD5:	D6AF741DBD6B4A45657CDA7A999B240A
SHA1:	6059E5D1D642994FE5EB3A5798A05894A0C9CFD0
SHA-256:	A10D95B5B93763C1B02AE29D63A052C2BC8B6039287312D44E4F30DCCFA4AF15
SHA-512:	AA562A1CE22F91F159ECED2E6716791A1A6A3ADFC2616EA6A23EF08DFC2B15BBA3E7BD5A9EDE644A13CFB9FA2D6A0D6941BD8C6EE9D1F96A45222AA9F7495BE5
Malicious:	true
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll" /out:"C:\Users\user\AppData\Local\Temp\xdix_tkb.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\xdix_tkb.0.cs"

C:\Users\user\AppData\Local\Temp\xdix_tkb.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	36864
Entropy (8bit):	3.9014490415109715
Encrypted:	false
SSDEEP:	384:AFSqwzcKXYQTFpZ6MzKWoNRBDi3zQeAWtnV8edhzD1kH+KsunOgnG:+SLcQTFpAMzKWoNRBDijQ9SPnD+Ls6G
MD5:	F3502442B159D1D6086AB56790453B0B
SHA1:	F1A9BBB358746A7B5049803051A15E3996A94871
SHA-256:	8AC67413D9FB85D8158BFA25DFA9177DDF4203FAB1CFDC240F585AA4006B0527
SHA-512:	BF5105DAA3B22432EECDDF44477480853AD275D3B3A8E8C985C72A6348C8C9B355AC43A7C4C2FA9B4DE66ED74F24230ACF2E0F4CA0730AACF4560977040350D6
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....f...........!.....`... .......y... ........@.. ....................................@..................................y..W.................................................................................... ............... ..H............text....Y... ...`.................. ..`.rsrc................p..............@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\xdix_tkb.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (597), with CRLF line terminators
Category:	modified
Size (bytes):	940
Entropy (8bit):	5.598573874056513
Encrypted:	false
SSDEEP:	24:T+PxNzdL+/kN8z2kDWfnW1crfHKai3SGzKIMl6I5Dv1+fO1d:TcxHukWz2kDKW1qHKb3xKxl6I5DwO1d
MD5:	D97E174B456A679351BF23E799AFE810
SHA1:	3F57C14D662CCE9818046DCB33E6477269A74B36
SHA-256:	656FAB7EF6A492C94A519F2E34B72CE70D7ECCBBA8C8AE8A3EE26E6038B10853
SHA-512:	E4D82826701D83F3C0D249D9FC1F74ABA3772FB3B7ED3C330251EB620723E592EC4BF35D5D82F315F525FF2584153F393FEE17D76950E7143BF0861D00B69E0C
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll" /out:"C:\Users\user\AppData\Local\Temp\xdix_tkb.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\xdix_tkb.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....c:\Users\user\AppData\Local\Temp\xdix_tkb.0.cs(613,18): warning CS0219: The variable 'isNull' is assigned but its value is never used..

C:\Users\user\AppData\Local\Temp\xkpzpxec.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5825
Entropy (8bit):	4.607959530027734
Encrypted:	false
SSDEEP:	48:F1/6/6FV52BjeGVwjvB6u8smf0Z8cra8rrZyLhoOXzrau5LYrYdbd8/Xdbepod8u:Ff5kjeNbD8cpgLjXzzceB8Fqp48Czc87
MD5:	95E582576A27CFF0ED4AB1BEF7E2B8FD
SHA1:	282A560ACA036D5E076E57FA669D17C3514E9951
SHA-256:	B391458017B4282DACBC8A2CD883F1BDEA2E9F1E526B0991A6C165F1C4119893
SHA-512:	71A91E971E097FDA5191949FC11A9A1CD2153A7CC809D9EF33F64E083AFA6452FF589DDE832C35C870330930E36E67BA77B65BA8E0AAABF7A3FB25A17010055C
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterClientTestStatus : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_tests(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"tests", @"");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.DriverDetective.Client.Veloxum.ClientTestStatus)o), @"tests", @"", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderClientTestStatus : System.Xml.Serialization.XmlSerializationReader

C:\Users\user\AppData\Local\Temp\xkpzpxec.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (461), with no line terminators
Category:	dropped
Size (bytes):	464
Entropy (8bit):	5.545864852034181
Encrypted:	false
SSDEEP:	12:p3rz5YkNoT7fBABaSOfBAmL0fwGrHc9ow16Prfwb:VX2kN8f+BHOf+1fwwW1crfwb
MD5:	E12B6C81163D73BCDED712477ACCA141
SHA1:	9F4F8DE5459B2AD02F2636A860843FF0C75FE062
SHA-256:	99DB112D67AC5FA5407553620D0D07A8F67575B7CAEA702980DCEEA45B134CDB
SHA-512:	F15877016BDC0FA926CE18B42A488FE9973DADA6C5B053B607A3147DF9EF46B6F237E8AC26276301FE8D398F25E4272025924E06A7A4C32C079A6BCA5158A828
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\xkpzpxec.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\xkpzpxec.0.cs"

C:\Users\user\AppData\Local\Temp\xkpzpxec.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (558), with CRLF line terminators
Category:	dropped
Size (bytes):	765
Entropy (8bit):	5.5758657842956785
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rz5YkNoT7fBABaSOfBAmL0fwGrHc9ow16PrfwaKai3SGzKIMBj6IU:T+PxNzdX2kN8f+BHOf+1fwwW1crfwaKR
MD5:	6625834658A8C72BDAA1DFAA4BFB998A
SHA1:	8FA3E546ADD619683B067A2E0A13A8401C979B60
SHA-256:	F4F38A7DAEA38694BFA3C092148BC248C638EEEAABCA73C4961E4E6A088B2304
SHA-512:	147939884FE1EAD63E827813022BC15AC87861DC3A7AF0F8029C26C58B00AD19F0D173B290266492BD86B5F265D7A604D023113718F636DEE58E45E1063972F4
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\xkpzpxec.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\xkpzpxec.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\xo5_so7w.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	25297
Entropy (8bit):	4.540890033676716
Encrypted:	false
SSDEEP:	192:FBqJC4IfWtIHYNU3AkTkJIF966UEMCv0/p2NbNYUJJPFXzDMnInxTJAnvIEqr8Fz:vCD296olhWqmmN7ceB8bqp480zc81
MD5:	02F5FAE78171B89091B2278B4B84C11F
SHA1:	F56104C5E62758DF1EDE04ED83DB58ED61DA9848
SHA-256:	F806C4535A9555AABF2A0BA8A8F1A57C74664FB1EAADE50B0345813123656B4F
SHA-512:	FA6E8F74A5ECAD285A7E0A149EB71CF8ED02C2322477F9784E739DA99D81BEF7E3ECDFAB45CF5FB297E74A59F6D69DEA00467287057F1F5C7AFC8064560092E4
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterMachineIntelligence : System.Xml.Serialization.XmlSerializationWriter {.... public void Write8_machineIntelligence(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"machineIntelligence", @"");.. return;.. }.. TopLevelElement();.. Write7_MachineIntelligence(@"machineIntelligence", @"", ((global::DriversHQ.DriverDetective.Common.MachineIntelligence)o), true, false);.. }.... void Write7_MachineIntelligence(string n, string ns, global::DriversHQ.DriverDetective.Common.MachineIntelligence o, bool isNullable, bool needType) {..

C:\Users\user\AppData\Local\Temp\xo5_so7w.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (460), with no line terminators
Category:	dropped
Size (bytes):	463
Entropy (8bit):	5.533667867779444
Encrypted:	false
SSDEEP:	12:p3rfBA/kNoT7z5YfBAmL0fVrHc9ow16PrfQn:VL+/kN8z2f+1flW1crfQn
MD5:	A522BF8F9BB95623E8BE1E522CEC97B1
SHA1:	5E9988099D21DD4E509C87CAC8E3E902A3D025E7
SHA-256:	45AF1E1080CBCB763622E7D72027383075B754FB608394AFE375F7A928BE1FBF
SHA-512:	3035D345D5F8840D2EC074E779853BE4C664AB5237556E027FF63736C687F2C66D43A6A1C386D1CC1EA795D18A9495A2E73555058A693932EDDD90AF01777AD4
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\xo5_so7w.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\xo5_so7w.0.cs"

C:\Users\user\AppData\Local\Temp\xo5_so7w.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (557), with CRLF line terminators
Category:	dropped
Size (bytes):	764
Entropy (8bit):	5.564706015992878
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBA/kNoT7z5YfBAmL0fVrHc9ow16PrfQuKai3SGzKIMBj6I5BFRI:T+PxNzdL+/kN8z2f+1flW1crfQuKai39
MD5:	0B6C988E677A449DAC87C2B98B8EB505
SHA1:	535F8D71029725360512B04EB58F4A54A6EA01EC
SHA-256:	45FE3347951062317FAF32FA3D80B3D8CB4DEC645D3BF9599129CA3EE2FFCD43
SHA-512:	98D56DFA2C5F3DBD64C8F36FD3CBA8A1B67A8A518BF22C957CAA03E4B5773EF3472450AEF865722764D0B300BD3DE75BD406224D93B0EE845877941F90C3EB61
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\xo5_so7w.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\xo5_so7w.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\ykdhbh0q.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5982
Entropy (8bit):	4.619420175840738
Encrypted:	false
SSDEEP:	96:Ff5njUTNqHk4zaNXgAceB8ARqp481Bzc8O:FBsak4zSXgAceB8iqp48Dzc8O
MD5:	D5DFC9FF652D4F39DE8176FFC4460F96
SHA1:	1E1624A88E2000C0B585CBDCDAE672C2E7C38C3F
SHA-256:	F4B487BA5AFEDB12F54A0A060FEFB45C04F777BD92F043C75FC676FE8401E5B3
SHA-512:	E3A2653F462592E514076C8CF1E5753FCAC8FD1183A613F783E3C3A182D56C28929996FE70380410C35F4E18ACF0A7D6E166E93F431ACB3D8F01E7D5782A12E8
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterDeviceCollection : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_lastScannedDevices(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"lastScannedDevices", @"");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.DriverDetective.Common.DeviceCollection)o), @"lastScannedDevices", @"", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlSerializationReaderDeviceCollection : System.Xml.Serial

C:\Users\user\AppData\Local\Temp\ykdhbh0q.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (406), with no line terminators
Category:	dropped
Size (bytes):	409
Entropy (8bit):	5.601932204193457
Encrypted:	false
SSDEEP:	6:pAu+HmFpw+o3kLAwoT7R5BAn55wkn23fbw0zxscHc9olm14sQPIwkn23fbIGWH:p3rz5YkNoT7fBAAfdrHc9ow16PrfUGWH
MD5:	2DAE5E810628498C6FBA26A118237A02
SHA1:	021CF34FF3E5593B1305EB9B70383A1E3D65E94F
SHA-256:	DF0988DD1AFF57E7A88F1C25426A0629C366FCA16003EF05306365277CFB3A0D
SHA-512:	8E99BEE06FFF158CC06A623173AFD0E49D8C2F16901CBE7CEEB3A83FE1E7721157B774A0BBD645AE6A8953E417EA2A3B9F72934114C93EAEB046DA5751D84ABD
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /out:"C:\Users\user\AppData\Local\Temp\ykdhbh0q.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\ykdhbh0q.0.cs"

C:\Users\user\AppData\Local\Temp\ykdhbh0q.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (503), with CRLF line terminators
Category:	dropped
Size (bytes):	710
Entropy (8bit):	5.612611337875963
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rz5YkNoT7fBAAfdrHc9ow16PrfUGWOKai3SGzKIMBj6I5BFR5y:T+PxNzdX2kN8f+AfdW1crffWOKai3SGX
MD5:	C28C1160C7318635398BEE4F77D9B7B9
SHA1:	2A069FC49462A623EE8D56A216DBACDADB54F776
SHA-256:	3D8D6FDB4E71BF022AB1A70B7656DEF37D1497078CFFAC84559DB310B19CC1ED
SHA-512:	086A97E9A38CAD977D144CA2619B137519E03607DF0C014A41775EFC09A76B485879A0039FE9DCE787D16FC51546BCFB7B826F36D6D7880FFE102FE4F09D8EF0
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Agent.Common.dll" /out:"C:\Users\user\AppData\Local\Temp\ykdhbh0q.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\ykdhbh0q.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Local\Temp\zxbbqcpf.0.cs

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	6107
Entropy (8bit):	4.703119143339939
Encrypted:	false
SSDEEP:	96:Ff5GjxjOro5nIWvCP/cXTnfceB8/lqp48/kzc8FB:FBFW9vCsXTnfceB8dqp48czc8f
MD5:	701D30225A28BFB04E2336717164E6CF
SHA1:	D1A9279DC45DEEF4DF09BD8E885BB112BD736532
SHA-256:	39BECA344AEDACE45B4BCD9722FF938E0C571E57CA6328DD51C652BFB7308BB3
SHA-512:	C7913E31DB218AA1D0CDD2903D09A6A44ECCE4733B23B87C748E9EFD915F1AEF59EC25A71D987A179D371CCCEF8CA7C6B0D02FD5A84F9810F4F587AB16E84520
Malicious:	false
Reputation:	unknown
Preview:	.#if _DYNAMIC_XMLSERIALIZER_COMPILATION..[assembly:System.Security.AllowPartiallyTrustedCallers()]..[assembly:System.Security.SecurityTransparent()]..#endif..[assembly:System.Reflection.AssemblyVersionAttribute("10.1.6.14")]..namespace Microsoft.Xml.Serialization.GeneratedAssembly {.... public class XmlSerializationWriterCondition : System.Xml.Serialization.XmlSerializationWriter {.... public void Write1_conditionalParameter(object o) {.. WriteStartDocument();.. if (o == null) {.. WriteNullTagLiteral(@"conditionalParameter", @"http://rtm.drivershq.types/2011/10");.. return;.. }.. TopLevelElement();.. WriteSerializable((System.Xml.Serialization.IXmlSerializable)((global::DriversHQ.RuleEngine.Types.Condition)o), @"conditionalParameter", @"http://rtm.drivershq.types/2011/10", true, true);.. }.... protected override void InitCallbacks() {.. }.. }.... public class XmlS

C:\Users\user\AppData\Local\Temp\zxbbqcpf.cmdline

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (458), with no line terminators
Category:	dropped
Size (bytes):	461
Entropy (8bit):	5.5774842648066665
Encrypted:	false
SSDEEP:	12:p3rfBATz5YkNoT7fBAmL0f6xrHc9ow16Prf68:VL+Tz2kN8f+1f6BW1crf68
MD5:	CA88B3F0EB6622BF6A4CB824388F3AAD
SHA1:	35A96B08FCA9D97D5DCF8C500289FA5815403FCA
SHA-256:	F74A0335A1D2BD5C940181319947A9178589DD8995DE126595E2A4AF32BD985D
SHA-512:	474E465A2722408A8D82F6C01EF09E3694D6E1F73EC52694C30E20E6146CB5DB998863F26260D70A777B6CAF382AE132C41ACFB74DAD1058D46BE6FD91398A39
Malicious:	false
Reputation:	unknown
Preview:	./t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\zxbbqcpf.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\zxbbqcpf.0.cs"

C:\Users\user\AppData\Local\Temp\zxbbqcpf.out

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (555), with CRLF line terminators
Category:	dropped
Size (bytes):	762
Entropy (8bit):	5.600303559359598
Encrypted:	false
SSDEEP:	12:vbBAF9xNzR3rfBATz5YkNoT7fBAmL0f6xrHc9ow16Prf6pKai3SGzKIMBj6I5BFa:T+PxNzdL+Tz2kN8f+1f6BW1crf6pKaiN
MD5:	FE21322A4C9E638915A4B1DBC245F7F3
SHA1:	D8E698C6051F3B1913E3ABEF0F84617109D67CF9
SHA-256:	27DA3DB3967F4C4AC061A31369EEDFDF61CD5DC08B08C4C3EB7D30188DF44BBA
SHA-512:	624F42C4752E0F56E03B9B097C67A177B90E46C98E5AE946651822D53DAA887F104919F5A59573F5E7EC12C20861BA6D09277B4B7E256A3214FFA69BB72C50B0
Malicious:	false
Reputation:	unknown
Preview:	.C:\Program Files (x86)\Driver Support> "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /t:library /utf8output /R:"C:\Program Files (x86)\Driver Support\RuleEngine.dll" /R:"C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll" /R:"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorlib.dll" /R:"C:\Program Files (x86)\Driver Support\Common.dll" /out:"C:\Users\user\AppData\Local\Temp\zxbbqcpf.dll" /debug- /optimize+ /nostdlib /D:_DYNAMIC_XMLSERIALIZER_COMPILATION "C:\Users\user\AppData\Local\Temp\zxbbqcpf.0.cs"......Microsoft (R) Visual C# 2005 Compiler version 8.00.50727.9149..for Microsoft (R) Windows (R) 2005 Framework version 2.0.50727..Copyright (C) Microsoft Corporation 2001-2005. All rights reserved.....

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support\Driver Support.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Dec 12 15:13:24 2018, mtime=Thu Aug 15 08:48:06 2024, atime=Wed Dec 12 15:13:24 2018, length=10714752, window=hide
Category:	dropped
Size (bytes):	1284
Entropy (8bit):	4.5953508444959414
Encrypted:	false
SSDEEP:	24:8mVyv+qSEmxdOEvZ+pIdfKKAU+BTUd+MdOUUkNqy4kw9m:8mVi+qFmxdOUdf6USAd1dXey4h
MD5:	0912B5DBCEF679A73AB83361E5D9AD51
SHA1:	8F451E8B74CC2B66DD2DF5C65203B5AE5D196031
SHA-256:	659C9C78F16AF12CB0DAB14E3AAE2828FEB81121CCB1D11ACCB7958AFD4DF3D9
SHA-512:	0BA050AA49868EFB101B387EC2B7091AEB76ED88F7F07BCAFF96521E9CB38D76F7A05E91294BDAF3F5E984DB5E6A971A01B0E75651371AEB354A88587F1DAF9B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.... ....jz.5......:.....jz.5....~...........................P.O. .:i.....+00.../C:\.....................1......Y.M..PROGRA~2.........O.I.Y.M....................V......5.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....f.1......Y.N..DRIVER~1..N.......Y.M.Y.N..............................D.r.i.v.e.r. .S.u.p.p.o.r.t.....p.2..~...M.. .DRIVER~1.EXE..T......M...Y.N....6.........................D.r.i.v.e.r.S.u.p.p.o.r.t...e.x.e.......f...............-.......e...........)s.C.....C:\Program Files (x86)\Driver Support\DriverSupport.exe..O.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.D.r.i.v.e.r. .S.u.p.p.o.r.t.\.D.r.i.v.e.r.S.u.p.p.o.r.t...e.x.e.%.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.D.r.i.v.e.r. .S.u.p.p.o.r.t.........*................@Z\|...K.J.........`.......X.......992547...........hT..CrF.f4... ..T..b...,.......hT..CrF.f4... ..T..b...,......7...........1SPS.XF.L8C....&.m

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Driver Support\Uninstall Driver Support.lnk

Download File

Process:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Oct 21 15:54:04 2016, mtime=Thu Aug 15 08:48:07 2024, atime=Fri Oct 21 15:54:04 2016, length=429280, window=hide
Category:	dropped
Size (bytes):	1163
Entropy (8bit):	4.65151559770421
Encrypted:	false
SSDEEP:	24:8meD/SEmxdOEvZvxNBRAw+0id4hNdOUUktWMqyFm:8mOFmxdOExniwud4hNdXYyF
MD5:	ABFE1C71219AC226720B2D88CD5BDBFF
SHA1:	5E5EA7067E1EC632903566E746837E8F8078D1A0
SHA-256:	3988FDB20285AF0DD71B0E756F481920B01E216FBA289CE95E19CFA820F9F14C
SHA-512:	D117CFDBD7AAD24E08796E842A1F635337BA2978D4527F7983AFA98512DE3F57631AF2C1D51A35B072554BE0FDE4B4B04A1A6A4E198F385E92954C6E40D08650
Malicious:	false
Reputation:	unknown
Preview:	L..................F.... ....^..+...).;.....^..+...............................P.O. .:i.....+00.../C:\.....................1......Y.M..PROGRA~2.........O.I.Y.M....................V......5.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....f.1......Y.N..DRIVER~1..N.......Y.M.Y.N..............................D.r.i.v.e.r. .S.u.p.p.o.r.t.....h.2.....UI. .UNINST~1.EXE..L......UI..Y.N..............................U.n.i.n.s.t.a.l.l...e.x.e.......b...............-.......a...........)s.C.....C:\Program Files (x86)\Driver Support\Uninstall.exe..K.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.D.r.i.v.e.r. .S.u.p.p.o.r.t.\.U.n.i.n.s.t.a.l.l...e.x.e.%.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.D.r.i.v.e.r. .S.u.p.p.o.r.t.........*................@Z\|...K.J.........`.......X.......992547...........hT..CrF.f4... ..T..b...,.......hT..CrF.f4... ..T..b...,..................1SPS.XF.L8C....&.m.q............/...S.

C:\Windows\INF\c_monitor.PNF

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x1318 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB
Category:	dropped
Size (bytes):	6884
Entropy (8bit):	3.38566451787524
Encrypted:	false
SSDEEP:	96:262X44AX7c3OMPVT3adMGUnTwrq41QXOMtzLsfv3VfANNWuyfJ:9jWT3YxUnypgOqNWus
MD5:	8BABB2F1CB51CEFF50440835C0B80191
SHA1:	1A7B84BA5E53E0C06C8D91AF974F8F159CA70077
SHA-256:	13B5FE2F8B3513D3F0D2DEC6B60090B8AC54560FBEB217E46B039BABC45185E4
SHA-512:	F22CFBC32CEF93C16E2D5BCEC4F78189DC48915139E6439AD18C972C011FE7BD9159031D325F6250575294ED654E3501A53EFF0D5F701BCD56783AC78C9279EC
Malicious:	false
Reputation:	unknown
Preview:	.........................F......L..................................p...4.......h.......................C.:.\.W.i.n.d.o.w.s.....e.n.-.G.B.......d...................l.......4.......................................................................\...........................................................................4...........`...............................................................................................................................................................................,...............................................................................................................................$...............................................................................t...........................................................................................................................................................................................................................................................................................

C:\Windows\INF\c_processor.PNF

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xfa0 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-GB
Category:	dropped
Size (bytes):	5356
Entropy (8bit):	3.087033516764189
Encrypted:	false
SSDEEP:	96:3ERG+gmlAjeSm1OwthgmyDc8Vze8SWtpJO1:UXyjz2g7Dc8ReBWlc
MD5:	6459879CE4FF7638CBAF655490378658
SHA1:	0222E53EDD92DC0F0BB833158D7860E1A3D3B1B1
SHA-256:	E1BAD06DD8A9938E875AAA46E82A21BFA0D9A98DAF48CF53CB51F9EA4A2BC78E
SHA-512:	7B92F9B8535EF55D36D8B6FCBDFBF8AF06F9EAEDA83368F0222BCB537EEDCD4B58DDEC69B92EF65FE240C1BD3146E681E471B19F77FE952A865239A916550D5B
Malicious:	false
Reputation:	unknown
Preview:	.........................F......L..........................0.......8...T.......h.......................C.:.\.W.i.n.d.o.w.s.....e.n.-.G.B.......t...................\|.......D.......................................................................h...............................................................................................................................................................................................................................................................\|.......8...............................D...................................T.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\INF\c_volume.PNF

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0xd98 "Signature", at 0x68 WinDirPath, LanguageID 809, at 0x80 language en-US
Category:	dropped
Size (bytes):	4548
Entropy (8bit):	2.831131550519223
Encrypted:	false
SSDEEP:	48:+jACyGz7ElZxWykc5KaMRiFY7eaIDbsRbXKVMRGGLp7tVCCHr6mv7C:YARGzEWy7YBusNXDLpxV3r6mvG
MD5:	2CA6C8433DDA2069FA91844B0EE0ABB2
SHA1:	3BA5DF878F3E320726CCE7A240306DB3B7273F86
SHA-256:	5157663F1E18310C964F88A260A706F58E73BA45FE2A038EDBFEC859BD4FE1BF
SHA-512:	5EC7A6EC4672AFF17DB930A4E1A87D7BA6BF52E336815F348B09BD3A82D454CD8F1CFE8DED9966ED45354F52930A691AF8FD420A8AD9730EF1C91DF6F497F1A4
Malicious:	false
Reputation:	unknown
Preview:	........................u;.....l.......................d.......................h.......................C.:.\.W.i.n.d.o.w.s.....e.n.-.U.S.......x...........................H.......................................................................p...............................................................\|.......................................................................................................................................................................................................@...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	modified
Size (bytes):	922
Entropy (8bit):	3.608044656212454
Encrypted:	false
SSDEEP:	24:QCssMdk+gjhHd+JfDSxsoVsoCdk+gjhHd+cfDSxsosz:X9MdkzhHdYfDLoioCdkzhHd9fDLosz
MD5:	B2CBA7F4A4531DCEF225C3AA0D0F92C7
SHA1:	631186D186303AA29EDE97D140A9754313D55EB5
SHA-256:	DD74DEFD997DF1A6309B7862EB095003F1A71C52BFCE2A04933024416EC185E7
SHA-512:	2DBB7DDB59FB1317454BFEA41C7F5A7C2F44660356C0771BB8746ACB5C022CB7FF92046FE36B09BE0FCD0D11745D95163E599A16A6FFA3079D8AAAD494D0EC53
Malicious:	false
Reputation:	unknown
Preview:	..0.8./.1.5./.2.0.2.4. .0.5.:.4.8.:.0.7. .[.7.7.9.6.].:. .C.o.m.m.a.n.d. .l.i.n.e.:. .C.:.\.W.i.n.d.o.w.s.\.M.i.c.r.o.s.o.f.t...N.E.T.\.F.r.a.m.e.w.o.r.k.\.v.2...0...5.0.7.2.7.\.n.g.e.n...e.x.e. .i.n.s.t.a.l.l. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.D.r.i.v.e.r. .S.u.p.p.o.r.t.\.D.r.i.v.e.r.S.u.p.p.o.r.t...e.x.e. ./.s.i.l.e.n.t. .....0.8./.1.5./.2.0.2.4. .0.5.:.4.8.:.3.0. .[.7.7.9.6.].:. .n.g.e.n. .r.e.t.u.r.n.i.n.g. .0.x.0.0.0.0.0.0.0.0.....0.8./.1.5./.2.0.2.4. .0.5.:.4.8.:.3.0. .[.8.1.7.2.].:. .C.o.m.m.a.n.d. .l.i.n.e.:. .C.:.\.W.i.n.d.o.w.s.\.M.i.c.r.o.s.o.f.t...N.E.T.\.F.r.a.m.e.w.o.r.k.\.v.2...0...5.0.7.2.7.\.n.g.e.n...e.x.e. .i.n.s.t.a.l.l. .C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.D.r.i.v.e.r. .S.u.p.p.o.r.t.\.D.r.i.v.e.r.S.u.p.p.o.r.t...U.p.d.a.t.e.r...e.x.e. ./.s.i.l.e.n.t. .....0.8./.1.5./.2.0.2.4. .0.5.:.4.8.:.3.2. .[.8.1.7.2.].:. .n.g.e.n. .r.e.t.u.r.n.i.n.g. .0.x.0.0.0.0.0.0.0.0.....

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Reputation:	unknown
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

C:\Windows\Temp\cpuz143\cpuz143_x64.sys

Download File

Process:	C:\Program Files (x86)\Driver Support\Agent.CPU.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	768:d1Vg1IySerRNv2WpCtyVwW2rQIlZmzFLadIDRhR13i2:3VeGerRNOWpCtu4x4HhR1y2
MD5:	CE57844FB185D0CDD9D3CE9E5B6A891D
SHA1:	32888D789EDC91095DA2E0A5D6C564C2AEBCEE68
SHA-256:	EE45FD2D7315FD039F3585A66E7855BA4AF9D4721E1448E602623DE14E932BBE
SHA-512:	D7D73A74D9F3B4B16009A94AB7531D5BD635173C180BBA1300C6ACCF584590F2E1791ED721F669013ED61418F59495FB1E110818FE81D98F9714C72195768DBA
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<.G.R.G.R.G.R.G.S.\.R.N...B.R.N...A.R.N...F.R.N...C.R.N...F.R.N...F.R.RichG.R.........................PE..d....."Y.........."......L..........d...............................................]$..........................................................<.......P............^..@a...........`...............................................`...............................text...FE.......F.................. ..h.rdata..4....`.......J..............@..H.data...@....p.......P..............@....pdata...............R..............@..HINIT.................T.............. ....rsrc...P............Z..............@..B........................................................................................................................................................................................................................................................................

C:\Windows\assembly\Desktop.ini

Download File

Process:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
File Type:	Windows desktop.ini
Category:	dropped
Size (bytes):	227
Entropy (8bit):	5.2735028737400205
Encrypted:	false
SSDEEP:	6:a1eZBXVNYTF0NwoScUbtSgyAXIWv7v5PMKq:UeZBFNYTswUq1r5zq
MD5:	F7F759A5CD40BC52172E83486B6DE404
SHA1:	D74930F354A56CFD03DC91AA96D8AE9657B1EE54
SHA-256:	A709C2551B8818D7849D31A65446DC2F8C4CCA2DCBBC5385604286F49CFDAF1C
SHA-512:	A50B7826BFE72506019E4B1148A214C71C6F4743C09E809EF15CD0E0223F3078B683D203200910B07B5E1E34B94F0FE516AC53527311E2943654BFCEADE53298
Malicious:	false
Reputation:	unknown
Preview:	; ==++==..; ..; Copyright (c) Microsoft Corporation. All rights reserved...; ..; ==--==..[.ShellClassInfo]..CLSID={1D2680C9-0E2A-469d-B787-065558BC7D43}..ConfirmFileOp=1..InfoTip=Contains application stability information...

C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Common\dde70247168d305464eb486f7dd1b054\Agent.Common.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	2449408
Entropy (8bit):	6.6321845268629005
Encrypted:	false
SSDEEP:	24576:RmWxx7ix09P5ZjgTt6Tlnf7zJ4lf/vUuNXSBU0GbBh/U6MFzzcZIXJvwUb8c/:RDx0EMTt65f74f/5NXSPQQzBXCy
MD5:	574F6AFBAB54A915B6D3DC6D1AA84BE8
SHA1:	7CAAA4F0D3593ACDD2BD63AA2BFC724E34D26997
SHA-256:	CB568D23123E06D1A9C413397E6AD391231F7671B802953C55D8DAB537A234DB
SHA-512:	5B3BD86625A8373C02AF56E158F43A9FB620043CA7416C0B8FB3F00CA1D967BADF7B46587D0D4F8EAEA96341083BC351BC3AB7510F2996A4C254188A067D96BA
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...J,.\...........!..........................................................%...........@..................................................................P$..@...5$.................................................................H............data.j.............................@....xdata...h...0...j..................@....text.....!.......!................. ..`.extrel......@$.......$.............@..@.reloc...@...P$..B....$.............@..B............................................................................................................................................................................U_..Y_..]_...V......................................,...................X\|......................F.......................................O................................................................................................2..............................X"..................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Communication\5fd1c8175527ba0537d0a88e78239ef3\Agent.Communication.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	2373632
Entropy (8bit):	6.610719183763021
Encrypted:	false
SSDEEP:	24576:vFTelrZ1U4c0IJ/xqAKjz0XnzsaUZzjncXY/cBTrZuViemRD17YN9h1e/1dAbDYe:tKlrZ1c0I1xqAlUApFo/7o/ANyW
MD5:	7A22D3C9DBA7479651E1A84C8CD57BA1
SHA1:	CED6C635A4A550832521C6B95682F09DCD74C689
SHA-256:	FC63CBB59292556D1F5959E6A408741169F22026370AD31DD47CF34B39A83482
SHA-512:	DAA9C58E076992865BEA2A0310D0D556F70F4006B67A0700655E13BCC0FAF2B5CC2315AEC5B9CFF2F4C9B856112854864CFE30237BE6AD07F07BA31D0157FB00
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...H,.\...........!.........................................................p$...........@.......................................... .......................P#.....H;#..............................................................$..H............data.j............................@....xdata...v.......x..................@....text..... .. .... ................. ..`.extrel......@#......$#.............@..@.reloc.......P#......&#.............@..B............................................................................................................................................................................I@..!;..................................................f...............l...................L.......................7...............t...P...........................................................................DA..............$A..."..............................X...................P...............l...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent.Updater\37537651740f30dd38deda45befbd304\Agent.Updater.ni.exe (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	556544
Entropy (8bit):	6.482216020782186
Encrypted:	false
SSDEEP:	12288:cVwCTecOUnlf9N3VBgFkmGah2aoNtITe:cmkdOU1T3VBOkmGauNSS
MD5:	2757C28956D6CAE05A16D81401815EE3
SHA1:	632D245E34A1B7EC38DC92E6D9F2A0B8FB2A3198
SHA-256:	6968EC7408783C574BADBEF9D5B107A277E59B9AF09573F13A8818FE087D2023
SHA-512:	38E59E2E850E838BA1A2432BD316FBFDF7F394171A4E3150ED669A4CEFFB9D3D0E6B40AF3521C229E175998656B914A3A453D6F29BBC2C9C517832AA4ECF0E03
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...G,.\...........!...............................0......................................@..................................................................p..d=..@W..................................................................H............data.j.D...........................@....xdata...(.......*..................@....text............................... ..`.extrel......`.......>..............@..@.reloc..d=...p...>...@..............@..B...............................................................................................................................................................................0...0...0.........................................t.0................th.0................ht.0f................z.0................ l.0.................\|.0...................0...................0................L..0............,..0...0...............................0................P...............4...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\Agent\a69ce6357fb391c421cd72a75fdbf42d\Agent.ni.exe (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	25896960
Entropy (8bit):	6.8411651859598965
Encrypted:	false
SSDEEP:	393216:QJOKOhcs/NOfCufdqR5K++PvYt+UKHLewAXKMu4BYZtd/NmxrHGaMU:wPfdqnYNw
MD5:	A31D8D373D58CCF336EFC90BE9D3E1DF
SHA1:	C3811209FB9F5D77D0E72F9A94F9541108C0D7A0
SHA-256:	9490F5E6F75F03CB0A92016FF5E747024C6D37425BD1DA0DC414B1970129678F
SHA-512:	C8120C24F9D682FE6D7D78300917FAB7C5941B11B9EEA409CC17007A3CB53DA2F3D7ACE47A56A7AFBBE09FC1CAB93D449A68B6AE9780FE62B9983B52F15C1181
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...=,.\...........!...............................0.........................`............@......................................................................r..D.................................................................H............data.j.h...........................@....xdata..............................@....text....;n......<n..t.............. ..`.extrel.G..........................@..@.reloc...r.......t..................@..B....................................................................................................................................................................P..0.....7.0.7.0I..0.7.0.7.0.................................H.0...................0.................W.0.3..............\|&.0# .................0...................0...................0...................0................X..0.?..........8..0.o.0.............................B.0................................d...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\Common\f79e1ab6f1786caa351ee0d2384ee6a4\Common.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	7397888
Entropy (8bit):	6.60873623681008
Encrypted:	false
SSDEEP:	98304:/4i6T5udHTFblc1EBrGOgH3Y+gQ1szyTY8AZA0Uq4bSG2KeA1ZV:wi69uRFYVXY+AzwvsPA
MD5:	A0C031141B67F167A18EC781E5BD4E63
SHA1:	518AEFA2B59767B2DD3978ABDDC67A671F7BCB78
SHA-256:	D145FAEE017F51F3433937D2EF52C326F206C2ABEB297A70498EA6F192A64363
SHA-512:	1C741BCD080D61F3E9EB8A4D311B618FA1DE8E3C9D06F1B5466BBE623C66212AF73695CA521FE919EE7E0F40910E218E69E8AB3310082845752B26DBB73C8CFB
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...L,.\...........!.........................................................0q...........@..................................................................pm......Sm.................................................................H............data.j.............................@....xdata..............................@....text...5.`.......`..V.............. ..`.extrel......`m......,m.............@..@.reloc.......pm.......m.............@..B.............................................................................................................................................................................,..MA..QA..UA..YA................................... ..n....................................*..b............... ....!..................D............................................................................^... ...........^..l..................................................P...............D...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\ExceptionLogging\7fb38a2727987d2842924921a2567970\ExceptionLogging.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	71680
Entropy (8bit):	5.6143473443127805
Encrypted:	false
SSDEEP:	1536:z9d+POHFo+4PDNNe7nHvS5ZM2qR433svhpY:uOHFwPDNNe7n6TM2x33s5p
MD5:	E3DDC0C7478C3F80C7A13A321DBAF2BF
SHA1:	64C6196D0A55EEC40DA8E8EE3D1239BDD0EB1ACD
SHA-256:	FFDE9E799F79A2565BD70CAB8B51AA591CD6816AD20D5D4CFC40D47BA68A6E3C
SHA-512:	3C4D7CFF38C14B26BF6860314C19807685B7A0CD7B8F5A0573F722BDF41514E5C76BA0565FD2C01158106FA51B34E996B98C8D41243960D0996C796A2C2E181B
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L....+.\...........!.........................................................P............@..........................................`.......................@.......................................................................d..H............data.j..;.......<..................@....xdata.......P.......>..............@....text...$....`.......H.............. ..`.extrel.A....0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................./...................+..h...............T0...................2..<...............d-...................3..........................................................DE..............$E......................................................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\00d15e9c35244f43c7b8bf36d1bb48cc\ICSharpCode.SharpZipLib.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	547840
Entropy (8bit):	6.512048725814683
Encrypted:	false
SSDEEP:	6144:/989m/z7p9Cbqut9PfxDz49XpvCsyh4kywLuFJPYDfBne1GXHKkI6W5XZ:/Rb7p9Cbqut9PpDz49XJnymeJH2ZZ
MD5:	A768CDF7BDB95403EF96B35C8C11696F
SHA1:	70A59C990C9EE897A9698F12F7B010887F299F54
SHA-256:	EB01C43DE1D6570E487399830FEBD0A215B34F652B007945628F9EC9E5510103
SHA-512:	9074D18564B70C8166350B69A02443842D73048098240AF6E818B2FD244902EC7B686CE5C4FE0303DBB9F75A475D27016F208D5597C5CE593814749C811855CA
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L....<.K...........!...............................1......................................@..........................................P.......................`...6...................................................................T..H............data.j.............................@....xdata..t....0......................@....text........P...................... ..`.extrel.%....P......."..............@..@.reloc...6...`...8...$..............@..B...................................................................................................................................................................................................................................1...................1r.................1...................1@..................1...................1...................1...................1...................1...............1P..1...............................1................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.WUApiLib\bcb74b2753db931431b4a9f9edf4bb8f\Interop.WUApiLib.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	202240
Entropy (8bit):	5.058761296133153
Encrypted:	false
SSDEEP:	3072:LKQ9fmtGAn2j1QmyxLu3YD+AxL2PjSAtqHHyxRfCO0K:Lx9etGAnk1QmyAAxL2PmAtAgRf
MD5:	E723145488ED7000BE61595BEA5EF8B7
SHA1:	538F037CD92BD5146E3286ED71CEAAB4054964E6
SHA-256:	2B098A878D9BD56596C430E0666C1D0334FB0EF26A2410D0F29C40655013DA34
SHA-512:	DCE41330947EC4857276E13CA38F64A7AED268690B91B0B17D2E9E5783BD7EF77FDC892F60085E9030E33A7B94EAC4D277C02CA644A0371CAB6F3A9450124F32
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L....+.\...........!...............................1.........................P............@.................................................................. ..`+.....................................................................H............data.j.8B.......D..................@....xdata...4...`...6...F..............@....text...Tk.......l...\|.............. ..`.extrel.............................@..@.reloc..`+... ...,..................@..B................W..................................................................................................................................................................................................................1................x..1................@..1N...............x..1...................1...................1...................1...................1.................2.1............p2.1...1............................L .1................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Applicati#\de965ec14a73eae5d33502aa55ac30b0\Microsoft.ApplicationBlocks.Updater.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	235520
Entropy (8bit):	6.059275237711877
Encrypted:	false
SSDEEP:	3072:aRXnh9IAYe7aeVqQKAEV9Bsf7nHXJQsLJJKNhhUgT+j/Wx7m0fx4MOd56dBWCa1l:aRX3IAngAEVyZQeJ+M1B
MD5:	42C47B7508BD6299D6D3DC9E4ACDC2B5
SHA1:	057331D2AE64398605598ACBD830469629CD4DFD
SHA-256:	9BFD07DF4606609CC1A2BA29E60E9CF721FE815D14D2925095F9D75B4DC836B3
SHA-512:	36A0DE5EA8AD92F5DE35D9F35730475C92A12D0E1C0F597052ACE5E3B2A1DCE323EE8220D86E2519CF5F99E390FA5A9139CF7254F3C3A27D020D80E98E4459C3
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L....+.\...........!......................................................................@.............................................d........................"..P...............................................................p...H............data.j............................@....xdata..............................@....text............................... ..`.extrel.Q............r..............@..@.reloc...".......$...t..............@..B.............................................................................................................................................................................#...#..............................................pt..V................n...................u...................}..$...............\|p..................H............................................................................................................... ...................P...............h...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\f9006ce65a14801ded8b839fab9bfebd\Microsoft.JScript.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	2336768
Entropy (8bit):	6.766759669445879
Encrypted:	false
SSDEEP:	49152:BXfh/udaeqG+6xBU4wNE/23973erBc7BK:BXf4YGPxFwN423t3eraw
MD5:	47F02E99CEE23BB39F489A5F129564A6
SHA1:	A7AD3AFAA907356608FB2D8E35C0A6C8375EBF7F
SHA-256:	80ABA3E3534675AA13EB1F79FA3C1B2FE704815E49A499F80DA244E291C9BA70
SHA-512:	A6276E90CF6DCC6372C4D14B7EB8788520D21FF83C835CB219628B0C0217899A0B08BD5EF4BACAE34F07C3B13BAF6D12E0857CB3569CD4DB8AB6FD66D941C73D
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L......]...........!..............................b^..........................#...........@.............................................`.....................".,.....".............................................................`...H............data.j............................@....xdata...E.......F..................@....text...>........................... ..`.extrel.......".......".............@..@.reloc..,.....".......".............@..B............................................................................................................................................................................U!b^................................................(.c^O.................c^{...............d.c^..................c^..................c^..................d^..................b^..................b^.................Dd^............xDd^..b^..............................b^................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\17326adb8598b7c3c8750b4023fdc64e\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	150528
Entropy (8bit):	5.98867639343579
Encrypted:	false
SSDEEP:	3072:XDqevwcPahYb6UqOLGb/00lOdpp/yGcztwZHe:nrAyhdpp/kCQ
MD5:	5950E3F098741159CE4010CC7F11179A
SHA1:	44166BF9B939A7AC0AE7DE4CD0CD57B40090BE4F
SHA-256:	384801542B794B1DFFCC191C2DFA5B2354A40CCE70F52A82DF4A43076C496216
SHA-512:	8026D31669A017E86DF0F2DBA326D78CF5E42CCFF8024A31ECA5A7E977AF1E4366D6E868A4E21C52FD03B41F3822F51FDF42FDC739DEC1381443DB258F7F15D8
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L....+.\...........!......................................................................@..................................................................`.......H.................................................................H............data.j..m.......n..................@....xdata...............p..............@....text............................... ..`.extrel.6....P.......0..............@..@.reloc.......`.......2..............@..B.................................................................................................................................................................................................................................W..:................Q...................X..J................]..G...............HT...................^..........................................................xr..............Xr..................................<...................P...............h...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\263781c7aacc93a3afa893720adb71f2\Microsoft.Practices.ObjectBuilder.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	304128
Entropy (8bit):	6.12188649584436
Encrypted:	false
SSDEEP:	3072:ahk+hIz6DRs/PnBsD/E9MbNkTzlBwOuwtxX1gDHKFBOwChyadWAfBS:MIGm/fBsY+5kTzlBwOuwtHEHi4hAv
MD5:	2B13273C75F5C985855B32BBF6EFB70C
SHA1:	AACB8E4A0F8F0561834F9BA05722874A99D8A5FB
SHA-256:	607A342798306D66649AEA727498E6D73BBF2296AA48B4D4A4FF5570A121AEB9
SHA-512:	DEAA1FCD0C9549C9191398FC7884BAED0C773A370508E0A1653E4CB3AE54384B67A7B48A6E76EABEF2420EC828F38991191D62F04E279BB57521FE683C635B18
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L....+.\...........!......................................................................@..........................................p..t........................T...g...............................................................t..H............data.j..#.......$..................@....xdata...,...@.......&..............@....text........p.......T.............. ..`.extrel......p.......N..............@..@.reloc...T.......T...P..............@..B....................................................................................................................................................................................................................................U...................P...................q...................]...................................8..."............................................................................2..................................................P...............P...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Practices#\457dd1c25d156d9b39e0252ed2359a45\Microsoft.Practices.EnterpriseLibrary.Common.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	308736
Entropy (8bit):	6.139144413093015
Encrypted:	false
SSDEEP:	3072:ouo7ynu2/ySa2IC9oBLoawDMMYY6KXKWNwezWbh2MmhWYtFxJ1awDBIsp+y2s:ouRuO3tMMVzChTWv77
MD5:	6B99881DE289ECDE4421FA2B33E23119
SHA1:	B2C701B9478FC764A5EC46CF6BF85820C8660918
SHA-256:	BBB1B034247CCE6D56B95C6987BFF009143AED246649A9FE9EE9563763EC4585
SHA-512:	4509A68AE53B37DBE41DD2A5097FDAAACFB21737941174D1C2DC49C60C6EE3EA5650B39EC44882ECD2EC70D39E1306B058BD8E9471C87BD1850C2F11FD4723EE
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L....+.\...........!......................................................................@..........................................P..h.......................PI..................................................................pT..H............data.j.............................@....xdata...&... ...(..................@....text....1...P...2...8.............. ..`.extrel..............j..............@..@.reloc..PI.......J...l..............@..B............................................................................................................................................................................%>...9..)>..->..1>..................................\|...k...................................(.......................................`.......................'............................................................................%..................................................P...............d...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\2c05915f5623d1aa5bb4121a26b16a00\Microsoft.VisualC.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	15872
Entropy (8bit):	3.153921033778293
Encrypted:	false
SSDEEP:	192:XJDV+JeUDrb+m5y1WtENaWSFxumo4HxarjkA6ucItl:T1WtkaW2RRa8ATl
MD5:	F611EA4228E8CCACF877A60AC4169A19
SHA1:	63A9D6BA223BA5D946DF66BCB82FCF1F7346B719
SHA-256:	670ED0696E4B723CA984E83BBEFD59EF43529F1ACA9B923023F99E78D19F7C72
SHA-512:	AB5708DD2A7CC8A1D5AB05455667C2AAE8CD8A1B5AC069D355656DC86389BD0D76B86C7D14B644604E42CC13C9B15AD798416B9CF174F825C839B368195148C1
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L......]...........!......................................................................@..........................................@.......................p.......Y...............................................................C..H............data.j.X...........................@....xdata..p....0......................@....text........@....... .............. ..`.extrel......`.......:..............@..@.reloc.......p.......<..............@..B................W.......................................................................................................................................................................................................................................................4...................d.......................................l...........................................................0+...............+..,...................................................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\469c8b7e2a8a123322bdacbd7ba00a8c\Microsoft.Vsa.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	55296
Entropy (8bit):	5.433470107566437
Encrypted:	false
SSDEEP:	768:pi/8klXV5xLCSbzzkNU9c0nEMlQ3RV2kwpSVh0unYRbUn64YwD5uW4PSaIxx6pl:MLZV5xOMHCDMlQb2tcVI18K+4STAl
MD5:	6DECC02574BEE2F051BBA78D0531C7C0
SHA1:	FCDAEF9B55296BED2534D75C32335C9C856E578D
SHA-256:	55776B382FF3E335605059D6AB7C8676B3AE10DFA64ACFFA3D052AC0B7E91E30
SHA-512:	62FDFBA1B0D5EFE8A9375AFE2A66F282026911F43D47BBC0C0DFCF72B68F0E4A25C07C4D21AB9ADBFF241B0C377F97C6C97FB9842FB925C7D148E09D8EDF669E
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L......]...........!...............................^......................................@..........................................`..@...........................................................................................@d..H............data.j..;.......<..................@....xdata.......P.......>..............@....text........`.......F.............. ..`.extrel.............................@..@.reloc..............................@..B................................................................................................................................................................................................................................(2.^................./.^B................2.^.................4.^k................0.^K................6.^...................^...................^.................G.^.............G.^...^...............................^................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Win32.Tas#\37eb33caafd5db73e68082c81ef1e0a5\Microsoft.Win32.TaskScheduler.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	357376
Entropy (8bit):	6.121440818463196
Encrypted:	false
SSDEEP:	6144:TUZsVUUkYmvrOUZ0aAjyfsnE7L2nUBdGjgr:IZpvrOQn+En6U3+gr
MD5:	0D075A82CBBBA63217AB212D9505B470
SHA1:	FDD58EE7946C6F63232D4AD5F6CA58764CB94F5F
SHA-256:	F794B966F3970E57B45120E5E68588E63D391A7D468FC649EEE2CD2326B17D19
SHA-512:	410F73CE397FFFAE60C94E50B0B098A9BAD12D13ECD7C8669E182EF6E448C900A585C0DF6564C34C6C5B8C08B2122FBD3E85425283BB3E90DB7B70C02CF6AE2C
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L....G(N...........!...............................1......................................@..........................................p.......................`..\|7...K...............................................................s..H............data.j.(+.......,..................@....xdata...,...@......................@....text........p.......\.............. ..`.extrel.n....P.......:..............@..@.reloc..\|7...`...8...<..............@..B...............................................................................................................................................................................1................................................,..1...................1................@..1...................1=...............d..12..................1...................1...................1................0..1...............1...1...............................1................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\RuleEngine\4bdb76de6604335296474f74c4cbb6c4\RuleEngine.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	3422720
Entropy (8bit):	6.626850415970842
Encrypted:	false
SSDEEP:	49152:hW/tRSwMXd8yTeXseYpxxacx+2xOEzv+6Tm1uPE3yq:hWOoRG+8Ol6Ti3y
MD5:	2F066BD172A3AA5F0F84DB3261CF74D7
SHA1:	C7D70EB7B3A486572831FA2897FCE9F87C6AE9C2
SHA-256:	647DC0EC6A4DA8ACE610903C8D74CCFC397CF88FDDA790884785D65CFEACB8FD
SHA-512:	00465980F7FCA6DEE78B368A2D5794CBB07CD2A52C8210E7565EBE57DE89B2823CD36E0BFCE31800202D01CAADA119355A1B2EB14737DFE155B86F55ABEA7878
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...Q,.\...........!.........................................................p4...........@.................................................................. 2.$G....2................................................................H............data.j.............................@....xdata..............................@....text....{-......\|-..t.............. ..`.extrel.2.....2.......1.............@..@.reloc..$G... 2..H....1.............@..B............................................................................................................................................................................i...................................................h...........................................{...................................\|...;...........................................................................\| ..............\ ..8Z...............................6..................P............... ...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\0665e4875d42b99f24e22762d9d60c42\System.Data.OracleClient.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1118720
Entropy (8bit):	6.581350373350295
Encrypted:	false
SSDEEP:	24576:kiJ3EloOz0wmsCO5eOAOTyfnJWmLY9lLWBmmOVGrBJrgi/eG6zl4WjnGj:rqloOz0wNCO5e+Tbj
MD5:	52C9FD0DA1F2D617F73D891D50922183
SHA1:	1F227DFE8BACCB1E562CD80AB4366D5567D35000
SHA-256:	248488AFDAB4E388CAE90B3897D1C3C9215CE5664AF9B2A9E95B636030237362
SHA-512:	F78637DC3E13D90B7933F606114672A9B64CDBAE1433DA1F627022FC00CFEE92E8DBF832CBFA736276B4E926C15051BA134196D30437573D9050FCAC527470E4
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...F..]...........!...............................e.........................P............@..........................................p..H..........................................................................................Pt..H............data.j.............................@....xdata..dV.......X..................@....text...A6...p...8...V.............. ..`.extrel.............................@..@.reloc..............................@..B................w............................................................................................................................................................4.e.4.e.............................................\.e................0L.e:...............h_.ew...............D..e.................Q.e................P..e...................e...................e.................e..............e.".e............................(..e................P...............h...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\90c1fadfe8510201a762a907c7eb1faf\System.Data.SqlXml.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	2516992
Entropy (8bit):	6.639624461628111
Encrypted:	false
SSDEEP:	49152:ocMjyMygU4unN63QXQ3Q9vtgPUtCG4dD5pE:ocMj+gUhN6AmQ3HMdD5p
MD5:	62B4F598A8DD057B121A1F25F3DABE34
SHA1:	68E8B7235080ADAC76E312BD6840B5C079D21022
SHA-256:	1924CABC032BA995270BE08E6E3EE5D9F44DB5810741E3DDA52BF633E2373644
SHA-512:	4ADE270227ACF077E310AB061D02C41587693BA1FDDEA1C3DC16CC0FFB9140205D06DD64025F6E6BA1F4FD86745833D9E70FC50EA7AFFF9EC3FA2FD381D657BD
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L....]...........!...............................e..........................&...........@.............................................0.....................$.......$.............................................................0...H............data.j.............................@....xdata..............................@....text....J.......L...d.............. ..`.extrel.......$.......$.............@..@.reloc........$.......$.............@..B..............................................................................................................................................................................e..e............................................P..e.........e....,}.ea...............,..e........H..e......e...................e(..................e...................e...................e.................E.e.............E.e...e.............................).e................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\e3fa6c30d72ec45df2e5f5f297b83cec\System.Deployment.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1681408
Entropy (8bit):	6.504222624370666
Encrypted:	false
SSDEEP:	12288:eWpH9GtLihmyjh62G0Go01x4CocI4eTHbm3tjNMdH6n7NTElQ+dlVuUm/vJlqRup:pdG9zjezHlVuUmObeXdGJM
MD5:	6B5F2DD8FF6DB005704DD4333804D025
SHA1:	54279F30036DBE241FAC53A981708A8ACD8BFED3
SHA-256:	9A26D1F601ACFA553C94EDB5AFDF8044683EC8C0ED16D6CF91B0501A3F26689E
SHA-512:	2D54C7BD58AD10CA4C39CF15F380314ABDD99912E4270FD1EB648151305EAE86069759997F7F251F84194A441E1E2DD521FC5C8A5125D6E2F4D5E9A70C0DCE67
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L......]...........!..............................2j......................................@.............................................4.......................4...T...............................................................@...H............data.j..H.......J..................@....xdata...S...`...T...L..............@....text....&.......(.................. ..`.extrel.............................@..@.reloc..4...........................@..B............................................................................................................................................................................i+2j.82j.82j.82j....................................TY4j.................G4jb................a4j................d.4jM...............tM4j..................4j..................2j..................2j..................4j..............4j4.2j..............................2j................P...............`...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Design\23f2e1e196f71523e1ef513e643c983f\System.Design.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	10688000
Entropy (8bit):	6.363470284125273
Encrypted:	false
SSDEEP:	98304:h8E+I4GRH7KRkSm4Ncztlm28hejgJzOz91WHft1TX2nvv:eT3Ceotl3weMly98/tde
MD5:	362EA34B08903912D336CD5B51EC24E9
SHA1:	51C2A53C24EC55F9679ACAD5DA0ECF4E7375D7FD
SHA-256:	22D965A0220D762448CE105CDBA9C258D3CEE68F8A0CC78172B633F07345652C
SHA-512:	53B6E6B532A117137DB5C83C22AF6B73A040670494C1DA7DB63FA68E0FCB641C304E5310AFCFBD9095D8AB40C853EA0111886B60E9DF60295C95F8165D3E1D5C
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...8..]...........!..............................dj.........................@............@..........................................................................u.............................................................. ...H............data.j.............................@....xdata..T...........................@....text....e.......f.................. ..`.extrel..............`..............@..@.reloc...............f..............@..B....................................................................................................................................................................P.dj....!.dj1.ej5.ej9.ej=.ej................................Pypj....D.....dj....<.pjv...0.....dj......pjz2........dj.....Yqj.!...............$pjO...6.....dj......qj..................dj................ .dj.................8rj]D..........8.djLNdj............................ +dj................................................

C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\b4dea039a943da5c4afe75ae1e9ed665\System.DirectoryServices.Protocols.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	455168
Entropy (8bit):	6.465645650112892
Encrypted:	false
SSDEEP:	6144:TETeMRBpxpFTF47lk8PimoR5k6tq29So6FwM9m6RhsRsSIvyuVMQi1wTRV82:+JLdAimok6tqOmhsRyvNiZ
MD5:	F7EF11B40510661F59FDB9AF59EA3862
SHA1:	EA7A934D21F6191147B9CE3ECC43A2FBD815D147
SHA-256:	D2C9F1C05CAFAAD6146D62C972D7AD3E9DD4A967589222A49F54143914AAD616
SHA-512:	2F051DCE155E94BC04175DA0D4C078BB3EAC564DBD25CC4D43576536D6E61A29E2E71EF4A3870A889090942D3A922D5BF439010A7608D94D195471C8D50617F3
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...K..]...........!..............................-g......................... ............@.......................................... ..p........................?..................................................................p$..H............data.j.............................@....xdata..D...........................@....text...s.... ...................... ..`.extrel.............................@..@.reloc...?.......@..................@..B............................................................................................................................................................................9.-g..................................................-g................ .-g..................-gf...............,.-g..................-gW...............T.-g..................-g..................-g................H.-g............(.-g..-g..............................-g................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\4bb73c27f8c6af54ed5fa349a7845bad\System.Drawing.Design.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	208384
Entropy (8bit):	6.249230382875945
Encrypted:	false
SSDEEP:	3072:cgcMeXaTar6e7uVlcgCHLfUHjsUGiIgEPlNGEA6Nyal8MaphBP:bcMeXTI6TEsUGiIgulNy5al
MD5:	570D5A7621A8BD451D6CFB262BE8BCAC
SHA1:	09673863ADA5FEB310B08C60691AB58B7CC04B42
SHA-256:	F659A88029B5839B3521681B5BB0D7433196663EC2B1BF3F4AADF4CE05C35341
SHA-512:	C8A05385C0B92F95A0631A42692206F7F7B35304162F4A26A0CAB13A2627481B34F72F11108874BF81A0019E72BF2ABBE7F08992B6A2CFB5485DECEC05C0865B
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...)..]...........!..............................9g.........................p............@.............................................8....................@...'..T%..............................................................@...H............data.j.<...........................@....xdata..\|!......."..................@....text....U.......V.................. ..`.extrel......0......................@..@.reloc...'...@...(..................@..B..............................................................................................................................................................................9g..9g..9g.........................................p9g)................f9g.................q9g.................v9g.................i9g.................y9g..................9g..................9g................\|.9g............\.9gT.9g..............................9g................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b284ad5164c9539ce7375228dee925fa\System.EnterpriseServices.Wrapper.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	280064
Entropy (8bit):	5.9272044792255825
Encrypted:	false
SSDEEP:	3072:EHEGdQVKQzD+997vAJGJvhfi2piKsLzipiQdvCnwV6lh/YouQ5fyp42:IOB+lGGnfi2piXLmp9vb4lhYot
MD5:	44E21A75F8D598DC0E82E20EA224118C
SHA1:	4D9B0F8F5465103C28EEA745851BB700799BA588
SHA-256:	A673BC39E9DC658445B1902D2CBE80410F8CF97C354CB6844F1D860F53C4AEC0
SHA-512:	B187445ED652171C0B798E3F1A3B3E88CA16B3E1E9934B7D2BD8AA4C27D650B6391FC5498A417DE9217DF6474D0E186FB3677B191EC7BC37F16F29C9A31FE4DF
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L......]...........!......................................................................@..........................................@....................... ..(R...................................................................D..H............data.j.............................@....xdata.......0......................@....text...r....@.......*.............. ..`.extrel.............................@..@.reloc..(R... ...T..................@..B................................................................................................................................................................................................................................(...i...................T..................."...............T..._...............................................................................................d...l...........D.......................................................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\b284ad5164c9539ce7375228dee925fa\System.EnterpriseServices.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	628224
Entropy (8bit):	6.376260796000546
Encrypted:	false
SSDEEP:	12288:iRUXENlIM7ItibMMhTpNYiJJUQ+eNfsG4mQ412VMns+C2UWPgif4Ozxbu0N:iRGE/0iQ6Tp0G4B41+MsSPgifVu8
MD5:	8D0DF4778FB492DCB5D368A33B4646D9
SHA1:	785667ABD205B6F1D3FA5084F8F2EFDB7148CCF1
SHA-256:	DC90CA55D00F451E83E8CBA73E3759DE0DE98B5A55A26D669DDFE40C17AF9531
SHA-512:	1F2EA3674746EE3E6B0FBE8901DD69438855061F2B5D85DB64D5FC39F6D2F99C82B30A149B26A2C2335240F739D7968628B2B97930E1711BCAAC3908A0189431
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L......]...........!..............................?g......................................@..................................................................p..,Z...P..................................................................H............data.j.H...........................@....xdata...4.......6..................@....text...2a.......b.................. ..`.extrel.S....`.......8..............@..@.reloc..,Z...p...\...:..............@..B................................................................................................................................................................................................................................p+@g........@.?g......@g"...............X/@g........P.?g....tE@gL...............\!@g.................N@g..................?g..................?g.................n@g............x.?gH.?g..............................?g................P...............4...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\919121cf5560278d8dc871928c969480\System.Runtime.Serialization.Formatters.Soap.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	310784
Entropy (8bit):	6.529954347882403
Encrypted:	false
SSDEEP:	6144:5DKRa5hdDA4nq8siCbRn/4nzVSvgrc/4VCSXF7o91b:5DicfDpndfnkEUh
MD5:	3262C873B152F650A1C139FABFEA8FC7
SHA1:	CF56F2ADA1C363E2ACE5A76E21E19C4749BD32AC
SHA-256:	4F606C0722D359F6D2301631C8AD19B3F8A457C25266B7BC5E4F74A3399724D1
SHA-512:	EC2DE483C2B74C3E605F0E5DF328CE85AB58E5B67C0FEDDB66C64FEBD17152247A44965E9BB73C677E502C389CDC4A72997789C6705E8D6BFFF47D3074B3D6A9
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L......]...........!...............................g......................................@.............................................................................................................................................H............data.j.Tj.......l..................@....xdata..l............n..............@....text............ ...\|.............. ..`.extrel.............................@..@.reloc........... ..................@..B................................................................................................................................................................................................................................$O.g1................G.g.................O.gX...............HU.g.................I.g`................].g...................g...................g.................p.g.............p.g...g...............................g................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\4d51fef9118100446bd1838c1f081755\System.Security.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	721920
Entropy (8bit):	6.594796528907095
Encrypted:	false
SSDEEP:	12288:gDHZLwXiE2j6hfWJy6HTm/ebg/nsU9NcshSqWyedZox4:yHZnJIfWJy2TmGbg/nsUrcnqWye
MD5:	4C8BFD7DFFECD98A7B830E94FFED46CE
SHA1:	09C46706873816044840899B4B7FBE874B624F98
SHA-256:	C0E99F51368D395FF9B13C489C2DE6B51AA68943DED87E756A1B4D99646263CC
SHA-512:	61C821E5EECE575F2F0CC99BF1C3C3A7C68085C3A67335D01AB74033461753F0ECF4C20657665530971BD162F8B543D18AC90A7F686E1CA4A82036E8AA17E6DC
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L.....P_...........!...............................g.........................0............@.............................................(........................^..0...............................................................0...H............data.j.xt.......v..................@....xdata...........0...x..............@....text...x........................... ..`.extrel.............................@..@.reloc...^.......`..................@..B...............................................................................................................................................................................g1'.g............................................p..g................,..g...................g#...............P..g................D..gK................6.g...................g...................g.................T.gF............S.g...g...............................g................P...............X...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\9b51a87621e285c977664835b5f3cf4b\System.Web.RegularExpressions.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	254464
Entropy (8bit):	6.2150772578113695
Encrypted:	false
SSDEEP:	3072:YwvzjD4gLW9O/oiULDOoi9Ph3rPRazAdTCy4HnMNr:VBhULDOhBNrPRHFCyon
MD5:	A66E710EAB182BCFBDA6C36A9516733D
SHA1:	2155A3D541F5AFB56DBF0697EFA267A6B1B0D24D
SHA-256:	43739C25FC6A41944A6748FDF97AEE09E6CB18D50231F24E413B46F0878DF650
SHA-512:	EFD9B74E6E2DC25DDF8B81DBA74F6832D2602F014ECCB7F598BA80192A22E4E444EBE29FF4072DA712B3C2554FB7A854F8278CBFA1C9B4C91217CC8B80ED7160
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...{v.b...........!...............................f......................... ............@..........................................p..\|....................... ...l................................................................t..H............data.j..N.......P..................@....xdata.......`.......R..............@....text....p...p...r...X.............. ..`.extrel.............................@..@.reloc.. ...........................@..B...............................................................................................................................................................................f.................................................D.fQ...............TC.f.................E.f.................H.f.................C.f3................H.f...................f...................f.................].f.............].f,..f...............................f................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8254.tmp\Agent.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	25896960
Entropy (8bit):	6.8411651859598965
Encrypted:	false
SSDEEP:	393216:QJOKOhcs/NOfCufdqR5K++PvYt+UKHLewAXKMu4BYZtd/NmxrHGaMU:wPfdqnYNw
MD5:	A31D8D373D58CCF336EFC90BE9D3E1DF
SHA1:	C3811209FB9F5D77D0E72F9A94F9541108C0D7A0
SHA-256:	9490F5E6F75F03CB0A92016FF5E747024C6D37425BD1DA0DC414B1970129678F
SHA-512:	C8120C24F9D682FE6D7D78300917FAB7C5941B11B9EEA409CC17007A3CB53DA2F3D7ACE47A56A7AFBBE09FC1CAB93D449A68B6AE9780FE62B9983B52F15C1181
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...=,.\...........!...............................0.........................`............@......................................................................r..D.................................................................H............data.j.h...........................@....xdata..............................@....text....;n......<n..t.............. ..`.extrel.G..........................@..@.reloc...r.......t..................@..B....................................................................................................................................................................P..0.....7.0.7.0I..0.7.0.7.0.................................H.0...................0.................W.0.3..............\|&.0# .................0...................0...................0...................0................X..0.?..........8..0.o.0.............................B.0................................d...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP959E.tmp\Common.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	7397888
Entropy (8bit):	6.60873623681008
Encrypted:	false
SSDEEP:	98304:/4i6T5udHTFblc1EBrGOgH3Y+gQ1szyTY8AZA0Uq4bSG2KeA1ZV:wi69uRFYVXY+AzwvsPA
MD5:	A0C031141B67F167A18EC781E5BD4E63
SHA1:	518AEFA2B59767B2DD3978ABDDC67A671F7BCB78
SHA-256:	D145FAEE017F51F3433937D2EF52C326F206C2ABEB297A70498EA6F192A64363
SHA-512:	1C741BCD080D61F3E9EB8A4D311B618FA1DE8E3C9D06F1B5466BBE623C66212AF73695CA521FE919EE7E0F40910E218E69E8AB3310082845752B26DBB73C8CFB
Malicious:	false
Yara Hits:	Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP959E.tmp\Common.dll, Author: Joe Security
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...L,.\...........!.........................................................0q...........@..................................................................pm......Sm.................................................................H............data.j.............................@....xdata..............................@....text...5.`.......`..V.............. ..`.extrel......`m......,m.............@..@.reloc.......pm.......m.............@..B.............................................................................................................................................................................,..MA..QA..UA..YA................................... ..n....................................*..b............... ....!..................D............................................................................^... ...........^..l..................................................P...............D...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9C74.tmp\System.Data.SqlXml.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	2516992
Entropy (8bit):	6.639624461628111
Encrypted:	false
SSDEEP:	49152:ocMjyMygU4unN63QXQ3Q9vtgPUtCG4dD5pE:ocMj+gUhN6AmQ3HMdD5p
MD5:	62B4F598A8DD057B121A1F25F3DABE34
SHA1:	68E8B7235080ADAC76E312BD6840B5C079D21022
SHA-256:	1924CABC032BA995270BE08E6E3EE5D9F44DB5810741E3DDA52BF633E2373644
SHA-512:	4ADE270227ACF077E310AB061D02C41587693BA1FDDEA1C3DC16CC0FFB9140205D06DD64025F6E6BA1F4FD86745833D9E70FC50EA7AFFF9EC3FA2FD381D657BD
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L....]...........!...............................e..........................&...........@.............................................0.....................$.......$.............................................................0...H............data.j.............................@....xdata..............................@....text....J.......L...d.............. ..`.extrel.......$.......$.............@..@.reloc........$.......$.............@..B..............................................................................................................................................................................e..e............................................P..e.........e....,}.ea...............,..e........H..e......e...................e(..................e...................e...................e.................E.e.............E.e...e.............................).e................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA146.tmp\System.Security.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	721920
Entropy (8bit):	6.594796528907095
Encrypted:	false
SSDEEP:	12288:gDHZLwXiE2j6hfWJy6HTm/ebg/nsU9NcshSqWyedZox4:yHZnJIfWJy2TmGbg/nsUrcnqWye
MD5:	4C8BFD7DFFECD98A7B830E94FFED46CE
SHA1:	09C46706873816044840899B4B7FBE874B624F98
SHA-256:	C0E99F51368D395FF9B13C489C2DE6B51AA68943DED87E756A1B4D99646263CC
SHA-512:	61C821E5EECE575F2F0CC99BF1C3C3A7C68085C3A67335D01AB74033461753F0ECF4C20657665530971BD162F8B543D18AC90A7F686E1CA4A82036E8AA17E6DC
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L.....P_...........!...............................g.........................0............@.............................................(........................^..0...............................................................0...H............data.j.xt.......v..................@....xdata...........0...x..............@....text...x........................... ..`.extrel.............................@..@.reloc...^.......`..................@..B...............................................................................................................................................................................g1'.g............................................p..g................,..g...................g#...............P..g................D..gK................6.g...................g...................g.................T.gF............S.g...g...............................g................P...............X...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA2FC.tmp\ExceptionLogging.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	71680
Entropy (8bit):	5.6143473443127805
Encrypted:	false
SSDEEP:	1536:z9d+POHFo+4PDNNe7nHvS5ZM2qR433svhpY:uOHFwPDNNe7n6TM2x33s5p
MD5:	E3DDC0C7478C3F80C7A13A321DBAF2BF
SHA1:	64C6196D0A55EEC40DA8E8EE3D1239BDD0EB1ACD
SHA-256:	FFDE9E799F79A2565BD70CAB8B51AA591CD6816AD20D5D4CFC40D47BA68A6E3C
SHA-512:	3C4D7CFF38C14B26BF6860314C19807685B7A0CD7B8F5A0573F722BDF41514E5C76BA0565FD2C01158106FA51B34E996B98C8D41243960D0996C796A2C2E181B
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L....+.\...........!.........................................................P............@..........................................`.......................@.......................................................................d..H............data.j..;.......<..................@....xdata.......P.......>..............@....text...$....`.......H.............. ..`.extrel.A....0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................./...................+..h...............T0...................2..<...............d-...................3..........................................................DE..............$E......................................................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA3A7.tmp\System.Runtime.Serialization.Formatters.Soap.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	310784
Entropy (8bit):	6.529954347882403
Encrypted:	false
SSDEEP:	6144:5DKRa5hdDA4nq8siCbRn/4nzVSvgrc/4VCSXF7o91b:5DicfDpndfnkEUh
MD5:	3262C873B152F650A1C139FABFEA8FC7
SHA1:	CF56F2ADA1C363E2ACE5A76E21E19C4749BD32AC
SHA-256:	4F606C0722D359F6D2301631C8AD19B3F8A457C25266B7BC5E4F74A3399724D1
SHA-512:	EC2DE483C2B74C3E605F0E5DF328CE85AB58E5B67C0FEDDB66C64FEBD17152247A44965E9BB73C677E502C389CDC4A72997789C6705E8D6BFFF47D3074B3D6A9
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L......]...........!...............................g......................................@.............................................................................................................................................H............data.j.Tj.......l..................@....xdata..l............n..............@....text............ ...\|.............. ..`.extrel.............................@..@.reloc........... ..................@..B................................................................................................................................................................................................................................$O.g1................G.g.................O.gX...............HU.g.................I.g`................].g...................g...................g.................p.g.............p.g...g...............................g................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA4E0.tmp\System.Deployment.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1681408
Entropy (8bit):	6.504222624370666
Encrypted:	false
SSDEEP:	12288:eWpH9GtLihmyjh62G0Go01x4CocI4eTHbm3tjNMdH6n7NTElQ+dlVuUm/vJlqRup:pdG9zjezHlVuUmObeXdGJM
MD5:	6B5F2DD8FF6DB005704DD4333804D025
SHA1:	54279F30036DBE241FAC53A981708A8ACD8BFED3
SHA-256:	9A26D1F601ACFA553C94EDB5AFDF8044683EC8C0ED16D6CF91B0501A3F26689E
SHA-512:	2D54C7BD58AD10CA4C39CF15F380314ABDD99912E4270FD1EB648151305EAE86069759997F7F251F84194A441E1E2DD521FC5C8A5125D6E2F4D5E9A70C0DCE67
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L......]...........!..............................2j......................................@.............................................4.......................4...T...............................................................@...H............data.j..H.......J..................@....xdata...S...`...T...L..............@....text....&.......(.................. ..`.extrel.............................@..@.reloc..4...........................@..B............................................................................................................................................................................i+2j.82j.82j.82j....................................TY4j.................G4jb................a4j................d.4jM...............tM4j..................4j..................2j..................2j..................4j..............4j4.2j..............................2j................P...............`...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA906.tmp\Microsoft.JScript.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	2336768
Entropy (8bit):	6.766759669445879
Encrypted:	false
SSDEEP:	49152:BXfh/udaeqG+6xBU4wNE/23973erBc7BK:BXf4YGPxFwN423t3eraw
MD5:	47F02E99CEE23BB39F489A5F129564A6
SHA1:	A7AD3AFAA907356608FB2D8E35C0A6C8375EBF7F
SHA-256:	80ABA3E3534675AA13EB1F79FA3C1B2FE704815E49A499F80DA244E291C9BA70
SHA-512:	A6276E90CF6DCC6372C4D14B7EB8788520D21FF83C835CB219628B0C0217899A0B08BD5EF4BACAE34F07C3B13BAF6D12E0857CB3569CD4DB8AB6FD66D941C73D
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L......]...........!..............................b^..........................#...........@.............................................`.....................".,.....".............................................................`...H............data.j............................@....xdata...E.......F..................@....text...>........................... ..`.extrel.......".......".............@..@.reloc..,.....".......".............@..B............................................................................................................................................................................U!b^................................................(.c^O.................c^{...............d.c^..................c^..................c^..................d^..................b^..................b^.................Dd^............xDd^..b^..............................b^................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPACCF.tmp\Microsoft.Vsa.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	55296
Entropy (8bit):	5.433470107566437
Encrypted:	false
SSDEEP:	768:pi/8klXV5xLCSbzzkNU9c0nEMlQ3RV2kwpSVh0unYRbUn64YwD5uW4PSaIxx6pl:MLZV5xOMHCDMlQb2tcVI18K+4STAl
MD5:	6DECC02574BEE2F051BBA78D0531C7C0
SHA1:	FCDAEF9B55296BED2534D75C32335C9C856E578D
SHA-256:	55776B382FF3E335605059D6AB7C8676B3AE10DFA64ACFFA3D052AC0B7E91E30
SHA-512:	62FDFBA1B0D5EFE8A9375AFE2A66F282026911F43D47BBC0C0DFCF72B68F0E4A25C07C4D21AB9ADBFF241B0C377F97C6C97FB9842FB925C7D148E09D8EDF669E
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L......]...........!...............................^......................................@..........................................`..@...........................................................................................@d..H............data.j..;.......<..................@....xdata.......P.......>..............@....text........`.......F.............. ..`.extrel.............................@..@.reloc..............................@..B................................................................................................................................................................................................................................(2.^................./.^B................2.^.................4.^k................0.^K................6.^...................^...................^.................G.^.............G.^...^...............................^................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAD6B.tmp\Microsoft.VisualC.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	15872
Entropy (8bit):	3.153921033778293
Encrypted:	false
SSDEEP:	192:XJDV+JeUDrb+m5y1WtENaWSFxumo4HxarjkA6ucItl:T1WtkaW2RRa8ATl
MD5:	F611EA4228E8CCACF877A60AC4169A19
SHA1:	63A9D6BA223BA5D946DF66BCB82FCF1F7346B719
SHA-256:	670ED0696E4B723CA984E83BBEFD59EF43529F1ACA9B923023F99E78D19F7C72
SHA-512:	AB5708DD2A7CC8A1D5AB05455667C2AAE8CD8A1B5AC069D355656DC86389BD0D76B86C7D14B644604E42CC13C9B15AD798416B9CF174F825C839B368195148C1
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L......]...........!......................................................................@..........................................@.......................p.......Y...............................................................C..H............data.j.X...........................@....xdata..p....0......................@....text........@....... .............. ..`.extrel......`.......:..............@..@.reloc.......p.......<..............@..B................W.......................................................................................................................................................................................................................................................4...................d.......................................l...........................................................0+...............+..,...................................................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPADF8.tmp\System.EnterpriseServices.Wrapper.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	280064
Entropy (8bit):	5.9272044792255825
Encrypted:	false
SSDEEP:	3072:EHEGdQVKQzD+997vAJGJvhfi2piKsLzipiQdvCnwV6lh/YouQ5fyp42:IOB+lGGnfi2piXLmp9vb4lhYot
MD5:	44E21A75F8D598DC0E82E20EA224118C
SHA1:	4D9B0F8F5465103C28EEA745851BB700799BA588
SHA-256:	A673BC39E9DC658445B1902D2CBE80410F8CF97C354CB6844F1D860F53C4AEC0
SHA-512:	B187445ED652171C0B798E3F1A3B3E88CA16B3E1E9934B7D2BD8AA4C27D650B6391FC5498A417DE9217DF6474D0E186FB3677B191EC7BC37F16F29C9A31FE4DF
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L......]...........!......................................................................@..........................................@....................... ..(R...................................................................D..H............data.j.............................@....xdata.......0......................@....text...r....@.......*.............. ..`.extrel.............................@..@.reloc..(R... ...T..................@..B................................................................................................................................................................................................................................(...i...................T..................."...............T..._...............................................................................................d...l...........D.......................................................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPADF8.tmp\System.EnterpriseServices.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	628224
Entropy (8bit):	6.376260796000546
Encrypted:	false
SSDEEP:	12288:iRUXENlIM7ItibMMhTpNYiJJUQ+eNfsG4mQ412VMns+C2UWPgif4Ozxbu0N:iRGE/0iQ6Tp0G4B41+MsSPgifVu8
MD5:	8D0DF4778FB492DCB5D368A33B4646D9
SHA1:	785667ABD205B6F1D3FA5084F8F2EFDB7148CCF1
SHA-256:	DC90CA55D00F451E83E8CBA73E3759DE0DE98B5A55A26D669DDFE40C17AF9531
SHA-512:	1F2EA3674746EE3E6B0FBE8901DD69438855061F2B5D85DB64D5FC39F6D2F99C82B30A149B26A2C2335240F739D7968628B2B97930E1711BCAAC3908A0189431
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L......]...........!..............................?g......................................@..................................................................p..,Z...P..................................................................H............data.j.H...........................@....xdata...4.......6..................@....text...2a.......b.................. ..`.extrel.S....`.......8..............@..@.reloc..,Z...p...\...:..............@..B................................................................................................................................................................................................................................p+@g........@.?g......@g"...............X/@g........P.?g....tE@gL...............\!@g.................N@g..................?g..................?g.................n@g............x.?gH.?g..............................?g................P...............4...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPAFDC.tmp\System.DirectoryServices.Protocols.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	455168
Entropy (8bit):	6.465645650112892
Encrypted:	false
SSDEEP:	6144:TETeMRBpxpFTF47lk8PimoR5k6tq29So6FwM9m6RhsRsSIvyuVMQi1wTRV82:+JLdAimok6tqOmhsRyvNiZ
MD5:	F7EF11B40510661F59FDB9AF59EA3862
SHA1:	EA7A934D21F6191147B9CE3ECC43A2FBD815D147
SHA-256:	D2C9F1C05CAFAAD6146D62C972D7AD3E9DD4A967589222A49F54143914AAD616
SHA-512:	2F051DCE155E94BC04175DA0D4C078BB3EAC564DBD25CC4D43576536D6E61A29E2E71EF4A3870A889090942D3A922D5BF439010A7608D94D195471C8D50617F3
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...K..]...........!..............................-g......................... ............@.......................................... ..p........................?..................................................................p$..H............data.j.............................@....xdata..D...........................@....text...s.... ...................... ..`.extrel.............................@..@.reloc...?.......@..................@..B............................................................................................................................................................................9.-g..................................................-g................ .-g..................-gf...............,.-g..................-gW...............T.-g..................-g..................-g................H.-g............(.-g..-g..............................-g................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB2F9.tmp\System.Design.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	10688000
Entropy (8bit):	6.363470284125273
Encrypted:	false
SSDEEP:	98304:h8E+I4GRH7KRkSm4Ncztlm28hejgJzOz91WHft1TX2nvv:eT3Ceotl3weMly98/tde
MD5:	362EA34B08903912D336CD5B51EC24E9
SHA1:	51C2A53C24EC55F9679ACAD5DA0ECF4E7375D7FD
SHA-256:	22D965A0220D762448CE105CDBA9C258D3CEE68F8A0CC78172B633F07345652C
SHA-512:	53B6E6B532A117137DB5C83C22AF6B73A040670494C1DA7DB63FA68E0FCB641C304E5310AFCFBD9095D8AB40C853EA0111886B60E9DF60295C95F8165D3E1D5C
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...8..]...........!..............................dj.........................@............@..........................................................................u.............................................................. ...H............data.j.............................@....xdata..T...........................@....text....e.......f.................. ..`.extrel..............`..............@..@.reloc...............f..............@..B....................................................................................................................................................................P.dj....!.dj1.ej5.ej9.ej=.ej................................Pypj....D.....dj....<.pjv...0.....dj......pjz2........dj.....Yqj.!...............$pjO...6.....dj......qj..................dj................ .dj.................8rj]D..........8.djLNdj............................ +dj................................................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC076.tmp\System.Drawing.Design.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	208384
Entropy (8bit):	6.249230382875945
Encrypted:	false
SSDEEP:	3072:cgcMeXaTar6e7uVlcgCHLfUHjsUGiIgEPlNGEA6Nyal8MaphBP:bcMeXTI6TEsUGiIgulNy5al
MD5:	570D5A7621A8BD451D6CFB262BE8BCAC
SHA1:	09673863ADA5FEB310B08C60691AB58B7CC04B42
SHA-256:	F659A88029B5839B3521681B5BB0D7433196663EC2B1BF3F4AADF4CE05C35341
SHA-512:	C8A05385C0B92F95A0631A42692206F7F7B35304162F4A26A0CAB13A2627481B34F72F11108874BF81A0019E72BF2ABBE7F08992B6A2CFB5485DECEC05C0865B
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...)..]...........!..............................9g.........................p............@.............................................8....................@...'..T%..............................................................@...H............data.j.<...........................@....xdata..\|!......."..................@....text....U.......V.................. ..`.extrel......0......................@..@.reloc...'...@...(..................@..B..............................................................................................................................................................................9g..9g..9g.........................................p9g)................f9g.................q9g.................v9g.................i9g.................y9g..................9g..................9g................\|.9g............\.9gT.9g..............................9g................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC142.tmp\System.Data.OracleClient.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1118720
Entropy (8bit):	6.581350373350295
Encrypted:	false
SSDEEP:	24576:kiJ3EloOz0wmsCO5eOAOTyfnJWmLY9lLWBmmOVGrBJrgi/eG6zl4WjnGj:rqloOz0wNCO5e+Tbj
MD5:	52C9FD0DA1F2D617F73D891D50922183
SHA1:	1F227DFE8BACCB1E562CD80AB4366D5567D35000
SHA-256:	248488AFDAB4E388CAE90B3897D1C3C9215CE5664AF9B2A9E95B636030237362
SHA-512:	F78637DC3E13D90B7933F606114672A9B64CDBAE1433DA1F627022FC00CFEE92E8DBF832CBFA736276B4E926C15051BA134196D30437573D9050FCAC527470E4
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...F..]...........!...............................e.........................P............@..........................................p..H..........................................................................................Pt..H............data.j.............................@....xdata..dV.......X..................@....text...A6...p...8...V.............. ..`.extrel.............................@..@.reloc..............................@..B................w............................................................................................................................................................4.e.4.e.............................................\.e................0L.e:...............h_.ew...............D..e.................Q.e................P..e...................e...................e.................e..............e.".e............................(..e................P...............h...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC307.tmp\System.Web.RegularExpressions.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	254464
Entropy (8bit):	6.2150772578113695
Encrypted:	false
SSDEEP:	3072:YwvzjD4gLW9O/oiULDOoi9Ph3rPRazAdTCy4HnMNr:VBhULDOhBNrPRHFCyon
MD5:	A66E710EAB182BCFBDA6C36A9516733D
SHA1:	2155A3D541F5AFB56DBF0697EFA267A6B1B0D24D
SHA-256:	43739C25FC6A41944A6748FDF97AEE09E6CB18D50231F24E413B46F0878DF650
SHA-512:	EFD9B74E6E2DC25DDF8B81DBA74F6832D2602F014ECCB7F598BA80192A22E4E444EBE29FF4072DA712B3C2554FB7A854F8278CBFA1C9B4C91217CC8B80ED7160
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...{v.b...........!...............................f......................... ............@..........................................p..\|....................... ...l................................................................t..H............data.j..N.......P..................@....xdata.......`.......R..............@....text....p...p...r...X.............. ..`.extrel.............................@..@.reloc.. ...........................@..B...............................................................................................................................................................................f.................................................D.fQ...............TC.f.................E.f.................H.f.................C.f3................H.f...................f...................f.................].f.............].f,..f...............................f................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC410.tmp\ICSharpCode.SharpZipLib.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	547840
Entropy (8bit):	6.512048725814683
Encrypted:	false
SSDEEP:	6144:/989m/z7p9Cbqut9PfxDz49XpvCsyh4kywLuFJPYDfBne1GXHKkI6W5XZ:/Rb7p9Cbqut9PpDz49XJnymeJH2ZZ
MD5:	A768CDF7BDB95403EF96B35C8C11696F
SHA1:	70A59C990C9EE897A9698F12F7B010887F299F54
SHA-256:	EB01C43DE1D6570E487399830FEBD0A215B34F652B007945628F9EC9E5510103
SHA-512:	9074D18564B70C8166350B69A02443842D73048098240AF6E818B2FD244902EC7B686CE5C4FE0303DBB9F75A475D27016F208D5597C5CE593814749C811855CA
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L....<.K...........!...............................1......................................@..........................................P.......................`...6...................................................................T..H............data.j.............................@....xdata..t....0......................@....text........P...................... ..`.extrel.%....P......."..............@..@.reloc...6...`...8...$..............@..B...................................................................................................................................................................................................................................1...................1r.................1...................1@..................1...................1...................1...................1...................1...............1P..1...............................1................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC614.tmp\Agent.Common.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	2449408
Entropy (8bit):	6.6321845268629005
Encrypted:	false
SSDEEP:	24576:RmWxx7ix09P5ZjgTt6Tlnf7zJ4lf/vUuNXSBU0GbBh/U6MFzzcZIXJvwUb8c/:RDx0EMTt65f74f/5NXSPQQzBXCy
MD5:	574F6AFBAB54A915B6D3DC6D1AA84BE8
SHA1:	7CAAA4F0D3593ACDD2BD63AA2BFC724E34D26997
SHA-256:	CB568D23123E06D1A9C413397E6AD391231F7671B802953C55D8DAB537A234DB
SHA-512:	5B3BD86625A8373C02AF56E158F43A9FB620043CA7416C0B8FB3F00CA1D967BADF7B46587D0D4F8EAEA96341083BC351BC3AB7510F2996A4C254188A067D96BA
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...J,.\...........!..........................................................%...........@..................................................................P$..@...5$.................................................................H............data.j.............................@....xdata...h...0...j..................@....text.....!.......!................. ..`.extrel......@$.......$.............@..@.reloc...@...P$..B....$.............@..B............................................................................................................................................................................U_..Y_..]_...V......................................,...................X\|......................F.......................................O................................................................................................2..............................X"..................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC97F.tmp\Interop.WUApiLib.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	202240
Entropy (8bit):	5.058761296133153
Encrypted:	false
SSDEEP:	3072:LKQ9fmtGAn2j1QmyxLu3YD+AxL2PjSAtqHHyxRfCO0K:Lx9etGAnk1QmyAAxL2PmAtAgRf
MD5:	E723145488ED7000BE61595BEA5EF8B7
SHA1:	538F037CD92BD5146E3286ED71CEAAB4054964E6
SHA-256:	2B098A878D9BD56596C430E0666C1D0334FB0EF26A2410D0F29C40655013DA34
SHA-512:	DCE41330947EC4857276E13CA38F64A7AED268690B91B0B17D2E9E5783BD7EF77FDC892F60085E9030E33A7B94EAC4D277C02CA644A0371CAB6F3A9450124F32
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L....+.\...........!...............................1.........................P............@.................................................................. ..`+.....................................................................H............data.j.8B.......D..................@....xdata...4...`...6...F..............@....text...Tk.......l...\|.............. ..`.extrel.............................@..@.reloc..`+... ...,..................@..B................W..................................................................................................................................................................................................................1................x..1................@..1N...............x..1...................1...................1...................1...................1.................2.1............p2.1...1............................L .1................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCA1B.tmp\Agent.Communication.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	2373632
Entropy (8bit):	6.610719183763021
Encrypted:	false
SSDEEP:	24576:vFTelrZ1U4c0IJ/xqAKjz0XnzsaUZzjncXY/cBTrZuViemRD17YN9h1e/1dAbDYe:tKlrZ1c0I1xqAlUApFo/7o/ANyW
MD5:	7A22D3C9DBA7479651E1A84C8CD57BA1
SHA1:	CED6C635A4A550832521C6B95682F09DCD74C689
SHA-256:	FC63CBB59292556D1F5959E6A408741169F22026370AD31DD47CF34B39A83482
SHA-512:	DAA9C58E076992865BEA2A0310D0D556F70F4006B67A0700655E13BCC0FAF2B5CC2315AEC5B9CFF2F4C9B856112854864CFE30237BE6AD07F07BA31D0157FB00
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...H,.\...........!.........................................................p$...........@.......................................... .......................P#.....H;#..............................................................$..H............data.j............................@....xdata...v.......x..................@....text..... .. .... ................. ..`.extrel......@#......$#.............@..@.reloc.......P#......&#.............@..B............................................................................................................................................................................I@..!;..................................................f...............l...................L.......................7...............t...P...........................................................................DA..............$A..."..............................X...................P...............l...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCCDA.tmp\Microsoft.Win32.TaskScheduler.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	357376
Entropy (8bit):	6.121440818463196
Encrypted:	false
SSDEEP:	6144:TUZsVUUkYmvrOUZ0aAjyfsnE7L2nUBdGjgr:IZpvrOQn+En6U3+gr
MD5:	0D075A82CBBBA63217AB212D9505B470
SHA1:	FDD58EE7946C6F63232D4AD5F6CA58764CB94F5F
SHA-256:	F794B966F3970E57B45120E5E68588E63D391A7D468FC649EEE2CD2326B17D19
SHA-512:	410F73CE397FFFAE60C94E50B0B098A9BAD12D13ECD7C8669E182EF6E448C900A585C0DF6564C34C6C5B8C08B2122FBD3E85425283BB3E90DB7B70C02CF6AE2C
Malicious:	true
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L....G(N...........!...............................1......................................@..........................................p.......................`..\|7...K...............................................................s..H............data.j.(+.......,..................@....xdata...,...@......................@....text........p.......\.............. ..`.extrel.n....P.......:..............@..@.reloc..\|7...`...8...<..............@..B...............................................................................................................................................................................1................................................,..1...................1................@..1...................1=...............d..12..................1...................1...................1................0..1...............1...1...............................1................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCDC5.tmp\RuleEngine.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	3422720
Entropy (8bit):	6.626850415970842
Encrypted:	false
SSDEEP:	49152:hW/tRSwMXd8yTeXseYpxxacx+2xOEzv+6Tm1uPE3yq:hWOoRG+8Ol6Ti3y
MD5:	2F066BD172A3AA5F0F84DB3261CF74D7
SHA1:	C7D70EB7B3A486572831FA2897FCE9F87C6AE9C2
SHA-256:	647DC0EC6A4DA8ACE610903C8D74CCFC397CF88FDDA790884785D65CFEACB8FD
SHA-512:	00465980F7FCA6DEE78B368A2D5794CBB07CD2A52C8210E7565EBE57DE89B2823CD36E0BFCE31800202D01CAADA119355A1B2EB14737DFE155B86F55ABEA7878
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...Q,.\...........!.........................................................p4...........@.................................................................. 2.$G....2................................................................H............data.j.............................@....xdata..............................@....text....{-......\|-..t.............. ..`.extrel.2.....2.......1.............@..@.reloc..$G... 2..H....1.............@..B............................................................................................................................................................................i...................................................h...........................................{...................................\|...;...........................................................................\| ..............\ ..8Z...............................6..................P............... ...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD259.tmp\Microsoft.ApplicationBlocks.Updater.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	235520
Entropy (8bit):	6.059275237711877
Encrypted:	false
SSDEEP:	3072:aRXnh9IAYe7aeVqQKAEV9Bsf7nHXJQsLJJKNhhUgT+j/Wx7m0fx4MOd56dBWCa1l:aRX3IAngAEVyZQeJ+M1B
MD5:	42C47B7508BD6299D6D3DC9E4ACDC2B5
SHA1:	057331D2AE64398605598ACBD830469629CD4DFD
SHA-256:	9BFD07DF4606609CC1A2BA29E60E9CF721FE815D14D2925095F9D75B4DC836B3
SHA-512:	36A0DE5EA8AD92F5DE35D9F35730475C92A12D0E1C0F597052ACE5E3B2A1DCE323EE8220D86E2519CF5F99E390FA5A9139CF7254F3C3A27D020D80E98E4459C3
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L....+.\...........!......................................................................@.............................................d........................"..P...............................................................p...H............data.j............................@....xdata..............................@....text............................... ..`.extrel.Q............r..............@..@.reloc...".......$...t..............@..B.............................................................................................................................................................................#...#..............................................pt..V................n...................u...................}..$...............\|p..................H............................................................................................................... ...................P...............h...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD353.tmp\Microsoft.Practices.EnterpriseLibrary.Common.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	308736
Entropy (8bit):	6.139144413093015
Encrypted:	false
SSDEEP:	3072:ouo7ynu2/ySa2IC9oBLoawDMMYY6KXKWNwezWbh2MmhWYtFxJ1awDBIsp+y2s:ouRuO3tMMVzChTWv77
MD5:	6B99881DE289ECDE4421FA2B33E23119
SHA1:	B2C701B9478FC764A5EC46CF6BF85820C8660918
SHA-256:	BBB1B034247CCE6D56B95C6987BFF009143AED246649A9FE9EE9563763EC4585
SHA-512:	4509A68AE53B37DBE41DD2A5097FDAAACFB21737941174D1C2DC49C60C6EE3EA5650B39EC44882ECD2EC70D39E1306B058BD8E9471C87BD1850C2F11FD4723EE
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L....+.\...........!......................................................................@..........................................P..h.......................PI..................................................................pT..H............data.j.............................@....xdata...&... ...(..................@....text....1...P...2...8.............. ..`.extrel..............j..............@..@.reloc..PI.......J...l..............@..B............................................................................................................................................................................%>...9..)>..->..1>..................................\|...k...................................(.......................................`.......................'............................................................................%..................................................P...............d...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD47B.tmp\Microsoft.Practices.ObjectBuilder.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	304128
Entropy (8bit):	6.12188649584436
Encrypted:	false
SSDEEP:	3072:ahk+hIz6DRs/PnBsD/E9MbNkTzlBwOuwtxX1gDHKFBOwChyadWAfBS:MIGm/fBsY+5kTzlBwOuwtHEHi4hAv
MD5:	2B13273C75F5C985855B32BBF6EFB70C
SHA1:	AACB8E4A0F8F0561834F9BA05722874A99D8A5FB
SHA-256:	607A342798306D66649AEA727498E6D73BBF2296AA48B4D4A4FF5570A121AEB9
SHA-512:	DEAA1FCD0C9549C9191398FC7884BAED0C773A370508E0A1653E4CB3AE54384B67A7B48A6E76EABEF2420EC828F38991191D62F04E279BB57521FE683C635B18
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L....+.\...........!......................................................................@..........................................p..t........................T...g...............................................................t..H............data.j..#.......$..................@....xdata...,...@.......&..............@....text........p.......T.............. ..`.extrel......p.......N..............@..@.reloc...T.......T...P..............@..B....................................................................................................................................................................................................................................U...................P...................q...................]...................................8..."............................................................................2..................................................P...............P...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD5D3.tmp\Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	150528
Entropy (8bit):	5.98867639343579
Encrypted:	false
SSDEEP:	3072:XDqevwcPahYb6UqOLGb/00lOdpp/yGcztwZHe:nrAyhdpp/kCQ
MD5:	5950E3F098741159CE4010CC7F11179A
SHA1:	44166BF9B939A7AC0AE7DE4CD0CD57B40090BE4F
SHA-256:	384801542B794B1DFFCC191C2DFA5B2354A40CCE70F52A82DF4A43076C496216
SHA-512:	8026D31669A017E86DF0F2DBA326D78CF5E42CCFF8024A31ECA5A7E977AF1E4366D6E868A4E21C52FD03B41F3822F51FDF42FDC739DEC1381443DB258F7F15D8
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L....+.\...........!......................................................................@..................................................................`.......H.................................................................H............data.j..m.......n..................@....xdata...............p..............@....text............................... ..`.extrel.6....P.......0..............@..@.reloc.......`.......2..............@..B.................................................................................................................................................................................................................................W..:................Q...................X..J................]..G...............HT...................^..........................................................xr..............Xr..................................<...................P...............h...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD6CD.tmp\XPBurnComponent.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	119296
Entropy (8bit):	5.450180751795816
Encrypted:	false
SSDEEP:	1536:vpkWtCcN/NUS40CShO+13wmp6VlSWgnnnxceFsqyYPNHSsaKa3V:vXtCcFWx/Sh7KEXCqyGV15a
MD5:	6C848AF185459DF2F0B82AA13C473604
SHA1:	F884274C23D08AB1F92A7F6ADC3B132DF3FAFB1F
SHA-256:	D228A15331BB5A184FB1DD81E53E97F320D02CB6504A793C527439CED49FB010
SHA-512:	F33C834510FB853D87CBCDBFC05DDCA31E132494EDFAF4ED7A2E92AD5688F1DADE1909C53D7D813DE098829BC768CDE7361612013EBA12722F91BDC02741BFEE
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L.....E...........!......................................................................@.............................................................................................................................................H............data.j.............................@....xdata..............................@....text............................... ..`.extrel.............................@..@.reloc..............................@..B................................................................................................................................................................................!...............................................@p..Q................m..C................q...................u...................n..g................y............................................................................,...................................................P...............................

C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDBAF.tmp\Agent.Updater.exe

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	556544
Entropy (8bit):	6.482216020782186
Encrypted:	false
SSDEEP:	12288:cVwCTecOUnlf9N3VBgFkmGah2aoNtITe:cmkdOU1T3VBOkmGauNSS
MD5:	2757C28956D6CAE05A16D81401815EE3
SHA1:	632D245E34A1B7EC38DC92E6D9F2A0B8FB2A3198
SHA-256:	6968EC7408783C574BADBEF9D5B107A277E59B9AF09573F13A8818FE087D2023
SHA-512:	38E59E2E850E838BA1A2432BD316FBFDF7F394171A4E3150ED669A4CEFFB9D3D0E6B40AF3521C229E175998656B914A3A453D6F29BBC2C9C517832AA4ECF0E03
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L...G,.\...........!...............................0......................................@..................................................................p..d=..@W..................................................................H............data.j.D...........................@....xdata...(.......*..................@....text............................... ..`.extrel......`.......>..............@..@.reloc..d=...p...>...@..............@..B...............................................................................................................................................................................0...0...0.........................................t.0................th.0................ht.0f................z.0................ l.0.................\|.0...................0...................0................L..0............,..0...0...............................0................P...............4...............

C:\Windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\9c372fb846c16447196f1cb1f4290dae\XPBurnComponent.ni.dll (copy)

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
File Type:	MS-DOS executable PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	119296
Entropy (8bit):	5.450180751795816
Encrypted:	false
SSDEEP:	1536:vpkWtCcN/NUS40CShO+13wmp6VlSWgnnnxceFsqyYPNHSsaKa3V:vXtCcFWx/Sh7KEXCqyGV15a
MD5:	6C848AF185459DF2F0B82AA13C473604
SHA1:	F884274C23D08AB1F92A7F6ADC3B132DF3FAFB1F
SHA-256:	D228A15331BB5A184FB1DD81E53E97F320D02CB6504A793C527439CED49FB010
SHA-512:	F33C834510FB853D87CBCDBFC05DDCA31E132494EDFAF4ED7A2E92AD5688F1DADE1909C53D7D813DE098829BC768CDE7361612013EBA12722F91BDC02741BFEE
Malicious:	false
Reputation:	unknown
Preview:	MZ..........................................................@...PE..L.....E...........!......................................................................@.............................................................................................................................................H............data.j.............................@....xdata..............................@....text............................... ..`.extrel.............................@..@.reloc..............................@..B................................................................................................................................................................................!...............................................@p..Q................m..C................q...................u...................n..g................y............................................................................,...................................................P...............................

\Device\ConDrv

Download File

Process:	C:\Windows\System32\netsh.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	40
Entropy (8bit):	4.196439344671015
Encrypted:	false
SSDEEP:	3:jTzsDTXK8+Rwv:jIXK8Fv
MD5:	2D66423AB0CF1EB6EE1934C24641F0B3
SHA1:	73CE8641508CF515377BCDDBC8CFBC80B2C9420D
SHA-256:	B50C0DC00937BBDFBDD727F661A97B07A1B388C3AC02FA23249B9ED10248BC3D
SHA-512:	99022D52F317E8B66665488DE2B609CADE51AB97411F79920CC7AD70B6857B306172281D0E41CD7FBF8FEDEBE095F575001CCCE564ED27554E9279D2C572A2BA
Malicious:	false
Reputation:	unknown
Preview:	..URL reservation successfully added....

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	6.875541228239102
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe
File size:	689'536 bytes
MD5:	aae583df54127e3d818b7fcb22cd6eeb
SHA1:	e5e1385917b0890a4848404a7abaec83c57dc6bb
SHA256:	b49426fdfdb854ffe38e429ae3f4fa6c2b29c4f4b902ce23ba83c7e09ebbed7b
SHA512:	a7b8266d964e287600e950e2d99390b6be22e4a872e1934b91889896b4f9b02610071a7dda5cd82a62d852ba61b669e8b9da92bed2b4ca8df2d8004924b926cd
SSDEEP:	6144:/Mfbm+wKj7ndRJtn/boc8QhvPXDYkaMDy7XuMGmjz:2bIgJ/bDhvPkkaF/H
TLSH:	A9E4E70521A90488DE7B43F295D298F9015E778ED4B8D61C80E93FBB7917F098C6B9F8
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F......F...G.v.F......F...v...F...@...F.Rich..F.........................PE..L....c.W.................^.........

File Icon


Icon Hash:	9ff458cccce47a07

Static PE Info

General

Entrypoint:	0x40322b
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x57956393 [Mon Jul 25 00:55:47 2016 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	4f67aeda01a0484282e8c59006b0b352

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	09/02/2016 19:00:00 09/02/2019 18:59:59
Subject Chain	CN="PC DRIVERS HEADQUARTERS I, INC", O="PC DRIVERS HEADQUARTERS I, INC", L=Austin, S=Texas, C=US, SERIALNUMBER=160078500, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Texas, OID.1.3.6.1.4.1.311.60.2.1.3=US
Version:	3
Thumbprint MD5:	B37FC5F64141BC2CBEFB5B28D0AA43B0
Thumbprint SHA-1:	1A7ACD613247312B73A6F91156A4CC4C2A8B19C5
Thumbprint SHA-256:	5639CD3A6D122BCC5F1EE0718AD57E9AD0F7AD9F8787D77EC0C693E94241B9FA
Serial:	7D81783CDFC41FF7C4DA6D061A3840D4

Entrypoint Preview

Instruction
sub esp, 00000184h
push ebx
push esi
push edi
xor ebx, ebx
push 00008001h
mov dword ptr [esp+18h], ebx
mov dword ptr [esp+10h], 00409130h
mov dword ptr [esp+20h], ebx
mov byte ptr [esp+14h], 00000020h
call dword ptr [00407120h]
call dword ptr [004070ACh]
cmp ax, 00000006h
je 00007FAF45495413h
push ebx
call 00007FAF45498399h
cmp eax, ebx
je 00007FAF45495409h
push 00000C00h
call eax
mov esi, 00407298h
push esi
call 00007FAF45498315h
push esi
call dword ptr [004070A8h]
lea esi, dword ptr [esi+eax+01h]
cmp byte ptr [esi], bl
jne 00007FAF454953EDh
push ebp
push 00000009h
call 00007FAF4549836Ch
push 00000007h
call 00007FAF45498365h
mov dword ptr [00423724h], eax
call dword ptr [00407044h]
push ebx
call dword ptr [00407288h]
mov dword ptr [004237D8h], eax
push ebx
lea eax, dword ptr [esp+38h]
push 00000160h
push eax
push ebx
push 0041ECF0h
call dword ptr [00407174h]
push 004091ECh
push 00422F20h
call 00007FAF45497F8Fh
call dword ptr [004070A4h]
mov ebp, 00429000h
push eax
push ebp
call 00007FAF45497F7Dh
push ebx
call dword ptr [00407154h]

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7428	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x3c000	0x5b480	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xa5100	0x3480
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x7000	0x298	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x5dc5	0x5e00	566b191b40fde4369ae73a05b57df1d2	False	0.6685089760638298	data	6.47110609300208	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x7000	0x1246	0x1400	6389f916226544852e494114faf192ad	False	0.4271484375	data	5.0003960999706765	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x9000	0x1a818	0x400	72dcd89e8824ae186467be61797ed81e	False	0.6474609375	data	5.220595003364983	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x24000	0x18000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x3c000	0x5b480	0x5b600	2556e71fb0f5fd9853448075d8e3cbdb	False	0.04598527274281806	data	5.239018412526382	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x3c2f8	0x42028	Device independent bitmap graphic, 256 x 512 x 32, image size 262144, resolution 2834 x 2834 px/m	English	United States	0.024802497263070687
RT_ICON	0x7e320	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2834 x 2834 px/m	English	United States	0.05280669584762806
RT_ICON	0x8eb48	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2834 x 2834 px/m	English	United States	0.11189182805857345
RT_ICON	0x92d70	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2834 x 2834 px/m	English	United States	0.15912863070539418
RT_ICON	0x95318	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2834 x 2834 px/m	English	United States	0.2577392120075047
RT_ICON	0x963c0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2834 x 2834 px/m	English	United States	0.49822695035460995
RT_DIALOG	0x96828	0xb4	data	English	United States	0.6111111111111112
RT_DIALOG	0x968e0	0x220	data	English	United States	0.3915441176470588
RT_DIALOG	0x96b00	0xf8	data	English	United States	0.6290322580645161
RT_DIALOG	0x96bf8	0xee	data	English	United States	0.6260504201680672
RT_GROUP_ICON	0x96ce8	0x5a	data	English	United States	0.7555555555555555
RT_VERSION	0x96d48	0x2d0	data	English	United States	0.44305555555555554
RT_MANIFEST	0x97018	0x467	XML 1.0 document, ASCII text, with very long lines (1127), with no line terminators	English	United States	0.5110913930789707

Imports

DLL	Import
KERNEL32.dll	CopyFileA, Sleep, GetTickCount, CreateFileA, GetFileSize, GetModuleFileNameA, ReadFile, GetFileAttributesA, SetFileAttributesA, ExitProcess, SetEnvironmentVariableA, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, GetCurrentProcess, GetFullPathNameA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, CloseHandle, SetCurrentDirectoryA, MoveFileA, CompareFileTime, GetShortPathNameA, SearchPathA, lstrcmpiA, SetFileTime, lstrcmpA, ExpandEnvironmentStringsA, lstrcpynA, SetErrorMode, GlobalFree, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, GlobalAlloc
USER32.dll	ScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
GDI32.dll	SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
SHELL32.dll	SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
ADVAPI32.dll	RegDeleteKeyA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
COMCTL32.dll	ImageList_Create, ImageList_AddMasked, ImageList_Destroy
ole32.dll	OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-08-15T11:49:07.240955+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49763	443	192.168.2.4	13.84.181.47
2024-08-15T11:49:20.505083+0200	TCP	2803305	ETPRO MALWARE Common Downloader Header Pattern H	3	49782	443	192.168.2.4	13.84.181.47
2024-08-15T11:48:00.127862+0200	TCP	2833314	ETPRO MALWARE Win32/Agent.QP Requesting Payload	1	49738	80	192.168.2.4	152.199.19.161

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 15, 2024 11:48:58.428731918 CEST	49754	443	192.168.2.4	13.107.246.73
Aug 15, 2024 11:48:58.428767920 CEST	443	49754	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:58.428842068 CEST	49754	443	192.168.2.4	13.107.246.73
Aug 15, 2024 11:48:58.429172993 CEST	49754	443	192.168.2.4	13.107.246.73
Aug 15, 2024 11:48:58.429189920 CEST	443	49754	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:58.429377079 CEST	49755	443	192.168.2.4	13.107.246.73
Aug 15, 2024 11:48:58.429410934 CEST	443	49755	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:58.429477930 CEST	49755	443	192.168.2.4	13.107.246.73
Aug 15, 2024 11:48:58.429647923 CEST	49755	443	192.168.2.4	13.107.246.73
Aug 15, 2024 11:48:58.429666042 CEST	443	49755	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:59.098150015 CEST	443	49755	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:59.098228931 CEST	49755	443	192.168.2.4	13.107.246.73
Aug 15, 2024 11:48:59.098834038 CEST	443	49754	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:59.098896980 CEST	49754	443	192.168.2.4	13.107.246.73
Aug 15, 2024 11:48:59.101280928 CEST	49754	443	192.168.2.4	13.107.246.73
Aug 15, 2024 11:48:59.101288080 CEST	443	49754	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:59.101670980 CEST	443	49754	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:59.118467093 CEST	49754	443	192.168.2.4	13.107.246.73
Aug 15, 2024 11:48:59.119265079 CEST	49755	443	192.168.2.4	13.107.246.73
Aug 15, 2024 11:48:59.119290113 CEST	443	49755	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:59.120306015 CEST	443	49755	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:59.121093988 CEST	49755	443	192.168.2.4	13.107.246.73
Aug 15, 2024 11:48:59.160538912 CEST	443	49754	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:59.168500900 CEST	443	49755	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:59.221976995 CEST	443	49755	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:59.222040892 CEST	443	49755	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:59.222104073 CEST	443	49755	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:59.222105980 CEST	49755	443	192.168.2.4	13.107.246.73
Aug 15, 2024 11:48:59.222131968 CEST	443	49755	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:59.222161055 CEST	49755	443	192.168.2.4	13.107.246.73
Aug 15, 2024 11:48:59.222278118 CEST	443	49755	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:59.222315073 CEST	443	49754	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:59.222338915 CEST	49755	443	192.168.2.4	13.107.246.73
Aug 15, 2024 11:48:59.222389936 CEST	443	49754	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:59.222467899 CEST	49754	443	192.168.2.4	13.107.246.73
Aug 15, 2024 11:48:59.222477913 CEST	443	49754	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:59.222537994 CEST	443	49754	13.107.246.73	192.168.2.4
Aug 15, 2024 11:48:59.222599983 CEST	49754	443	192.168.2.4	13.107.246.73
Aug 15, 2024 11:48:59.223532915 CEST	49755	443	192.168.2.4	13.107.246.73
Aug 15, 2024 11:48:59.223954916 CEST	49754	443	192.168.2.4	13.107.246.73
Aug 15, 2024 11:49:12.423629045 CEST	49768	80	192.168.2.4	40.74.231.179
Aug 15, 2024 11:49:12.428486109 CEST	80	49768	40.74.231.179	192.168.2.4
Aug 15, 2024 11:49:12.428570986 CEST	49768	80	192.168.2.4	40.74.231.179
Aug 15, 2024 11:49:12.428683043 CEST	49768	80	192.168.2.4	40.74.231.179
Aug 15, 2024 11:49:12.433430910 CEST	80	49768	40.74.231.179	192.168.2.4
Aug 15, 2024 11:49:17.729793072 CEST	49781	80	192.168.2.4	40.74.231.179
Aug 15, 2024 11:49:17.734684944 CEST	80	49781	40.74.231.179	192.168.2.4
Aug 15, 2024 11:49:17.734761953 CEST	49781	80	192.168.2.4	40.74.231.179
Aug 15, 2024 11:49:17.734857082 CEST	49781	80	192.168.2.4	40.74.231.179
Aug 15, 2024 11:49:17.739672899 CEST	80	49781	40.74.231.179	192.168.2.4
Aug 15, 2024 11:49:18.488009930 CEST	80	49781	40.74.231.179	192.168.2.4
Aug 15, 2024 11:49:18.488030910 CEST	80	49781	40.74.231.179	192.168.2.4
Aug 15, 2024 11:49:18.488039970 CEST	80	49781	40.74.231.179	192.168.2.4
Aug 15, 2024 11:49:18.488050938 CEST	80	49781	40.74.231.179	192.168.2.4
Aug 15, 2024 11:49:18.488061905 CEST	80	49781	40.74.231.179	192.168.2.4
Aug 15, 2024 11:49:18.488092899 CEST	49781	80	192.168.2.4	40.74.231.179
Aug 15, 2024 11:49:18.488145113 CEST	49781	80	192.168.2.4	40.74.231.179
Aug 15, 2024 11:49:31.292268038 CEST	80	49768	40.74.231.179	192.168.2.4
Aug 15, 2024 11:49:31.340826035 CEST	49768	80	192.168.2.4	40.74.231.179
Aug 15, 2024 11:50:03.748723030 CEST	49781	80	192.168.2.4	40.74.231.179
Aug 15, 2024 11:50:03.749062061 CEST	49768	80	192.168.2.4	40.74.231.179
Aug 15, 2024 11:50:03.755012035 CEST	80	49781	40.74.231.179	192.168.2.4
Aug 15, 2024 11:50:03.755285025 CEST	80	49768	40.74.231.179	192.168.2.4
Aug 15, 2024 11:50:03.756113052 CEST	49768	80	192.168.2.4	40.74.231.179
Aug 15, 2024 11:50:03.756115913 CEST	49781	80	192.168.2.4	40.74.231.179

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 15, 2024 11:47:59.098681927 CEST	63991	53	192.168.2.4	1.1.1.1
Aug 15, 2024 11:48:44.371324062 CEST	54607	53	192.168.2.4	1.1.1.1
Aug 15, 2024 11:48:48.409606934 CEST	53900	53	192.168.2.4	1.1.1.1
Aug 15, 2024 11:49:01.561553001 CEST	58302	53	192.168.2.4	1.1.1.1
Aug 15, 2024 11:49:01.569919109 CEST	53	58302	1.1.1.1	192.168.2.4
Aug 15, 2024 11:49:05.409127951 CEST	53425	53	192.168.2.4	1.1.1.1
Aug 15, 2024 11:49:05.416932106 CEST	53	53425	1.1.1.1	192.168.2.4
Aug 15, 2024 11:49:09.040641069 CEST	52787	53	192.168.2.4	1.1.1.1
Aug 15, 2024 11:49:09.048918962 CEST	53	52787	1.1.1.1	192.168.2.4
Aug 15, 2024 11:49:11.958214998 CEST	64166	53	192.168.2.4	1.1.1.1
Aug 15, 2024 11:49:11.966250896 CEST	53	64166	1.1.1.1	192.168.2.4
Aug 15, 2024 11:49:12.366648912 CEST	64547	53	192.168.2.4	1.1.1.1
Aug 15, 2024 11:49:12.422995090 CEST	53	64547	1.1.1.1	192.168.2.4
Aug 15, 2024 11:49:15.096913099 CEST	56708	53	192.168.2.4	1.1.1.1
Aug 15, 2024 11:49:19.796386957 CEST	55542	53	192.168.2.4	1.1.1.1
Aug 15, 2024 11:49:19.805568933 CEST	53	55542	1.1.1.1	192.168.2.4
Aug 15, 2024 11:49:29.401787043 CEST	62682	53	192.168.2.4	1.1.1.1
Aug 15, 2024 11:49:29.409241915 CEST	53	62682	1.1.1.1	192.168.2.4
Aug 15, 2024 11:50:34.167714119 CEST	62603	53	192.168.2.4	1.1.1.1
Aug 15, 2024 11:50:34.189507961 CEST	53	62603	1.1.1.1	192.168.2.4
Aug 15, 2024 11:50:38.627765894 CEST	64033	53	192.168.2.4	1.1.1.1
Aug 15, 2024 11:50:38.648338079 CEST	53	64033	1.1.1.1	192.168.2.4
Aug 15, 2024 11:51:32.781270981 CEST	60919	53	192.168.2.4	1.1.1.1
Aug 15, 2024 11:51:32.789300919 CEST	53	60919	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 15, 2024 11:47:59.098681927 CEST	192.168.2.4	1.1.1.1	0xdfe1	Standard query (0)	cdn.driversupport.com	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:48:44.371324062 CEST	192.168.2.4	1.1.1.1	0x4986	Standard query (0)	webservices.drivershq.com	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:48:48.409606934 CEST	192.168.2.4	1.1.1.1	0xab4b	Standard query (0)	cdn.driversupport.com	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:49:01.561553001 CEST	192.168.2.4	1.1.1.1	0xb389	Standard query (0)	front.activeoptimization.com	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:49:05.409127951 CEST	192.168.2.4	1.1.1.1	0x69fc	Standard query (0)	front.activeoptimization.com	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:49:09.040641069 CEST	192.168.2.4	1.1.1.1	0x5a70	Standard query (0)	front.activeoptimization.com	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:49:11.958214998 CEST	192.168.2.4	1.1.1.1	0x1d7a	Standard query (0)	front.activeoptimization.com	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:49:12.366648912 CEST	192.168.2.4	1.1.1.1	0xab8f	Standard query (0)	downloads.drivershq.com	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:49:15.096913099 CEST	192.168.2.4	1.1.1.1	0xd785	Standard query (0)	webservices.drivershq.com	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:49:19.796386957 CEST	192.168.2.4	1.1.1.1	0x39df	Standard query (0)	front.activeoptimization.com	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:49:29.401787043 CEST	192.168.2.4	1.1.1.1	0xae11	Standard query (0)	front.activeoptimization.com	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:50:34.167714119 CEST	192.168.2.4	1.1.1.1	0x8786	Standard query (0)	front.activeoptimization.com	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:50:38.627765894 CEST	192.168.2.4	1.1.1.1	0xe6ee	Standard query (0)	front.activeoptimization.com	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:51:32.781270981 CEST	192.168.2.4	1.1.1.1	0xb064	Standard query (0)	front.activeoptimization.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 15, 2024 11:47:59.161123991 CEST	1.1.1.1	192.168.2.4	0xdfe1	No error (0)	cdn.driversupport.com	az681750.vo.msecnd.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 15, 2024 11:48:44.428580999 CEST	1.1.1.1	192.168.2.4	0x4986	No error (0)	webservices.drivershq.com	legacy-webservices.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 15, 2024 11:48:44.428580999 CEST	1.1.1.1	192.168.2.4	0x4986	No error (0)	legacy-webservices.azurewebsites.net	waws-prod-sn1-103.sip.azurewebsites.windows.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 15, 2024 11:48:44.428580999 CEST	1.1.1.1	192.168.2.4	0x4986	No error (0)	waws-prod-sn1-103.sip.azurewebsites.windows.net	waws-prod-sn1-103.southcentralus.cloudapp.azure.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 15, 2024 11:48:48.489725113 CEST	1.1.1.1	192.168.2.4	0xab4b	No error (0)	cdn.driversupport.com	az681750.vo.msecnd.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 15, 2024 11:48:58.424199104 CEST	1.1.1.1	192.168.2.4	0x5bdf	No error (0)	shed.dual-low.s-part-0045.t-0009.t-msedge.net	s-part-0045.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 15, 2024 11:48:58.424199104 CEST	1.1.1.1	192.168.2.4	0x5bdf	No error (0)	s-part-0045.t-0009.t-msedge.net		13.107.246.73	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:49:01.569919109 CEST	1.1.1.1	192.168.2.4	0xb389	Name error (3)	front.activeoptimization.com	none	none	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:49:05.416932106 CEST	1.1.1.1	192.168.2.4	0x69fc	Name error (3)	front.activeoptimization.com	none	none	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:49:09.048918962 CEST	1.1.1.1	192.168.2.4	0x5a70	Name error (3)	front.activeoptimization.com	none	none	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:49:11.966250896 CEST	1.1.1.1	192.168.2.4	0x1d7a	Name error (3)	front.activeoptimization.com	none	none	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:49:12.422995090 CEST	1.1.1.1	192.168.2.4	0xab8f	No error (0)	downloads.drivershq.com		40.74.231.179	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:49:15.154336929 CEST	1.1.1.1	192.168.2.4	0xd785	No error (0)	webservices.drivershq.com	legacy-webservices.azurewebsites.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 15, 2024 11:49:15.154336929 CEST	1.1.1.1	192.168.2.4	0xd785	No error (0)	legacy-webservices.azurewebsites.net	waws-prod-sn1-103.sip.azurewebsites.windows.net		CNAME (Canonical name)	IN (0x0001)	false
Aug 15, 2024 11:49:15.154336929 CEST	1.1.1.1	192.168.2.4	0xd785	No error (0)	waws-prod-sn1-103.sip.azurewebsites.windows.net	waws-prod-sn1-103.southcentralus.cloudapp.azure.com		CNAME (Canonical name)	IN (0x0001)	false
Aug 15, 2024 11:49:19.805568933 CEST	1.1.1.1	192.168.2.4	0x39df	Name error (3)	front.activeoptimization.com	none	none	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:49:29.409241915 CEST	1.1.1.1	192.168.2.4	0xae11	Name error (3)	front.activeoptimization.com	none	none	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:50:34.189507961 CEST	1.1.1.1	192.168.2.4	0x8786	Name error (3)	front.activeoptimization.com	none	none	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:50:38.648338079 CEST	1.1.1.1	192.168.2.4	0xe6ee	Name error (3)	front.activeoptimization.com	none	none	A (IP address)	IN (0x0001)	false
Aug 15, 2024 11:51:32.789300919 CEST	1.1.1.1	192.168.2.4	0xb064	Name error (3)	front.activeoptimization.com	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

driversupport-fms.azureedge.net

downloads.drivershq.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49768	40.74.231.179	80	7344	C:\Program Files (x86)\Driver Support\DriverSupport.exe

Timestamp	Bytes transferred	Direction	Data
Aug 15, 2024 11:49:12.428683043 CEST	96	OUT	GET /driverdetective/dd.html HTTP/1.1 Host: downloads.drivershq.com Connection: Keep-Alive
Aug 15, 2024 11:49:31.292268038 CEST	268	IN	HTTP/1.1 200 OK Date: Thu, 15 Aug 2024 09:49:31 GMT Content-Type: text/html Content-Length: 0 Connection: keep-alive Last-Modified: Wed, 22 Apr 2009 13:24:34 GMT Accept-Ranges: bytes ETag: "055dad4dc3c91:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49781	40.74.231.179	80	7344	C:\Program Files (x86)\Driver Support\DriverSupport.exe

Timestamp	Bytes transferred	Direction	Data
Aug 15, 2024 11:49:17.734857082 CEST	133	OUT	GET /DriverSupport/SmartClient/Branch15/DriverSupportManifest.xml HTTP/1.1 Host: downloads.drivershq.com Connection: Keep-Alive
Aug 15, 2024 11:49:18.488009930 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 15 Aug 2024 09:49:18 GMT Content-Type: text/xml Content-Length: 4390 Connection: keep-alive Last-Modified: Mon, 17 Dec 2018 13:27:50 GMT Accept-Ranges: bytes ETag: "0f6b4ec96d41:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 6d 61 6e 69 66 65 73 74 20 78 6d 6c 6e 73 3a 78 73 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 20 78 6d 6c 6e 73 3a 78 73 64 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 22 20 6d 61 6e 69 66 65 73 74 49 64 3d 22 7b 37 39 62 39 66 65 35 36 2d 36 64 36 62 2d 34 39 30 36 2d 39 34 30 61 2d 62 37 62 37 31 64 63 66 34 30 66 38 7d 22 20 6d 61 6e 64 61 74 6f 72 79 3d 22 59 65 73 22 20 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 50 41 47 3a 75 70 64 61 74 65 72 2d 61 70 70 6c 69 63 61 74 69 6f 6e 2d 62 6c 6f 63 6b 3a 76 32 3a 6d 61 6e 69 66 65 73 74 22 3e 0d 0a 20 20 3c 64 65 73 63 72 69 70 74 69 6f 6e 3e 44 72 69 76 65 72 53 75 70 70 6f 72 74 2e 63 6f 6d 20 4d 61 6e 69 66 65 73 74 3c 2f [TRUNCATED] Data Ascii: <?xml version="1.0" encoding="utf-8"?><manifest xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" manifestId="{79b9fe56-6d6b-4906-940a-b7b71dcf40f8}" mandatory="Yes" xmlns="urn:schemas-microsoft-com:PAG:updater-application-block:v2:manifest"> <description>DriverSupport.com Manifest</description> <application applicationId="{94ca1830-f62b-11da-974d-0800200c9a66}"> <location>.</location> </application> <files base="http://cdn.driversupport.com/builds/v10/smartclient/v10.1.6.14" hashComparison="Yes" hashProvider="MD5CryptoServiceProvider"> <file source="DriverSupport.chm" hash="AJS0xuMtYoKymtIdkcQD0Olcv89ePsoNLRGssIILX7A=" transient="No" /> <file source="ThemePack.DriverSupport.dll" hash="Uuj8GGiSc6KQfjuHHtuzD/r10IqY27xdmGR8QmTZJYM=" transient="No" /> <file source="DriverSupport.exe" hash="VzLjFV+hBy3yTz23rNF+Le4BwUnBR0yfXGgO7EFqyWU=" transient="No" /> <file source="Dri
Aug 15, 2024 11:49:18.488030910 CEST	1236	IN	Data Raw: 76 65 72 53 75 70 70 6f 72 74 2e 65 78 65 2e 63 6f 6e 66 69 67 22 20 68 61 73 68 3d 22 6b 71 70 68 59 6d 38 71 72 63 38 51 6a 4d 32 4c 71 71 77 58 6d 30 57 6e 4b 61 6d 39 6a 38 61 32 39 31 55 6f 52 45 75 44 30 30 49 3d 22 20 74 72 61 6e 73 69 65 Data Ascii: verSupport.exe.config" hash="kqphYm8qrc8QjM2LqqwXm0WnKam9j8a291UoREuD00I=" transient="No" /> <file source="DriverSupport.Updater.exe" hash="ylWjSxhfV8SvzntXrYRPWZ+Z7Oqd0/wIf7yIVlNcSjY=" transient="No" /> <file source="DriverSupport.U
Aug 15, 2024 11:49:18.488039970 CEST	1236	IN	Data Raw: 72 61 6e 73 69 65 6e 74 3d 22 4e 6f 22 20 2f 3e 0d 0a 20 20 20 20 3c 66 69 6c 65 20 73 6f 75 72 63 65 3d 22 41 67 65 6e 74 2e 43 50 55 2e 65 78 65 22 20 68 61 73 68 3d 22 37 4c 2b 30 77 62 32 4b 75 6d 68 34 41 37 54 68 70 76 57 71 38 72 71 31 76 Data Ascii: ransient="No" /> <file source="Agent.CPU.exe" hash="7L+0wb2Kumh4A7ThpvWq8rq1vZeQucwZ6zHSxXfIcWk=" transient="No" /> <file source="cpuidsdk.dll" hash="7RQyLloZERQtgUdgDs8KtDgjM+VyRdWSdCvxsHPK6EA=" transient="No" /> <file source="
Aug 15, 2024 11:49:18.488050938 CEST	951	IN	Data Raw: 74 69 6f 6e 50 72 6f 63 65 73 73 6f 72 73 2e 41 70 70 6c 69 63 61 74 69 6f 6e 44 65 70 6c 6f 79 50 72 6f 63 65 73 73 6f 72 2c 20 4d 69 63 72 6f 73 6f 66 74 2e 41 70 70 6c 69 63 61 74 69 6f 6e 42 6c 6f 63 6b 73 2e 55 70 64 61 74 65 72 2e 41 63 74 Data Ascii: tionProcessors.ApplicationDeployProcessor, Microsoft.ApplicationBlocks.Updater.ActivationProcessors, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null" name="ApplicationDeployProcessor" /> <task type="Microsoft.ApplicationBlocks.Upd
Aug 15, 2024 11:49:18.488061905 CEST	951	IN	Data Raw: 74 69 6f 6e 50 72 6f 63 65 73 73 6f 72 73 2e 41 70 70 6c 69 63 61 74 69 6f 6e 44 65 70 6c 6f 79 50 72 6f 63 65 73 73 6f 72 2c 20 4d 69 63 72 6f 73 6f 66 74 2e 41 70 70 6c 69 63 61 74 69 6f 6e 42 6c 6f 63 6b 73 2e 55 70 64 61 74 65 72 2e 41 63 74 Data Ascii: tionProcessors.ApplicationDeployProcessor, Microsoft.ApplicationBlocks.Updater.ActivationProcessors, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null" name="ApplicationDeployProcessor" /> <task type="Microsoft.ApplicationBlocks.Upd

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49754	13.107.246.73	443	7344	C:\Program Files (x86)\Driver Support\DriverSupport.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-15 09:48:59 UTC	128	OUT	GET /drivers/46ba61258d89448bb7bc738033772e67/vmware2.png HTTP/1.1 Host: driversupport-fms.azureedge.net Connection: Close
2024-08-15 09:48:59 UTC	512	IN	HTTP/1.1 200 OK Date: Thu, 15 Aug 2024 09:48:59 GMT Content-Type: application/octet-stream Content-Length: 8278 Connection: close Last-Modified: Wed, 26 Jan 2022 00:19:50 GMT ETag: 0x8D9E06191481FAB x-ms-request-id: 54f3793d-c01e-003d-5af5-eea42c000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240815T094859Z-15c77d89844vq6bkhmz598a1v000000000xg00000000fe91 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-08-15 09:48:59 UTC	8278	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 96 08 02 00 00 00 14 be 50 4e 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c3 00 00 0e c3 01 c7 6f a8 64 00 00 1f eb 49 44 41 54 78 5e ed db 77 b0 6d 45 b1 06 70 82 39 21 18 10 24 0a 92 24 47 95 2c 28 f8 44 14 10 2e 0a 08 18 48 12 44 10 2d 49 06 b2 a0 50 44 41 14 b1 44 bc 04 41 c1 6b 40 40 72 16 01 25 ab 20 92 54 82 39 fb 7e 7b 7f 87 66 b9 4f e0 d5 d3 55 c5 1f f3 55 31 d5 6b a6 bb a7 bb a7 a7 67 66 df c3 4c ff 6a 68 e8 01 2d b1 1a 7a 41 4b ac 86 5e d0 12 ab a1 17 b4 c4 6a e8 05 2d b1 1a 7a 41 4b ac 86 5e d0 12 ab a1 17 b4 c4 6a e8 05 2d b1 1a 7a 41 4b ac 86 5e d0 12 ab a1 17 b4 c4 6a e8 05 2d b1 1a 7a 41 4b ac 86 Data Ascii: PNGIHDRPNsRGBgAMAapHYsodIDATx^wmEp9!$$G,(D.HD-IPDADAk@@r% T9~{fOUU1kgfLjh-zAK^j-zAK^j-zAK^j-zAK

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49755	13.107.246.73	443	7344	C:\Program Files (x86)\Driver Support\DriverSupport.exe

Timestamp	Bytes transferred	Direction	Data
2024-08-15 09:48:59 UTC	128	OUT	GET /drivers/51e8f6c34f7e075d1cf1648791da3acc/VMware1.png HTTP/1.1 Host: driversupport-fms.azureedge.net Connection: Close
2024-08-15 09:48:59 UTC	513	IN	HTTP/1.1 200 OK Date: Thu, 15 Aug 2024 09:48:59 GMT Content-Type: application/octet-stream Content-Length: 14056 Connection: close Last-Modified: Wed, 26 Jan 2022 00:19:25 GMT ETag: 0x8D9E06182551F4C x-ms-request-id: 88841be0-901e-000c-7bf5-eefffb000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref: 20240815T094859Z-15c77d89844pw6cbzxptzhp0b00000000100000000005w27 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-08-15 09:48:59 UTC	14056	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 c8 00 00 00 96 08 06 00 00 00 9b dc c7 19 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 36 7d 49 44 41 54 78 5e ed 7d 09 90 6c c9 55 dd ed a5 7a f9 bd fd df fd f7 fd cf be 68 66 24 8d 46 23 69 90 84 90 42 48 02 11 20 9b c5 26 30 11 60 e3 08 03 0e 11 84 c1 36 76 18 db 38 8c c3 04 e0 30 0e 1c 28 08 2c 3b 6c 0c 66 b1 90 00 09 85 00 49 d6 86 46 d2 68 34 ab 34 fb fc 7d ef ee df 7b 55 b7 ef b9 79 ef ab fb b2 f2 55 75 ff ff fb 55 75 fd 7f aa f3 e5 cd 7b 6f e6 cb 97 79 cf cb 7c 55 dd d5 3d 6b 0c ba c1 b1 b4 b4 cc 69 91 a6 a7 a7 69 7e 7e 9e 6e 0e c9 f5 43 6f 6f 2f f5 f7 57 68 6c 6c 8c 26 26 c6 a9 52 Data Ascii: PNGIHDRsRGBgAMAapHYs+6}IDATx^}lUzhf$F#iBH &0`6v80(,;lfIFh44}{UyUuUu{oy\|U=kii~~nCoo/Whll&&R

Target ID:	0
Start time:	05:47:47
Start date:	15/08/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe"
Imagebase:	0x400000
File size:	689'536 bytes
MD5 hash:	AAE583DF54127E3D818B7FCB22CD6EEB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	05:48:04
Start date:	15/08/2024
Path:	C:\Users\user\AppData\Local\Temp\DriverSupport.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:""
Imagebase:	0x400000
File size:	7'325'080 bytes
MD5 hash:	4FDEDFFF4D3DAE398264E0338D536F3B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000004.00000002.2301192070.00000000031C2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	05:48:07
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe" install "C:\Program Files (x86)\Driver Support\DriverSupport.exe" /silent
Imagebase:	0x10000000
File size:	100'816 bytes
MD5 hash:	C163A1EF951B090FC27B78BF3D850394
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	05:48:07
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	05:48:07
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 210 -Pipe 218 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	05:48:08
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2b4 -InterruptEvent 0 -NGENProcess 290 -Pipe 2a8 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	05:48:13
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 294 -InterruptEvent 0 -NGENProcess 2b4 -Pipe 28c -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	05:48:15
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c4 -InterruptEvent 0 -NGENProcess 294 -Pipe 2c8 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	05:48:16
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 210 -InterruptEvent 0 -NGENProcess 2c4 -Pipe 29c -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	05:48:17
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 294 -Pipe 2c4 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	05:48:17
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2cc -InterruptEvent 0 -NGENProcess 294 -Pipe 2b4 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	05:48:17
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 0 -NGENProcess 21c -Pipe 2e0 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	05:48:18
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2dc -InterruptEvent 0 -NGENProcess 2d8 -Pipe 2f4 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	05:48:19
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 300 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 294 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	05:48:19
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 304 -InterruptEvent 0 -NGENProcess 2d0 -Pipe 2fc -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	05:48:20
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 314 -Pipe 294 -Comment "NGen Worker Process"
Imagebase:	0x7ff70f330000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	05:48:20
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2ec -InterruptEvent 0 -NGENProcess 2f0 -Pipe 21c -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	05:48:21
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 0 -NGENProcess 308 -Pipe 2d0 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	05:48:24
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 30c -Pipe 300 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	05:48:25
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2e4 -InterruptEvent 0 -NGENProcess 30c -Pipe 320 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	05:48:25
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 2e4 -Pipe 31c -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	05:48:25
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 2e8 -Pipe 290 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	05:48:26
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 210 -InterruptEvent 0 -NGENProcess 2a0 -Pipe 304 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	05:48:27
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 308 -InterruptEvent 0 -NGENProcess 2d8 -Pipe 2e4 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	05:48:27
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2d8 -InterruptEvent 0 -NGENProcess 2a0 -Pipe 2b8 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	05:48:27
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 268 -InterruptEvent 0 -NGENProcess 2e8 -Pipe 214 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	05:48:28
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 224 -InterruptEvent 0 -NGENProcess 210 -Pipe 2d8 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	30
Start time:	05:48:29
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 30c -Pipe 224 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	05:48:29
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 30c -InterruptEvent 0 -NGENProcess 2dc -Pipe 2f0 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	05:48:29
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 30c -Pipe 324 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	05:48:30
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 328 -InterruptEvent 0 -NGENProcess 310 -Pipe 318 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	05:48:30
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 314 -InterruptEvent 0 -NGENProcess 310 -Pipe 32c -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	05:48:30
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe" install "C:\Program Files (x86)\Driver Support\DriverSupport.Updater.exe" /silent
Imagebase:	0x10000000
File size:	100'816 bytes
MD5 hash:	C163A1EF951B090FC27B78BF3D850394
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	05:48:30
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	05:48:31
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 21c -InterruptEvent 0 -NGENProcess 20c -Pipe 218 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	05:48:31
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -StartupEvent 2c8 -InterruptEvent 0 -NGENProcess 2b4 -Pipe 2c4 -Comment "NGen Worker Process"
Imagebase:	0xbb0000
File size:	125'872 bytes
MD5 hash:	D7365B80E8951DDC95F3A8E3AC01D37D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	05:48:32
Start date:	15/08/2024
Path:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /action:LaunchScanResultURL /applicationMode:systemTray /showWelcome:false /tid: /sid: /iid: /resultFilter:outofdate /useFastScan:true /scanSystem:true /scanUnplugged:false /sap:true /dialogStatus:true /scanVeloxum:true /hasVeloxum:true /startingDDIP:HomeNoResults /navigateToDDIP:Results /epid:7720
Imagebase:	0xc40000
File size:	10'714'752 bytes
MD5 hash:	B817A3469F1909432A76C6FEAA8F2B91
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000027.00000002.3680270900.0000000014BF6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000027.00000002.3680270900.000000001442A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 0%, ReversingLabs Detection: 3%, Virustotal, Browse
Has exited:	false

Show Windows behavior

Target ID:	40
Start time:	05:48:32
Start date:	15/08/2024
Path:	C:\Windows\System32\dllhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Imagebase:	0x7ff70f330000
File size:	21'312 bytes
MD5 hash:	08EB78E5BE019DF044C26B14703BD1FA
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	05:48:33
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\xdix_tkb.cmdline"
Imagebase:	0x400000
File size:	91'256 bytes
MD5 hash:	953344403C93E6FBB8C573273D645242
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	05:48:33
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	05:48:33
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESE380.tmp" "c:\Users\user\AppData\Local\Temp\CSCE37F.tmp"
Imagebase:	0x400000
File size:	41'648 bytes
MD5 hash:	3FDA06F8AA40293397F58A687EEABC1F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	05:48:34
Start date:	15/08/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	45
Start time:	05:48:35
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\1cwryiam.cmdline"
Imagebase:	0x400000
File size:	91'256 bytes
MD5 hash:	953344403C93E6FBB8C573273D645242
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	05:48:35
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	47
Start time:	05:48:35
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESEA18.tmp" "c:\Users\user\AppData\Local\Temp\CSCEA17.tmp"
Imagebase:	0x400000
File size:	41'648 bytes
MD5 hash:	3FDA06F8AA40293397F58A687EEABC1F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	49
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	50
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\omwb8eue.cmdline"
Imagebase:	0x400000
File size:	91'256 bytes
MD5 hash:	953344403C93E6FBB8C573273D645242
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/uxstate/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	53
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	55
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/uxstate/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	56
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/license/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	58
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	59
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/license/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	60
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/driverscan/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	61
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	62
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/driverscan/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	63
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/license/status/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	64
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	65
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/license/status/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	66
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	67
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	68
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/tests/progress/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	69
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	70
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/tests/progress/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	71
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	72
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/media/status/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	73
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	74
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/media/status/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	75
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/system/data/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	76
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	77
Start time:	05:48:36
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/system/data/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	78
Start time:	05:48:37
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/client/status/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	79
Start time:	05:48:37
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/client/status/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	80
Start time:	05:48:37
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	81
Start time:	05:48:37
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/client/reboot/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	82
Start time:	05:48:37
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	83
Start time:	05:48:37
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	84
Start time:	05:48:37
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/client/reboot/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	85
Start time:	05:48:37
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	86
Start time:	05:48:37
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://localhost:65411/client/apiinfo/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	87
Start time:	05:48:37
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	88
Start time:	05:48:37
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	89
Start time:	05:48:37
Start date:	15/08/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\netsh.exe" http add urlacl url=http://127.0.0.1:65411/client/apiinfo/ sddl=D:(A;;GX;;;S-1-1-0)
Imagebase:	0x7ff7efd80000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	90
Start time:	05:48:37
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	91
Start time:	05:48:37
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	92
Start time:	05:48:37
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	93
Start time:	05:48:37
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	94
Start time:	05:48:38
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESF478.tmp" "c:\Users\user\AppData\Local\Temp\CSCF467.tmp"
Imagebase:	0x400000
File size:	41'648 bytes
MD5 hash:	3FDA06F8AA40293397F58A687EEABC1F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	95
Start time:	05:48:39
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\nujzoc0o.cmdline"
Imagebase:	0x7ff6ec4b0000
File size:	91'256 bytes
MD5 hash:	953344403C93E6FBB8C573273D645242
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	96
Start time:	05:48:39
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	97
Start time:	05:48:40
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESFB3E.tmp" "c:\Users\user\AppData\Local\Temp\CSCFB3D.tmp"
Imagebase:	0x400000
File size:	41'648 bytes
MD5 hash:	3FDA06F8AA40293397F58A687EEABC1F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	98
Start time:	05:48:40
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\j12i-fj-.cmdline"
Imagebase:	0x400000
File size:	91'256 bytes
MD5 hash:	953344403C93E6FBB8C573273D645242
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	99
Start time:	05:48:40
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	100
Start time:	05:48:41
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESFF74.tmp" "c:\Users\user\AppData\Local\Temp\CSCFF64.tmp"
Imagebase:	0x400000
File size:	41'648 bytes
MD5 hash:	3FDA06F8AA40293397F58A687EEABC1F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	101
Start time:	05:48:42
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\2qmjnycu.cmdline"
Imagebase:	0x400000
File size:	91'256 bytes
MD5 hash:	953344403C93E6FBB8C573273D645242
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	102
Start time:	05:48:42
Start date:	15/08/2024
Path:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /applicationMode:systemTray /showWelcome:false
Imagebase:	0xb10000
File size:	10'714'752 bytes
MD5 hash:	B817A3469F1909432A76C6FEAA8F2B91
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	103
Start time:	05:48:42
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	104
Start time:	05:48:42
Start date:	15/08/2024
Path:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /showWelcome:false /action:checkRuleManifests /applicationMode:current
Imagebase:	0xfc0000
File size:	10'714'752 bytes
MD5 hash:	B817A3469F1909432A76C6FEAA8F2B91
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	105
Start time:	05:48:42
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES57F.tmp" "c:\Users\user\AppData\Local\Temp\CSC57E.tmp"
Imagebase:	0x400000
File size:	41'648 bytes
MD5 hash:	3FDA06F8AA40293397F58A687EEABC1F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	106
Start time:	05:48:42
Start date:	15/08/2024
Path:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /showWelcome:false /action:scheduledScan /applicationMode:current
Imagebase:	0xef0000
File size:	10'714'752 bytes
MD5 hash:	B817A3469F1909432A76C6FEAA8F2B91
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	107
Start time:	05:48:42
Start date:	15/08/2024
Path:	C:\Program Files (x86)\Driver Support\DriverSupport.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Driver Support\DriverSupport.exe" /showWelcome:false /action:checkForUpdate /applicationMode:current
Imagebase:	0x9b0000
File size:	10'714'752 bytes
MD5 hash:	B817A3469F1909432A76C6FEAA8F2B91
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	108
Start time:	05:48:44
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\eudbxj3q.cmdline"
Imagebase:	0x400000
File size:	91'256 bytes
MD5 hash:	953344403C93E6FBB8C573273D645242
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	109
Start time:	05:48:44
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	110
Start time:	05:48:44
Start date:	15/08/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESE2A.tmp" "c:\Users\user\AppData\Local\Temp\CSCE29.tmp"
Imagebase:	0x400000
File size:	41'648 bytes
MD5 hash:	3FDA06F8AA40293397F58A687EEABC1F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	111
Start time:	05:48:45
Start date:	15/08/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\WindowsPowerShell\v1.0\Powershell.exe" CheckNetIsolation LoopbackExempt -a -n='Microsoft.MicrosoftEdge_8wekyb3d8bbwe'
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	112
Start time:	05:48:45
Start date:	15/08/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	113
Start time:	05:48:46
Start date:	15/08/2024
Path:	C:\Windows\System32\CheckNetIsolation.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\CheckNetIsolation.exe" LoopbackExempt -a -n=Microsoft.MicrosoftEdge_8wekyb3d8bbwe
Imagebase:	0x7ff7614c0000
File size:	30'208 bytes
MD5 hash:	03CF7163B4837A001BD4667A8880D6CD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	114
Start time:	05:48:47
Start date:	15/08/2024
Path:	C:\Program Files (x86)\Driver Support\Agent.CPU.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\Driver Support\Agent.CPU.exe"
Imagebase:	0x270000
File size:	113'280 bytes
MD5 hash:	00A9A57A40D73E4F3C27F57933CCDC43
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000072.00000002.2413421231.0000000005102000.00000002.00000001.01000000.00000022.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000072.00000002.2419305324.0000000069898000.00000020.00000001.01000000.00000025.sdmp, Author: Joe Security
Antivirus matches:	Detection: 3%, ReversingLabs Detection: 3%, Virustotal, Browse
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	26.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	21.3%
Total number of Nodes:	1299
Total number of Limit Nodes:	41

Executed Functions

Function 0040322B Relevance: 94.9, APIs: 34, Strings: 20, Instructions: 357
stringcomfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE ref: 00403250
GetVersion.KERNEL32 ref: 00403256
lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040327F
#17.COMCTL32(00000007,00000009), ref: 004032A1
OleInitialize.OLE32(00000000), ref: 004032A8
SHGetFileInfoA.SHELL32(0041ECF0,00000000,?,00000160,00000000), ref: 004032C4
GetCommandLineA.KERNEL32(00422F20,NSIS Error), ref: 004032D9
GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe",00000000), ref: 004032EC
CharNextA.USER32(00000000,"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe",00000020), ref: 00403317
GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 00403414
GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403425
lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403431
GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403445
lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 0040344D
SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 0040345E
SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 00403466
DeleteFileA.KERNELBASE(1033), ref: 0040347A

Part of subcall function 004061FC: GetModuleHandleA.KERNEL32(?,?,?,00403295,00000009), ref: 0040620E
Part of subcall function 004061FC: GetProcAddress.KERNEL32(00000000,?), ref: 00406229

ExitProcess.KERNEL32(?), ref: 00403523
OleUninitialize.OLE32(?), ref: 00403528
ExitProcess.KERNEL32 ref: 00403549
GetCurrentProcess.KERNEL32(00000028,?), ref: 00403666
OpenProcessToken.ADVAPI32(00000000), ref: 0040366D
LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403685
AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 004036A4
ExitWindowsEx.USER32(00000002,80040002), ref: 004036C8
ExitProcess.KERNEL32 ref: 004036EB

Part of subcall function 00405659: MessageBoxIndirectA.USER32(00409230), ref: 004056B4

Strings

SeShutdownPrivilege, xrefs: 0040367F
C:\Program Files (x86)\Driver Support, xrefs: 004033F9, 004034FA, 004035A4, 004035AD
Low, xrefs: 00403447
C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, xrefs: 00403606
Error launching installer, xrefs: 004034E0
NSIS Error, xrefs: 004032CA
C:\Users\user\Desktop, xrefs: 0040357B, 00403580, 004035AC
.tmp, xrefs: 00403570
UXTHEME, xrefs: 00403273, 00403278, 0040327E
C:\Program Files (x86)\Driver Support, xrefs: 00403505
"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe", xrefs: 004032DF, 004032E5, 0040349E
C:\Users\user\AppData\Local\Temp\, xrefs: 00403409, 0040340E, 00403424, 00403430, 0040343F, 0040344C, 00403458, 00403460, 00403559, 0040356A, 00403575, 00403581, 0040358E, 0040359D, 0040364C
1033, xrefs: 00403475
TMP, xrefs: 00403461
TEMP, xrefs: 00403459
~nsu, xrefs: 00403554
\Temp, xrefs: 0040342B
Error writing temporary file. Make sure your temp folder is valid., xrefs: 0040323F
", xrefs: 0040333C
success, xrefs: 004035BB

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Process$Exit$EnvironmentFileHandleModulePathTempTokenVariableWindowslstrcat$AddressAdjustCharCommandCurrentDeleteDirectoryErrorIndirectInfoInitializeLineLookupMessageModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrlen
String ID: "$"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe"$.tmp$1033$C:\Program Files (x86)\Driver Support$C:\Program Files (x86)\Driver Support$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$success$~nsu
API String ID: 3329125770-2581859777
Opcode ID: f4ccfb07b0e794cd2368cd9675b68239bf4e90d7d1a975c0a266ed14517ad69b
Instruction ID: 576d03f4a97a107fe364ed0b5bad1c5a822c5763e21245f1fe88aefb499f64b7
Opcode Fuzzy Hash: f4ccfb07b0e794cd2368cd9675b68239bf4e90d7d1a975c0a266ed14517ad69b
Instruction Fuzzy Hash: 4DC106706082417AE7216F319D4DA2B3EA9EF85746F04457FF481B61E2CB7C9A01CB6E

Function 004051BA Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282
windowclipboardmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetDlgItem.USER32(?,00000403), ref: 00405219
GetDlgItem.USER32(?,000003EE), ref: 00405228
GetClientRect.USER32(?,?), ref: 00405265
GetSystemMetrics.USER32(00000002), ref: 0040526C
SendMessageA.USER32(?,0000101B,00000000,?), ref: 0040528D
SendMessageA.USER32(?,00001036,00004000,00004000), ref: 0040529E
SendMessageA.USER32(?,00001001,00000000,?), ref: 004052B1
SendMessageA.USER32(?,00001026,00000000,?), ref: 004052BF
SendMessageA.USER32(?,00001024,00000000,?), ref: 004052D2
ShowWindow.USER32(00000000,?,0000001B,?), ref: 004052F4
ShowWindow.USER32(?,00000008), ref: 00405308
GetDlgItem.USER32(?,000003EC), ref: 00405329
SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405339
SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00405352
SendMessageA.USER32(00000000,00002001,00000000,?), ref: 0040535E
GetDlgItem.USER32(?,000003F8), ref: 00405237

Part of subcall function 0040407D: SendMessageA.USER32(00000028,?,00000001,00403EAE), ref: 0040408B

GetDlgItem.USER32(?,000003EC), ref: 0040537A
CreateThread.KERNELBASE(00000000,00000000,Function_0000514E,00000000), ref: 00405388
FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040538F
ShowWindow.USER32(00000000), ref: 004053B2
ShowWindow.USER32(?,00000008), ref: 004053B9
ShowWindow.USER32(00000008), ref: 004053FF
SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405433
CreatePopupMenu.USER32 ref: 00405444
AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405459
GetWindowRect.USER32(?,000000FF), ref: 00405479
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405492
SendMessageA.USER32(?,0000102D,00000000,?), ref: 004054CE
OpenClipboard.USER32(00000000), ref: 004054DE
EmptyClipboard.USER32 ref: 004054E4
GlobalAlloc.KERNEL32(00000042,?), ref: 004054ED
GlobalLock.KERNEL32(00000000), ref: 004054F7
SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040550B
GlobalUnlock.KERNEL32(00000000), ref: 00405524
SetClipboardData.USER32(00000001,00000000), ref: 0040552F
CloseClipboard.USER32 ref: 00405535

Strings

Driver Support Setup , xrefs: 004054AA

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
String ID: Driver Support Setup
API String ID: 4154960007-3250207643
Opcode ID: 19af18225f3d6a06406101e0b67d5efedd4b903bdf76c278e79e4a0bb0c8326d
Instruction ID: 22ae5336f142fb48a9cf727d400d9a9d64ef180589f118636d3b9fd0a83d5397
Opcode Fuzzy Hash: 19af18225f3d6a06406101e0b67d5efedd4b903bdf76c278e79e4a0bb0c8326d
Instruction Fuzzy Hash: 0FA147B1900208BFDB119FA0DD89EAE7BB9FB08355F00407AFA05B61A0C7B55E51DF69

Function 00405705 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DeleteFileA.KERNELBASE(?,?,74DF3410,74DF2EE0,00000000), ref: 0040572E
lstrcatA.KERNEL32(00420D38,\*.*,00420D38,?,?,74DF3410,74DF2EE0,00000000), ref: 00405776
lstrcatA.KERNEL32(?,00409014,?,00420D38,?,?,74DF3410,74DF2EE0,00000000), ref: 00405797
lstrlenA.KERNEL32(?,?,00409014,?,00420D38,?,?,74DF3410,74DF2EE0,00000000), ref: 0040579D
FindFirstFileA.KERNELBASE(00420D38,?,?,?,00409014,?,00420D38,?,?,74DF3410,74DF2EE0,00000000), ref: 004057AE
FindNextFileA.KERNELBASE(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 0040585B
FindClose.KERNEL32(00000000), ref: 0040586C

Strings

"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe", xrefs: 00405705
8B, xrefs: 0040575E
\*.*, xrefs: 00405770

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe"$8B$\*.*
API String ID: 2035342205-3491440243
Opcode ID: 24cac4d93cf5da8dc2252ed7b5c7d46d1edb9b71d2bce9283bb7b2a387715e8a
Instruction ID: 0bcf9a9e67a33d50b3dc7b196bcae3add4761e648fc1c1af8ecd3a5bcda4d25e
Opcode Fuzzy Hash: 24cac4d93cf5da8dc2252ed7b5c7d46d1edb9b71d2bce9283bb7b2a387715e8a
Instruction Fuzzy Hash: 8F51A331800A08BADF217B658C89BAF7B78DF46754F14807BF851761D2C73C8991DEAA

Function 004064AE Relevance: 5.4, APIs: 4, Instructions: 382COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0a3870b215c6cb57f5be28c47361f52d581e4686ba2b9b0247380936f8f490c
Instruction ID: 4218cb5ebcdace98cdb1216374bea5ca06482cd82b52ee1cf8be947d1aeb6f3c
Opcode Fuzzy Hash: a0a3870b215c6cb57f5be28c47361f52d581e4686ba2b9b0247380936f8f490c
Instruction Fuzzy Hash: 29F17570D00269CBDF28CFA8C8946ADBBB1FF44305F25856ED856BB281D3785A96CF44

Function 00406167 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNELBASE(74DF3410,00421580,C:\,00405A06,C:\,C:\,00000000,C:\,C:\,74DF3410,?,74DF2EE0,00405725,?,74DF3410,74DF2EE0), ref: 00406172
FindClose.KERNELBASE(00000000), ref: 0040617E

Strings

C:\, xrefs: 00406167

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID: C:\
API String ID: 2295610775-3404278061
Opcode ID: f9303f41664d55177506eb3caad4b25aa18344ea0c32c7844788a1b00efad07c
Instruction ID: 121c98e09340d698ac486e65b2e2524f4cd38212b93dde10f2a633de382b9f18
Opcode Fuzzy Hash: f9303f41664d55177506eb3caad4b25aa18344ea0c32c7844788a1b00efad07c
Instruction Fuzzy Hash: 82D012319190207FC34117396C0C84B7A589F653317528B33F86AF52F0D3349CA286ED

Function 00403B75 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345
windowstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403BB1
ShowWindow.USER32(?), ref: 00403BCE
DestroyWindow.USER32 ref: 00403BE2
SetWindowLongA.USER32(?,00000000,00000000), ref: 00403BFE
GetDlgItem.USER32(?,?), ref: 00403C1F
SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403C33
IsWindowEnabled.USER32(00000000), ref: 00403C3A
GetDlgItem.USER32(?,00000001), ref: 00403CE8
GetDlgItem.USER32(?,00000002), ref: 00403CF2
SetClassLongA.USER32(?,000000F2,?), ref: 00403D0C
SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403D5D
GetDlgItem.USER32(?,00000003), ref: 00403E03
ShowWindow.USER32(00000000,?), ref: 00403E24
KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403E36
KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403E51
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403E67
EnableMenuItem.USER32(00000000), ref: 00403E6E
SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403E86
SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403E99
lstrlenA.KERNEL32(Driver Support Setup ,?,Driver Support Setup ,00422F20), ref: 00403EC2
SetWindowTextA.USER32(?,Driver Support Setup ), ref: 00403ED1
ShowWindow.USER32(?,0000000A), ref: 00404005

Strings

Driver Support Setup , xrefs: 00403EAE, 00403EB8, 00403EC1, 00403ECF

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$Item$MessageSend$Show$CallbackDispatcherLongMenuUser$ClassDestroyEnableEnabledSystemTextlstrlen
String ID: Driver Support Setup
API String ID: 1252290697-3250207643
Opcode ID: 5db2143f2917a894034b19fc2abb5fc3ef727a551cec3093833a2ac212f5d40f
Instruction ID: c8c4f9f6fa32ab432123c95edc0b9dc077676c0f3e6a7dc1ab02adf3a8b3c805
Opcode Fuzzy Hash: 5db2143f2917a894034b19fc2abb5fc3ef727a551cec3093833a2ac212f5d40f
Instruction Fuzzy Hash: 54C1D3B1A04205BBDB206F61ED89D2B3A78FB85306F51443EF611B11F1C779A942AB1E

Function 004037E3 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215
stringregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004061FC: GetModuleHandleA.KERNEL32(?,?,?,00403295,00000009), ref: 0040620E
Part of subcall function 004061FC: GetProcAddress.KERNEL32(00000000,?), ref: 00406229

lstrcatA.KERNEL32(1033,Driver Support Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Driver Support Setup ,00000000,00000002,74DF3410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe",00000000), ref: 0040385E
lstrlenA.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files (x86)\Driver Support,1033,Driver Support Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Driver Support Setup ,00000000,00000002,74DF3410), ref: 004038D3
lstrcmpiA.KERNEL32(?,.exe), ref: 004038E6
GetFileAttributesA.KERNEL32(Remove folder: ), ref: 004038F1
LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Program Files (x86)\Driver Support), ref: 0040393A

Part of subcall function 00405DC1: wsprintfA.USER32 ref: 00405DCE

RegisterClassA.USER32(00422EC0), ref: 00403977
SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0040398F
CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 004039C4
ShowWindow.USER32(00000005,00000000), ref: 004039FA
GetClassInfoA.USER32(00000000,RichEdit20A,00422EC0), ref: 00403A26
GetClassInfoA.USER32(00000000,RichEdit,00422EC0), ref: 00403A33
RegisterClassA.USER32(00422EC0), ref: 00403A3C
DialogBoxParamA.USER32(?,00000000,00403B75,00000000), ref: 00403A5B

Strings

C:\Program Files (x86)\Driver Support, xrefs: 0040386D, 00403875, 0040390D, 00403913, 00403923
RichEd32, xrefs: 00403A0E
Driver Support Setup , xrefs: 0040380F, 00403815, 0040383A, 00403843, 00403858
.exe, xrefs: 004038E0
RichEdit, xrefs: 00403A2D
RichEd20, xrefs: 00403A00
.DEFAULT\Control Panel\International, xrefs: 00403849
"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe", xrefs: 004037E7
Control Panel\Desktop\ResourceLocale, xrefs: 00403817
_Nb, xrefs: 00403956, 004039BE
RichEdit20A, xrefs: 00403A1E, 00403A24
C:\Users\user\AppData\Local\Temp\, xrefs: 004037E8
1033, xrefs: 00403803, 00403859
Remove folder: , xrefs: 004038A1, 004038A9, 004038B6, 00403900, 00403906

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Program Files (x86)\Driver Support$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Driver Support Setup $Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
API String ID: 1975747703-1978168300
Opcode ID: 973674b0575fd1c65c4a1af54ba3428f03aaf07a2d31d59e7ee42f109e90b729
Instruction ID: 6c8974e4dfdcf182ca6d095a6101ff5518a0df20e425d3d5ae506d2571b44078
Opcode Fuzzy Hash: 973674b0575fd1c65c4a1af54ba3428f03aaf07a2d31d59e7ee42f109e90b729
Instruction Fuzzy Hash: 076191B17442007ED620AF659D45F2B3AACEB8475AF40447FF941B22E2C7BC9D029A7D

Function 00404191 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 205
windowstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 0040421C
GetDlgItem.USER32(00000000,000003E8), ref: 00404230
SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040424E
GetSysColor.USER32(?), ref: 0040425F
SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040426E
SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040427D
lstrlenA.KERNEL32(?), ref: 00404280
SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 0040428F
SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004042A4
GetDlgItem.USER32(?,0000040A), ref: 00404306
SendMessageA.USER32(00000000), ref: 00404309
GetDlgItem.USER32(?,000003E8), ref: 00404334
SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404374
LoadCursorA.USER32(00000000,00007F02), ref: 00404383
SetCursor.USER32(00000000), ref: 0040438C
ShellExecuteA.SHELL32(0000070B,open,004226C0,00000000,00000000,00000001), ref: 0040439F
LoadCursorA.USER32(00000000,00007F00), ref: 004043AC
SetCursor.USER32(00000000), ref: 004043AF
SendMessageA.USER32(00000111,00000001,00000000), ref: 004043DB
SendMessageA.USER32(00000010,00000000,00000000), ref: 004043EF

Strings

\A@, xrefs: 00404394
open, xrefs: 00404397
Remove folder: , xrefs: 0040435F
N, xrefs: 00404322

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
String ID: N$Remove folder: $\A@$open
API String ID: 3615053054-2758328528
Opcode ID: 0d3f312fefaf2c190e171dfa2e1175f61d5d84c52849205d92d9bfd162526d75
Instruction ID: aa20bcc63d66581fa7bbac4c1809bf2e03719b1a0f02ef32c38fc7c0d03722a0
Opcode Fuzzy Hash: 0d3f312fefaf2c190e171dfa2e1175f61d5d84c52849205d92d9bfd162526d75
Instruction Fuzzy Hash: 3D6191B1A40209BBEF109F61DC45F6A7B69FB84714F108036FB01BA2D1C7B8A951CF98

Function 00402CB6 Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 203
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00402CCA
GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe,00000400), ref: 00402CE6

Part of subcall function 00405AD6: GetFileAttributesA.KERNELBASE(00000003,00402CF9,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe,80000000,00000003), ref: 00405ADA
Part of subcall function 00405AD6: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405AFC

GetFileSize.KERNEL32(00000000,00000000,SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe,80000000,00000003), ref: 00402D2F
GlobalAlloc.KERNELBASE(00000040,00409130), ref: 00402E76

Strings

Null, xrefs: 00402DAF
"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe", xrefs: 00402CB6
Inst, xrefs: 00402D9D
C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, xrefs: 00402CD0, 00402CDF, 00402CF3, 00402D10
Error launching installer, xrefs: 00402D06
SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe, xrefs: 00402D23
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402F0D
C:\Users\user\AppData\Local\Temp\, xrefs: 00402CC0, 00402E8E
soft, xrefs: 00402DA6
C:\Users\user\Desktop, xrefs: 00402D11, 00402D16, 00402D1C
Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402EBF

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe$soft
API String ID: 2803837635-2559986416
Opcode ID: ead6bde51c37ea53951fbe13ca2cc745f63f52fca57c9fe79df6b08f7621e9ee
Instruction ID: 6560279c47655c84bfe4d90bfb6f1ef804bba6314c77a30d8371cd5976d9e3e8
Opcode Fuzzy Hash: ead6bde51c37ea53951fbe13ca2cc745f63f52fca57c9fe79df6b08f7621e9ee
Instruction Fuzzy Hash: C66103B1A40215ABDB20AF60DE89B9E77B8EB04354F51413BF501B72D1D7BC9E818B9C

Function 00405E85 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 199
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersion.KERNEL32(?,Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00000000,004050B4,Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00000000), ref: 00405F36
GetSystemDirectoryA.KERNEL32(Remove folder: ,00000400), ref: 00405FB1
GetWindowsDirectoryA.KERNEL32(Remove folder: ,00000400), ref: 00405FC4
SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00406000
SHGetPathFromIDListA.SHELL32(00000000,Remove folder: ), ref: 0040600E
CoTaskMemFree.OLE32(00000000), ref: 00406019
lstrcatA.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040603B
lstrlenA.KERNEL32(Remove folder: ,?,Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00000000,004050B4,Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00000000), ref: 0040608D

Strings

Software\Microsoft\Windows\CurrentVersion, xrefs: 00405F80
Remove folder: , xrefs: 00405EAC, 00405F7E, 00405F9B, 00405FB0, 00405FC3, 00405FDF, 0040600A, 0040603A, 00406040, 00406058, 0040606B, 00406086, 0040608C, 00406097, 004060C1
\Microsoft\Internet Explorer\Quick Launch, xrefs: 00406035
Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\, xrefs: 00405EB4
success, xrefs: 00406065

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$success
API String ID: 900638850-3977865968
Opcode ID: d636f2ff673ad150710af49f9aba5b8caeaeebcde03bf82713dac66827127ef6
Instruction ID: a8b5a8e5c19b1295dd56f0f1fbd515d1e85c9865fba9c5a77ffde0f73355f29a
Opcode Fuzzy Hash: d636f2ff673ad150710af49f9aba5b8caeaeebcde03bf82713dac66827127ef6
Instruction Fuzzy Hash: DE6123B1A40502ABDF219F24CC84BBB3BB4DB45354F15813BE902B62D1D37D4952DB5E

Function 00401751 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 147
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcatA.KERNEL32(00000000,00000000,Unload,C:\Program Files (x86)\Driver Support,00000000,00000000,00000031), ref: 00401790
CompareFileTime.KERNEL32(-00000014,?,Unload,Unload,00000000,00000000,Unload,C:\Program Files (x86)\Driver Support,00000000,00000000,00000031), ref: 004017BA

Part of subcall function 00405E63: lstrcpynA.KERNEL32(?,?,00000400,004032D9,00422F20,NSIS Error), ref: 00405E70

Part of subcall function 0040507C: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000,?), ref: 004050B5
Part of subcall function 0040507C: lstrlenA.KERNEL32(00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000), ref: 004050C5
Part of subcall function 0040507C: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00402C8E,00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00000000,00000000,00000000), ref: 004050D8
Part of subcall function 0040507C: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\), ref: 004050EA
Part of subcall function 0040507C: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405110
Part of subcall function 0040507C: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040512A
Part of subcall function 0040507C: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405138

Strings

C:\Program Files (x86)\Driver Support, xrefs: 0040177E
C:\Users\user\AppData\Local\Temp\nso2EC8.tmp, xrefs: 0040179B, 0040180A, 00401828
C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\Linker.dll, xrefs: 0040181E, 0040183A
Unload, xrefs: 0040176D, 00401783, 00401795, 004017A6, 004017DC, 004017F2, 00401810, 00401850, 004018D1, 004018DA, 004018E4, 004018EF
success, xrefs: 00401805, 00401811, 00401829

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID: C:\Program Files (x86)\Driver Support$C:\Users\user\AppData\Local\Temp\nso2EC8.tmp$C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\Linker.dll$Unload$success
API String ID: 1941528284-4197946911
Opcode ID: ed2e71a124ee621cc86b50bbc6c57a94805f5e419fbec7ee0a9e077db08216a2
Instruction ID: 7023b4eef350b7a4ada653e1e4d9b110c77c4e6d7f727d83c91ff2b2eb458513
Opcode Fuzzy Hash: ed2e71a124ee621cc86b50bbc6c57a94805f5e419fbec7ee0a9e077db08216a2
Instruction Fuzzy Hash: 3941C472A00514BACF107BB5CC85EAF3668EF45369B20863BF121B21E1D67C4A41CBAD

Function 0040507C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73
stringwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000,?), ref: 004050B5
lstrlenA.KERNEL32(00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000), ref: 004050C5
lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00402C8E,00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00000000,00000000,00000000), ref: 004050D8
SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\), ref: 004050EA
SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405110
SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040512A
SendMessageA.USER32(?,00001013,?,00000000), ref: 00405138

Strings

Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\, xrefs: 0040509C, 004050AE, 004050B4, 004050D7, 004050E3

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$lstrlen$TextWindowlstrcat
String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\
API String ID: 2531174081-2542197082
Opcode ID: 871ddc24a54fb64aeccd7c8069c75cad2e612add14608668d5a5d769126a8d66
Instruction ID: 0932fbc12a6b25bcac4b474ac1e4098b180b1803f9783341f4c7184ef00e87b2
Opcode Fuzzy Hash: 871ddc24a54fb64aeccd7c8069c75cad2e612add14608668d5a5d769126a8d66
Instruction Fuzzy Hash: 7E218C71E00508BADF119FA5CD84EDFBFA9EF04358F14807AF944A6291C7789A41CFA8

Function 00405542 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405585
GetLastError.KERNEL32 ref: 00405599
SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004055AE
GetLastError.KERNEL32 ref: 004055B8

Strings

ts@, xrefs: 00405548
ds@, xrefs: 00405577
C:\Users\user\AppData\Local\Temp\, xrefs: 00405568
C:\Users\user\Desktop, xrefs: 00405542

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ErrorLast$CreateDirectoryFileSecurity
String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$ds@$ts@
API String ID: 3449924974-3946084282
Opcode ID: f10b22bb5142ab39e3e91bc7df170e02474760785f1b3b99a39c7e09e389b4b4
Instruction ID: 9e56051543debb7748005a245647f72f9f0c442d478d44b0b7514676580bb89d
Opcode Fuzzy Hash: f10b22bb5142ab39e3e91bc7df170e02474760785f1b3b99a39c7e09e389b4b4
Instruction Fuzzy Hash: 2701E571D14259EAEF119BA0CD487EFBBB9EB04354F008176E905B6280D378A604CBAA

Function 00401F90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401FBB
LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FCB
GetProcAddress.KERNEL32(00000000,?), ref: 00401FDB
KiUserCallbackDispatcher.NTDLL(?,00000400,success,0040A804,00409000,?,00000008,00000001,000000F0), ref: 0040201C

Part of subcall function 0040507C: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000,?), ref: 004050B5
Part of subcall function 0040507C: lstrlenA.KERNEL32(00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000), ref: 004050C5
Part of subcall function 0040507C: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00402C8E,00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00000000,00000000,00000000), ref: 004050D8
Part of subcall function 0040507C: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\), ref: 004050EA
Part of subcall function 0040507C: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405110
Part of subcall function 0040507C: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040512A
Part of subcall function 0040507C: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405138

FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402045

Strings

success, xrefs: 0040200F

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$Librarylstrlen$AddressCallbackDispatcherFreeHandleLoadModuleProcTextUserWindowlstrcat
String ID: success
API String ID: 4236411475-1862328242
Opcode ID: e3c3d8a1629abc745538675de81c2d5dcd54a9ae6fab7bf6c9fd3347a21f082d
Instruction ID: 215a549463b1ff6cdb2c8ab56b147df35cc58612cba094cab406bca79a610b2d
Opcode Fuzzy Hash: e3c3d8a1629abc745538675de81c2d5dcd54a9ae6fab7bf6c9fd3347a21f082d
Instruction Fuzzy Hash: A0212E76904215FBDF217F648E48A6E3670AB45318F30423BF701B62D0D7BC4942DA6E

Function 0040618E Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004061A5
wsprintfA.USER32 ref: 004061DE
LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004061F2

Strings

\, xrefs: 004061B6
%s%s.dll, xrefs: 004061D8
UXTHEME, xrefs: 00406197

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: DirectoryLibraryLoadSystemwsprintf
String ID: %s%s.dll$UXTHEME$\
API String ID: 2200240437-4240819195
Opcode ID: c7ba92785c192ffb77ecdfb90d0fa47c7b7783556fece6129122b9a6395f8fae
Instruction ID: 17d4186d305cf40b40e49104478d07e272734a7bb4b2e73e379b3f466295ecaf
Opcode Fuzzy Hash: c7ba92785c192ffb77ecdfb90d0fa47c7b7783556fece6129122b9a6395f8fae
Instruction Fuzzy Hash: D1F0FC3095410567DB159768DC0DFFF365CBB08304F140176A546E51D2D574E9288B69

Function 00402364 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71
registrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023A2
lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nso2EC8.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004023C2
RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nso2EC8.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023FB
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nso2EC8.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024D8

Strings

C:\Users\user\AppData\Local\Temp\nso2EC8.tmp, xrefs: 004023B3, 004023C1, 004023D5, 004023E5, 004023F0

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseCreateValuelstrlen
String ID: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp
API String ID: 1356686001-315260112
Opcode ID: 5ce712f4e1739de124f64f4b839393a0bfa859876734d361c8acd2ce35003557
Instruction ID: 5da3480c5977201a3ee5f00a5bba4dd76bcb837ef72d2191196963f4bf358416
Opcode Fuzzy Hash: 5ce712f4e1739de124f64f4b839393a0bfa859876734d361c8acd2ce35003557
Instruction Fuzzy Hash: C91175B1E00108BFEB10EFA4DE89EAF7A79EB54358F10403AF505B61D1D7B85D419B28

Function 00405B05 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00405B19
GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 00405B33

Strings

"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe", xrefs: 00405B05
nsa, xrefs: 00405B10
C:\Users\user\AppData\Local\Temp\, xrefs: 00405B08

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe"$C:\Users\user\AppData\Local\Temp\$nsa
API String ID: 1716503409-1395079193
Opcode ID: fefc0482c854070ed442c91c2c9b831f833a608d20a08577fe9f9df7fb59a314
Instruction ID: 324d89babc139fd35718223d4ac3f7893030d86c2087b7febc7e38ed5d635a65
Opcode Fuzzy Hash: fefc0482c854070ed442c91c2c9b831f833a608d20a08577fe9f9df7fb59a314
Instruction Fuzzy Hash: ABF082367486086BDB109F55EC08B9BBBADDF91750F10C03BFA089A1D0D6B1B9548B59

Function 004062FF Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 198COMMON

Download Yara Rule

Strings

ntIndirectA, xrefs: 004062FF

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ntIndirectA
API String ID: 0-4263908498
Opcode ID: 344cb5358226c0404198c7d180aef45b95627368966a6db8480b9102282d8a8c
Instruction ID: 250af7da94f29308333f8738aaa2927d74ee5fc9a8e658dcecc26e0f3faccd11
Opcode Fuzzy Hash: 344cb5358226c0404198c7d180aef45b95627368966a6db8480b9102282d8a8c
Instruction Fuzzy Hash: A7816631E04228DBDF24CFA9C8447AEBBB1FF44305F11816AD856BB281C7785A96CF54

Function 00401CDE Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?), ref: 00401CE2
GetClientRect.USER32(00000000,?), ref: 00401CEF
LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D10
SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
DeleteObject.GDI32(00000000), ref: 00401D2D

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 4b124ebf7538d090bfdb3da7142055cc4b6059543a11cd4ffa057e0c03021937
Instruction ID: 869b35d44be7719ac4f8667573c2d83536e062a508785c5670752e956bf1946f
Opcode Fuzzy Hash: 4b124ebf7538d090bfdb3da7142055cc4b6059543a11cd4ffa057e0c03021937
Instruction Fuzzy Hash: 1BF0ECB2A04114AFEB01ABE4DD88DAFB7BDEB54305B104476F602F6191C7749D018B79

Function 00403064 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00403078

Part of subcall function 004031E3: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EE1,?), ref: 004031F1

SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,00402F8E,00000004,00000000,00000000,?,?,00402F08,000000FF,00000000,00000000,00409130,?), ref: 004030AB
SetFilePointer.KERNELBASE(00129B10,00000000,00000000,004128D8,00004000,?,00000000,00402F8E,00000004,00000000,00000000,?,?,00402F08,000000FF,00000000), ref: 004031A6

Strings

ntIndirectA, xrefs: 004030BD, 00403158

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FilePointer$CountTick
String ID: ntIndirectA
API String ID: 1092082344-4263908498
Opcode ID: a36c4bf57cb6e858ef063313d681270ada8638ec8a77c6c3e08efa629b838403
Instruction ID: 32da71d67e65fe5252f8ded7d9303c2dcf981c5e4867c3c67dada36b4a4d5a13
Opcode Fuzzy Hash: a36c4bf57cb6e858ef063313d681270ada8638ec8a77c6c3e08efa629b838403
Instruction Fuzzy Hash: DD31B2B29012109FDB10BF2AFE4086A3BECE748356715823BE400B62E0C739DD52DB5E

Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON

Download Yara Rule

APIs

SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C42

Strings

!, xrefs: 00401BFE

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: ad1d7a036ab88fba9f9fdc6597bbebd1d15290bbc18337a07dfb235f94005d72
Instruction ID: c441286f21dc3666a3e0908ea9deaf0382d764bfe0b712af27a045ad0adee08b
Opcode Fuzzy Hash: ad1d7a036ab88fba9f9fdc6597bbebd1d15290bbc18337a07dfb235f94005d72
Instruction Fuzzy Hash: 1A216271A44108BFEF129FB0C94AAAE7B75DB44308F14807EF541B61D1D6B886419B29

Function 004036F1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403528,?), ref: 00403703
CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403528,?), ref: 00403717

Strings

C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\, xrefs: 00403727
C:\Users\user\AppData\Local\Temp\, xrefs: 004036F6

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Close$ChangeFindHandleNotification
String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\
API String ID: 4069496961-368985369
Opcode ID: bce50272980b2b115c412ee18181e99af888c32c9f017689cab30043875d87d7
Instruction ID: a64c404821d2138faf7c298dc7aa4842799881c741ebf925b7f901023762ac75
Opcode Fuzzy Hash: bce50272980b2b115c412ee18181e99af888c32c9f017689cab30043875d87d7
Instruction Fuzzy Hash: C6E086B0500620D6C524AF7CAD855463B196B413357208322F574F30F1C338AD435EAC

Function 004015B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

Part of subcall function 0040596E: CharNextA.USER32(?,?,C:\,?,004059DA,C:\,C:\,74DF3410,?,74DF2EE0,00405725,?,74DF3410,74DF2EE0,00000000), ref: 0040597C
Part of subcall function 0040596E: CharNextA.USER32(00000000), ref: 00405981
Part of subcall function 0040596E: CharNextA.USER32(00000000), ref: 00405995

GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605

Part of subcall function 00405542: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405585

SetCurrentDirectoryA.KERNELBASE(00000000,C:\Program Files (x86)\Driver Support,00000000,00000000,000000F0), ref: 00401634

Strings

C:\Program Files (x86)\Driver Support, xrefs: 00401629

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CharNext$Directory$AttributesCreateCurrentFile
String ID: C:\Program Files (x86)\Driver Support
API String ID: 1892508949-3313422455
Opcode ID: 7c082fd94d62b49e0a0772216ac902d0a5e288ced7259b00feb75cd76b1be880
Instruction ID: f000a06b92b438bb55e13d50866b264c9e4ef6e61e5cb38cc97b05dde0840845
Opcode Fuzzy Hash: 7c082fd94d62b49e0a0772216ac902d0a5e288ced7259b00feb75cd76b1be880
Instruction Fuzzy Hash: 3F110436504151BFEF217B654C405BF27B0EA92324738467FE592B22E6C63C0A42AA3E

Function 004059C3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00405E63: lstrcpynA.KERNEL32(?,?,00000400,004032D9,00422F20,NSIS Error), ref: 00405E70

Part of subcall function 0040596E: CharNextA.USER32(?,?,C:\,?,004059DA,C:\,C:\,74DF3410,?,74DF2EE0,00405725,?,74DF3410,74DF2EE0,00000000), ref: 0040597C
Part of subcall function 0040596E: CharNextA.USER32(00000000), ref: 00405981
Part of subcall function 0040596E: CharNextA.USER32(00000000), ref: 00405995

lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,74DF3410,?,74DF2EE0,00405725,?,74DF3410,74DF2EE0,00000000), ref: 00405A16
GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,74DF3410,?,74DF2EE0,00405725,?,74DF3410,74DF2EE0), ref: 00405A26

Strings

C:\, xrefs: 004059C9, 004059CE, 004059D4, 00405A0F, 00405A15, 00405A1D, 00405A25

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CharNext$AttributesFilelstrcpynlstrlen
String ID: C:\
API String ID: 3248276644-3404278061
Opcode ID: 0ef386635608f692f0e7c0f61560742430c47c7f4d5a656852c6bdb0725f2d70
Instruction ID: c86e2d8d38d71570b191e9a15eff5061e4cbb4187268480765cc96090d0558f9
Opcode Fuzzy Hash: 0ef386635608f692f0e7c0f61560742430c47c7f4d5a656852c6bdb0725f2d70
Instruction Fuzzy Hash: A2F07D71200D5052C73233350C4669F1644CE82374708023BF8A0B22D2D73C8D02CD7D

Function 004055F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00421538,Error launching installer), ref: 0040561D
CloseHandle.KERNEL32(?), ref: 0040562A

Strings

Error launching installer, xrefs: 00405607

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID: Error launching installer
API String ID: 3712363035-66219284
Opcode ID: 8605fb0cc1bd08462260b177f6e223d0fe872a64a1cb3e3de70a479640e30f4e
Instruction ID: f5a249c54adfd8c255b7380a03a9b1716d63bb632b604881324be9db7dcd8e21
Opcode Fuzzy Hash: 8605fb0cc1bd08462260b177f6e223d0fe872a64a1cb3e3de70a479640e30f4e
Instruction Fuzzy Hash: EAE0BFB4A002097FEB109B64ED45F7B76ACEB10704F908571BD15F2160D678A9518A79

Function 004068E3 Relevance: 5.2, APIs: 4, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8132e083a1160923351ce27f8cc58d18c93b4828372388658a00552e8c1634b1
Instruction ID: 9d08257b753d1dc8d50a425e5d18a9377fc83dd762af72a05302a0d5f43d32a7
Opcode Fuzzy Hash: 8132e083a1160923351ce27f8cc58d18c93b4828372388658a00552e8c1634b1
Instruction Fuzzy Hash: EDA13571E00228CBDB28CFA9C8547ADBBB1FF44305F15816ED856BB281D7785A96CF44

Function 00406AE4 Relevance: 5.2, APIs: 4, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd2b84360dd7c3bf672bcc78a832e40c60aaabd2d33ded0d5d318971a638696
Instruction ID: 4069c4fc72520be48e16bfd385b53c7c255c7f0e47fd3261c7dbfe51bff91a5a
Opcode Fuzzy Hash: 8cd2b84360dd7c3bf672bcc78a832e40c60aaabd2d33ded0d5d318971a638696
Instruction Fuzzy Hash: 0B913470E04228CBEF28CF99C8547ADBBB1FF44305F15816AD856BB291C378A996CF44

Function 004067FA Relevance: 5.2, APIs: 4, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41c8aa7f72f1f93a2cbcdf9f632d1ef5542b7afda86631119225c1b51720529c
Instruction ID: e16a5cd5122dbeef30614bcf2b0def54f3f28e6aa070a3c0d2e235184150711d
Opcode Fuzzy Hash: 41c8aa7f72f1f93a2cbcdf9f632d1ef5542b7afda86631119225c1b51720529c
Instruction Fuzzy Hash: B1814771E04228CBDF24CFA9C8447ADBBB1FF44305F25816AD856BB281C7789996CF54

Function 0040674D Relevance: 5.2, APIs: 4, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fcb4a8d7ef675eb47b5d59acfe40d72c7d0968365e25b36553ac1c3905db65f
Instruction ID: d3a2940f28ad1956632bfd73bee9eff7b9b7c3d901c1c2bf8e917ae235022c86
Opcode Fuzzy Hash: 2fcb4a8d7ef675eb47b5d59acfe40d72c7d0968365e25b36553ac1c3905db65f
Instruction Fuzzy Hash: 2D713471E00228DBDF24CFA9C8547ADBBB1FF44305F15806AD816BB281C778AA96DF54

Function 0040686B Relevance: 5.2, APIs: 4, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da2f706e7974a2021bad9ffdb380539c5442a57272a58128905f842303d595e8
Instruction ID: aa5f261e6b50ba4db5ffebf04d3efdb0ff665d1262494a5322ec58a673e68ddc
Opcode Fuzzy Hash: da2f706e7974a2021bad9ffdb380539c5442a57272a58128905f842303d595e8
Instruction Fuzzy Hash: 91715671E00228DBDF28CF99C854BADBBB1FF44305F15806AD816BB281C778A992DF54

Function 004067B7 Relevance: 5.2, APIs: 4, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: feb90363471a84b63e8ff2d487282df12a040b782cd1455c92e9c1b62a64594c
Instruction ID: ff328c296e0f6909f1720754cbeef76fe0f6b635d5236ea2459b9db161edb35a
Opcode Fuzzy Hash: feb90363471a84b63e8ff2d487282df12a040b782cd1455c92e9c1b62a64594c
Instruction Fuzzy Hash: 9F715771E00228DBEF28CF99C8547ADBBB1FF44305F15806AD856BB281C778AA56DF44

Function 00401B23 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

GlobalFree.KERNEL32(00000000), ref: 00401B92
GlobalAlloc.KERNELBASE(00000040,00000404), ref: 00401BA4

Strings

Unload, xrefs: 00401B4A, 00401B50, 00401B6A

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$AllocFree
String ID: Unload
API String ID: 3394109436-3485584074
Opcode ID: e399831f0e3fa479c3f1d597d8c7a9ff042ad6de9ca8b0ab648728fd0c19038e
Instruction ID: 8914cc546067fb2218506ab0a45b487fade366f1819f5f896660ca3c51a18d5e
Opcode Fuzzy Hash: e399831f0e3fa479c3f1d597d8c7a9ff042ad6de9ca8b0ab648728fd0c19038e
Instruction Fuzzy Hash: FF219377604200ABD710BBA4CE84E5F73E5EB48314728853BF201B32D1D77CA9128B6E

Function 00401E44 Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 0040507C: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000,?), ref: 004050B5
Part of subcall function 0040507C: lstrlenA.KERNEL32(00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000), ref: 004050C5
Part of subcall function 0040507C: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00402C8E,00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00000000,00000000,00000000), ref: 004050D8
Part of subcall function 0040507C: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\), ref: 004050EA
Part of subcall function 0040507C: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405110
Part of subcall function 0040507C: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040512A
Part of subcall function 0040507C: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405138

Part of subcall function 004055F4: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00421538,Error launching installer), ref: 0040561D
Part of subcall function 004055F4: CloseHandle.KERNEL32(?), ref: 0040562A

WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E7E
GetExitCodeProcess.KERNEL32(?,?), ref: 00401E8E
CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EB3

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
String ID:
API String ID: 3521207402-0
Opcode ID: 096e88279cee13df4d4a1d55db3feec4ed85e326209c06b1e7a9aeb0364fe118
Instruction ID: 8164f88ac99e46b686dec60b6f66323921365fc284b2c72d55c18730983d64c3
Opcode Fuzzy Hash: 096e88279cee13df4d4a1d55db3feec4ed85e326209c06b1e7a9aeb0364fe118
Instruction Fuzzy Hash: 97015731904114EBDF11AFA1C98899F7BB2EF00344F20817BF601B52E1C7789A419B9A

Function 00405D4A Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(80000002,00405F8F,00000000,00000002,?,00000002,?,?,00405F8F,80000002,Software\Microsoft\Windows\CurrentVersion,?,Remove folder: ,?), ref: 00405D73
RegQueryValueExA.KERNELBASE(?,?,00000000,00405F8F,?,00405F8F), ref: 00405D94
RegCloseKey.KERNELBASE(?), ref: 00405DB5

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: 0c8888e50600bbfc423f29d3e13c34afc4b2d72f1a725d9a4029968a390a76be
Instruction ID: 75195c41eba113777763a56ee97b1b5287ad365fc5d4740e3ebf2a0583ed9f98
Opcode Fuzzy Hash: 0c8888e50600bbfc423f29d3e13c34afc4b2d72f1a725d9a4029968a390a76be
Instruction Fuzzy Hash: F9015A7254020AEFDB128F64EC48EEB3FACEF18354F008036F904E6260D235D964CBA5

Function 00402482 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B6C

RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 004024B0
RegEnumValueA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 004024C3
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nso2EC8.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024D8

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Enum$CloseOpenValue
String ID:
API String ID: 167947723-0
Opcode ID: 9b6b2053d41d608b4661420b3f0170335d3b6d035f374947ed14c69bbc303781
Instruction ID: e09e8e067f2b8771eb66943483239aed03eb61d96520190a1401bf15a77a7747
Opcode Fuzzy Hash: 9b6b2053d41d608b4661420b3f0170335d3b6d035f374947ed14c69bbc303781
Instruction Fuzzy Hash: BAF0AD72A04200BFEB11AF659E88EBB7A6DEB80344B10443AF505A61C0D6B84A459A7A

Function 004056BD Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00405AB1: GetFileAttributesA.KERNELBASE(?,?,004056C9,?,?,00000000,004058AC,?,?,?,?), ref: 00405AB6
Part of subcall function 00405AB1: SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405ACA

RemoveDirectoryA.KERNELBASE(?,?,?,00000000,004058AC), ref: 004056D8
DeleteFileA.KERNELBASE(?,?,?,00000000,004058AC), ref: 004056E0
SetFileAttributesA.KERNEL32(?,00000000), ref: 004056F8

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$Attributes$DeleteDirectoryRemove
String ID:
API String ID: 1655745494-0
Opcode ID: ecb533084f054dec527d8ee4002c22eb7271b0964ed621fa894de998c2c2fbf7
Instruction ID: 7218464210d320bbb7aaa7b2b3498e6226de7d0fc9260b199a665c24177db626
Opcode Fuzzy Hash: ecb533084f054dec527d8ee4002c22eb7271b0964ed621fa894de998c2c2fbf7
Instruction Fuzzy Hash: 4FE0E53150EA9157C2105731990C75F6AD8DF86324F840E36F955B21D0D7B94C068EAE

Function 00405B4E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(00409130,00000000,00000000,00000000,00000000,004128D8,ntIndirectA,004031E0,00409130,00409130,004030E4,004128D8,00004000,?,00000000,00402F8E), ref: 00405B62

Strings

ntIndirectA, xrefs: 00405B4E

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileRead
String ID: ntIndirectA
API String ID: 2738559852-4263908498
Opcode ID: ffd4dfc917ffc97e7d907f9c2c90699c203f3b0ebfd4578ed28d6b2a376640fe
Instruction ID: c996f9a7b3ae33303237a126fc5a394e9691c2321a0fe14ef9137570749964f2
Opcode Fuzzy Hash: ffd4dfc917ffc97e7d907f9c2c90699c203f3b0ebfd4578ed28d6b2a376640fe
Instruction Fuzzy Hash: EAE08C3221465EABCF109E509C00EEB3B6CEB00360F008432FD24E2090D230F8209BA4

Function 00405B7D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(00409130,00000000,00000000,00000000,00000000,004110A2,ntIndirectA,00403164,ntIndirectA,004110A2,004128D8,00004000,?,00000000,00402F8E,00000004), ref: 00405B91

Strings

ntIndirectA, xrefs: 00405B7D

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileWrite
String ID: ntIndirectA
API String ID: 3934441357-4263908498
Opcode ID: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
Instruction ID: 30ff8eedcc03066b87caa2a29a7ef1e7350fb4aaf77a02d24525aee886acae2a
Opcode Fuzzy Hash: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
Instruction Fuzzy Hash: 19E0EC3261425AEFEF609E659C00AEB7B7CFB05360F008432F925E6190D635F9219BA5

Function 00404021 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(00000408,?,00000000,00403C83), ref: 0040403F

Strings

x, xrefs: 00404021

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID: x
API String ID: 3850602802-2363233923
Opcode ID: 01a42080197fb70bdc28edac5c8f77fd933b8c2e686d6f65bd8f64b98ce643d0
Instruction ID: e66eee248cdc2a18cc11abd9e4a5391a524e621acea18c4bd3a5f5cb3f75e97e
Opcode Fuzzy Hash: 01a42080197fb70bdc28edac5c8f77fd933b8c2e686d6f65bd8f64b98ce643d0
Instruction Fuzzy Hash: 7FC012B2688200BADA228F00DE04B06BA70F7A4712F21E039F340200B0C6B11422EB1D

Function 00402F5C Relevance: 3.1, APIs: 2, Instructions: 88COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00409130,00000000,00000000,00000000,00000000,?,?,00402F08,000000FF,00000000,00000000,00409130,?), ref: 00402F81

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 8c57b14bdf40f7105c74bae8d452b265e45147b7f70890cc1e3494848afe6b88
Instruction ID: 983d4f283b3a49842741e08d62faa859851885946f81c7e75766fedec90a3088
Opcode Fuzzy Hash: 8c57b14bdf40f7105c74bae8d452b265e45147b7f70890cc1e3494848afe6b88
Instruction Fuzzy Hash: 32319F70202219EFDF20EF56DD44A9B7BACEB00755F20803AF904E61D0D279DE40DBA9

Function 00402410 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B6C

RegQueryValueExA.ADVAPI32(00000000,00000000,?,?,?,?), ref: 00402440
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nso2EC8.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024D8

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: 8647bc16be9bbeeb019502bd2fcd7cece1f0f24b9204c75c98ec28f9745f9c71
Instruction ID: ea61b96732c3ecdd8e38099917432d45b641eb3d8d4d3075f09eb17731070f47
Opcode Fuzzy Hash: 8647bc16be9bbeeb019502bd2fcd7cece1f0f24b9204c75c98ec28f9745f9c71
Instruction Fuzzy Hash: 7111A771905205FFDF14DF64C6889AEBBB4EF11349F20847FE141B62C0D2B84A45DB5A

Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
SendMessageA.USER32(?,00000402,00000000), ref: 004013F4

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 6f3fd260d9a20665192313664cef065be83871c58b0681ff97f62226ed226405
Instruction ID: 8ec6bfb8ef4f3ff43576048fe9568e939b5e998f238dec90285f5c94a9fc96e2
Opcode Fuzzy Hash: 6f3fd260d9a20665192313664cef065be83871c58b0681ff97f62226ed226405
Instruction Fuzzy Hash: 2201F431B24210ABE7294B389E04B6A36A8F710314F11823BF911F66F1D7B8DC029B4D

Function 0040514E Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 0040515E

Part of subcall function 00404094: SendMessageA.USER32(00030492,00000000,00000000,00000000), ref: 004040A6

OleUninitialize.OLE32(00000404,00000000), ref: 004051AA

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: InitializeMessageSendUninitialize
String ID:
API String ID: 2896919175-0
Opcode ID: a1e759c3ba7025077e10085eb26d18bfe45318352d138b018d477bc6a8fcf70b
Instruction ID: 484cf87bc9531c098fcd3877696a47d73f7080a50005c66256059c60e8f5965f
Opcode Fuzzy Hash: a1e759c3ba7025077e10085eb26d18bfe45318352d138b018d477bc6a8fcf70b
Instruction Fuzzy Hash: FAF0F0F6A04201BAEA611B549804B1A72B0DBC4702F80813AFF04B62A1923D58428A1D

Function 004061FC Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,?,00403295,00000009), ref: 0040620E
GetProcAddress.KERNEL32(00000000,?), ref: 00406229

Part of subcall function 0040618E: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004061A5
Part of subcall function 0040618E: wsprintfA.USER32 ref: 004061DE
Part of subcall function 0040618E: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004061F2

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
String ID:
API String ID: 2547128583-0
Opcode ID: 3d400e748f947671e30b9badb510484ff95b6787d133025eb2c4a7967b05848e
Instruction ID: 835994d0d4e2d07c36af23a3dc0c9bac066575a7a99d708227b603b56203bf9f
Opcode Fuzzy Hash: 3d400e748f947671e30b9badb510484ff95b6787d133025eb2c4a7967b05848e
Instruction Fuzzy Hash: 7EE08632A04111BAD650B6745D0496B73AC9B84740302487EF906F2185E7389C3196AA

Function 004028AA Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000000B,?), ref: 004028B9
InvalidateRect.USER32(?), ref: 004028C9

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: InvalidateMessageRectSend
String ID:
API String ID: 909852535-0
Opcode ID: f8d640f638215f684f8bef156a1547753623a32cca0ba4feaeb8583e2f69fb7b
Instruction ID: 143b884ce909387e75bd8afaaa59538452cf303d623844c729b950a3ba13a344
Opcode Fuzzy Hash: f8d640f638215f684f8bef156a1547753623a32cca0ba4feaeb8583e2f69fb7b
Instruction Fuzzy Hash: A8E08CB2B10008FFEB11DF94ED849AEBBB9EB40319F10403AF202B00A0D3341D41DA38

Function 0040374E Relevance: 3.0, APIs: 2, Instructions: 19COMMON

Download Yara Rule

APIs

FreeLibrary.KERNELBASE(?,74DF3410,00000000,74DF2EE0,00403725,C:\Users\user\AppData\Local\Temp\,00403528,?), ref: 00403768
GlobalFree.KERNEL32(00000000), ref: 0040376F

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Free$GlobalLibrary
String ID:
API String ID: 1100898210-0
Opcode ID: e3dda661aee8dd5407b6d454dedd461a768af1d3b2e32b7100c159d0cb86a48a
Instruction ID: 4d546273b2e2ac293021758f575ee9690d45bf8ac48a1713c9e78277a1952258
Opcode Fuzzy Hash: e3dda661aee8dd5407b6d454dedd461a768af1d3b2e32b7100c159d0cb86a48a
Instruction Fuzzy Hash: 14E08C7280103057D6212F25EE04B5AB6686B48B22F05406AEC417B2A087742C424AC9

Function 00405AD6 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000003,00402CF9,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe,80000000,00000003), ref: 00405ADA
CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405AFC

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 4a69860c6089f1fb7fd455c1891d9cc54c05e48a968a67635bcc5e625bd0c43f
Instruction ID: 2e597581bf20324382b204af2e2b9293bc3b27f4d9e8cb915424ec39c2be7a6e
Opcode Fuzzy Hash: 4a69860c6089f1fb7fd455c1891d9cc54c05e48a968a67635bcc5e625bd0c43f
Instruction Fuzzy Hash: A7D09E31658201EFFF098F20DD16F2EBBA2EB84B00F10962CBA92941E0D6755815DB26

Function 00405AB1 Relevance: 3.0, APIs: 2, Instructions: 13COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(?,?,004056C9,?,?,00000000,004058AC,?,?,?,?), ref: 00405AB6
SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405ACA

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 123b2631ce2b274a689f6f42d71c67174a47df8962c272e460887a4e83ced065
Instruction ID: a7f0a3a241a8181cef173a1dc0fd71ceb180899bf82cabeb0f5c2b47daa9e471
Opcode Fuzzy Hash: 123b2631ce2b274a689f6f42d71c67174a47df8962c272e460887a4e83ced065
Instruction Fuzzy Hash: 0AD0C972908121AFC2102728AD0C89BBB65EB54271B118B31FDAAA22B0D7304C528AA5

Function 004055BF Relevance: 3.0, APIs: 2, Instructions: 9COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNELBASE(?,00000000,0040321E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040341B), ref: 004055C5
GetLastError.KERNEL32 ref: 004055D3

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
Instruction ID: ee333ff4e59061917a1f290c3015eab559b7a368ac9c9957fcbd809aee07952f
Opcode Fuzzy Hash: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
Instruction Fuzzy Hash: 04C08C31618102EBDB200B30CE08B073E61AB00381F208831A006F10E4CA349000C93F

Function 00402B44 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B6C

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: ed1d997f1767e4ebe1524a955060e6e59f62574de8c72c2eb948d7caa6f8d669
Instruction ID: 806e3b40af95552ac91145e5354a2e2caa18036cb762c00ee55acc3717e10e35
Opcode Fuzzy Hash: ed1d997f1767e4ebe1524a955060e6e59f62574de8c72c2eb948d7caa6f8d669
Instruction Fuzzy Hash: D3E04FB6240108AFDB00EFA4DD46FA537ECE714701F008021B608D6091C674E5108B69

Function 00404048 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

SetDlgItemTextA.USER32(?,?,00000000), ref: 00404062

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ItemText
String ID:
API String ID: 3367045223-0
Opcode ID: 57704bdb4396f032d3f5e68225151eafdca643c84b282080e1a943230575ebd6
Instruction ID: e527cde694e4746e823f20d7cbf8bde5da20a15a663149da90d8392309f3eb92
Opcode Fuzzy Hash: 57704bdb4396f032d3f5e68225151eafdca643c84b282080e1a943230575ebd6
Instruction Fuzzy Hash: 88C04C75148640BFD741A755CC42F1FB799EF94315F40C92EB59CA11D1CA3686209E26

Function 00404094 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(00030492,00000000,00000000,00000000), ref: 004040A6

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 50a7dacb6371fe0cd67611078dbaf3ccf85a23f01bbb2752a0812b92d5b89748
Instruction ID: add50700843ac817ab7d6e51381e723622021bba1cfe7f2961aa6f321ae6f442
Opcode Fuzzy Hash: 50a7dacb6371fe0cd67611078dbaf3ccf85a23f01bbb2752a0812b92d5b89748
Instruction Fuzzy Hash: 1CC04C71744201BAEA319B509D49F0777986750700F6644257320B60D1C6B4E410E62D

Function 0040407D Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(00000028,?,00000001,00403EAE), ref: 0040408B

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 3d364c0f7cae05b6249e8bcc12743ca4c2e9a63f4273028bf1a1c1708aea3851
Instruction ID: a78b9239c319e9cb66b61a8ea9955aebbc10e43728856a3b978814f56e37e297
Opcode Fuzzy Hash: 3d364c0f7cae05b6249e8bcc12743ca4c2e9a63f4273028bf1a1c1708aea3851
Instruction Fuzzy Hash: 19B092B6684200BAEE228B00DD09F457AB2E7A8742F008024B200240B0CAB200A1DB19

Function 004031E3 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EE1,?), ref: 004031F1

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D

Function 0040406A Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,00403E47), ref: 00404074

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 14a97dc87043aa2e894c667cdbf79e2d841fd90f9686f850a1099e45bc3f86c8
Instruction ID: 4b90da896e4fa09681504a9dabf2ba00c57f91177066947fb67d52e8ca440c18
Opcode Fuzzy Hash: 14a97dc87043aa2e894c667cdbf79e2d841fd90f9686f850a1099e45bc3f86c8
Instruction Fuzzy Hash: FCA012324040009BCB014B90FE04C457F31A754300701C031E10180030C2310824FF09

Non-executed Functions

Function 004049F9 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003F9), ref: 00404A11
GetDlgItem.USER32(?,00000408), ref: 00404A1C
GlobalAlloc.KERNEL32(00000040,?), ref: 00404A66
LoadBitmapA.USER32(0000006E), ref: 00404A79
SetWindowLongA.USER32(?,000000FC,00404FF0), ref: 00404A92
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404AA6
ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404AB8
SendMessageA.USER32(?,00001109,00000002), ref: 00404ACE
SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404ADA
SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404AEC
DeleteObject.GDI32(00000000), ref: 00404AEF
SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404B1A
SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404B26
SendMessageA.USER32(?,00001100,00000000,?), ref: 00404BBB
SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404BE6
SendMessageA.USER32(?,00001100,00000000,?), ref: 00404BFA
GetWindowLongA.USER32(?,000000F0), ref: 00404C29
SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404C37
ShowWindow.USER32(?,00000005), ref: 00404C48
SendMessageA.USER32(?,00000419,00000000,?), ref: 00404D45
SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404DAA
SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404DBF
SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404DE3
SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404E03
ImageList_Destroy.COMCTL32(00000000), ref: 00404E18
GlobalFree.KERNEL32(00000000), ref: 00404E28
SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404EA1
SendMessageA.USER32(?,00001102,?,?), ref: 00404F4A
SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404F59
InvalidateRect.USER32(?,00000000,00000001), ref: 00404F79
ShowWindow.USER32(?,00000000), ref: 00404FC7
GetDlgItem.USER32(?,000003FE), ref: 00404FD2
ShowWindow.USER32(00000000), ref: 00404FD9

Strings

M, xrefs: 00404BA2
, xrefs: 00404FB1
N, xrefs: 00404C83

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $M$N
API String ID: 1638840714-813528018
Opcode ID: f71c4aa5fa736d427a4380ee5912dc7cb3dc5a811f5ff7b07bbbad78877c99f0
Instruction ID: 3cd80f6d66a0a8d02be1144e931921fec7cdafd03fadcad4e17be0217faf115b
Opcode Fuzzy Hash: f71c4aa5fa736d427a4380ee5912dc7cb3dc5a811f5ff7b07bbbad78877c99f0
Instruction Fuzzy Hash: 9D026EB0900209AFEB10DF94DD85AAE7BB5FB84315F10813AF611B62E1C7789E42DF58

Function 00404486 Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 274stringCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003FB), ref: 004044D5
SetWindowTextA.USER32(00000000,?), ref: 004044FF
SHBrowseForFolderA.SHELL32(?,0041F108,?), ref: 004045B0
CoTaskMemFree.OLE32(00000000), ref: 004045BB
lstrcmpiA.KERNEL32(Remove folder: ,Driver Support Setup ), ref: 004045ED
lstrcatA.KERNEL32(?,Remove folder: ), ref: 004045F9
SetDlgItemTextA.USER32(?,000003FB,?), ref: 0040460B

Part of subcall function 0040563D: GetDlgItemTextA.USER32(?,?,00000400,00404642), ref: 00405650

Part of subcall function 004060CE: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe",74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,00403206,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040341B), ref: 00406126
Part of subcall function 004060CE: CharNextA.USER32(?,?,?,00000000), ref: 00406133
Part of subcall function 004060CE: CharNextA.USER32(?,"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe",74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,00403206,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040341B), ref: 00406138
Part of subcall function 004060CE: CharPrevA.USER32(?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,00403206,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040341B), ref: 00406148

GetDiskFreeSpaceA.KERNEL32(0041ED00,?,?,0000040F,?,0041ED00,0041ED00,?,00000001,0041ED00,?,?,000003FB,?), ref: 004046C9
MulDiv.KERNEL32(?,0000040F,00000400), ref: 004046E4

Part of subcall function 0040483D: lstrlenA.KERNEL32(Driver Support Setup ,Driver Support Setup ,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404758,000000DF,00000000,00000400,?), ref: 004048DB
Part of subcall function 0040483D: wsprintfA.USER32 ref: 004048E3
Part of subcall function 0040483D: SetDlgItemTextA.USER32(?,Driver Support Setup ), ref: 004048F6

Strings

A, xrefs: 004045A9
C:\Program Files (x86)\Driver Support, xrefs: 004045D6
Driver Support Setup , xrefs: 00404583, 004045E6
Remove folder: , xrefs: 004045E7, 004045EC, 004045F7
success, xrefs: 0040449F

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
String ID: A$C:\Program Files (x86)\Driver Support$Driver Support Setup $Remove folder: $success
API String ID: 2624150263-2050491888
Opcode ID: 270dc7a5b9dcdb78d87257eb559ab6150f0e039b037db56f317b36bf3157eca3
Instruction ID: 175f10717e4f371f028a94a7e43d857af948bb7b3e906aba32508f1788989df3
Opcode Fuzzy Hash: 270dc7a5b9dcdb78d87257eb559ab6150f0e039b037db56f317b36bf3157eca3
Instruction Fuzzy Hash: 27A18FF1900209ABDB11AFA5CC45AAFB7B8EF85314F14843BF601B72D1D77C9A418B69

Function 0040205E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(00407408,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020DD
MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402189

Strings

C:\Program Files (x86)\Driver Support, xrefs: 0040211D

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID: C:\Program Files (x86)\Driver Support
API String ID: 123533781-3313422455
Opcode ID: 814b7ea8dca6599385978487c0f202a2bde9097081401cb59e3c034f0ab4e669
Instruction ID: 56974f308a9a67f015f648966d3a58154011754483a046e15126684feee28a9b
Opcode Fuzzy Hash: 814b7ea8dca6599385978487c0f202a2bde9097081401cb59e3c034f0ab4e669
Instruction Fuzzy Hash: 255138B5A00208BFCF10DFA4C988A9D7BB5FF48318F20856AF515EB2D1DB799941CB54

Function 00402688 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402697

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: a658cef3a5151b2b290093738bd42b6efc4bc145775ef21b79a10a3d683c1761
Instruction ID: 89e5e1f79722e37631beb13baf5993bff89a91e8d172cde9574b2276e59dc765
Opcode Fuzzy Hash: a658cef3a5151b2b290093738bd42b6efc4bc145775ef21b79a10a3d683c1761
Instruction Fuzzy Hash: CCF02072608100AFE700EBB48948AEEB778DF20324F60057BE240A20C1C7B84A849A3A

Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32(?,?), ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010CF
FillRect.USER32(00000000,?,00000000), ref: 004010E4
DeleteObject.GDI32(?), ref: 004010ED
CreateFontIndirectA.GDI32(?), ref: 00401105
SetBkMode.GDI32(00000000,00000001), ref: 00401126
SetTextColor.GDI32(00000000,000000FF), ref: 00401130
SelectObject.GDI32(00000000,?), ref: 00401140
DrawTextA.USER32(00000000,00422F20,000000FF,00000010,00000820), ref: 00401156
SelectObject.GDI32(00000000,00000000), ref: 00401160
DeleteObject.GDI32(?), ref: 00401165
EndPaint.USER32(?,?), ref: 0040116E

Strings

F, xrefs: 0040100C

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F
API String ID: 941294808-1304234792
Opcode ID: 7c104425433eee9aa72c8594e5c9845c7e8c7dbb4814f5ad4226ea4ba1dd0cf1
Instruction ID: f6076547c65416f673289c9e9aa760257b54fe90aa12de16c0a46004740ece36
Opcode Fuzzy Hash: 7c104425433eee9aa72c8594e5c9845c7e8c7dbb4814f5ad4226ea4ba1dd0cf1
Instruction Fuzzy Hash: C2419B71804249AFCF058FA4CD459AFBBB9FF45310F00812AF961AA1A0C738EA50DFA5

Function 00405BAC Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON

Download Yara Rule

APIs

lstrcpyA.KERNEL32(00421AC0,NUL,?,00000000,?,00000000,00405D3F,?,?), ref: 00405BBB
CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,00405D3F,?,?), ref: 00405BDF
GetShortPathNameA.KERNEL32(?,00421AC0,00000400), ref: 00405BE8

Part of subcall function 00405A3B: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405C98,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A4B
Part of subcall function 00405A3B: lstrlenA.KERNEL32(00000000,?,00000000,00405C98,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A7D

GetShortPathNameA.KERNEL32(00421EC0,00421EC0,00000400), ref: 00405C05
wsprintfA.USER32 ref: 00405C23
GetFileSize.KERNEL32(00000000,00000000,00421EC0,C0000000,00000004,00421EC0,?,?,?,?,?), ref: 00405C5E
GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405C6D
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CA5
SetFilePointer.KERNEL32(004093C8,00000000,00000000,00000000,00000000,004216C0,00000000,-0000000A,004093C8,00000000,[Rename],00000000,00000000,00000000), ref: 00405CFB
GlobalFree.KERNEL32(00000000), ref: 00405D0C
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405D13

Part of subcall function 00405AD6: GetFileAttributesA.KERNELBASE(00000003,00402CF9,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe,80000000,00000003), ref: 00405ADA
Part of subcall function 00405AD6: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405AFC

Strings

[Rename], xrefs: 00405C8D, 00405C9F
NUL, xrefs: 00405BB5
%s=%s, xrefs: 00405C19

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
String ID: %s=%s$NUL$[Rename]
API String ID: 222337774-4148678300
Opcode ID: a46b9d6580a3feb71cbc62b4ca4efb435ce567c772be2d28daa4a6798e528a0f
Instruction ID: f02436ff356463cbad731f06bd7f36315381bbfe77d8bed81a3cf794d1fe08c5
Opcode Fuzzy Hash: a46b9d6580a3feb71cbc62b4ca4efb435ce567c772be2d28daa4a6798e528a0f
Instruction Fuzzy Hash: 2231C274604B597BD2207B615D49F6B3A9CEF45758F24013BF905B22D2DA78AC008EBD

Function 004060CE Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON

Download Yara Rule

APIs

CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe",74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,00403206,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040341B), ref: 00406126
CharNextA.USER32(?,?,?,00000000), ref: 00406133
CharNextA.USER32(?,"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe",74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,00403206,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040341B), ref: 00406138
CharPrevA.USER32(?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,00403206,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040341B), ref: 00406148

Strings

"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe", xrefs: 0040610A
C:\Users\user\AppData\Local\Temp\, xrefs: 004060CF
*?|<>/":, xrefs: 00406116

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Char$Next$Prev
String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
API String ID: 589700163-3287277070
Opcode ID: 2fcb21d4fe3ff3b998ebc2bd8af41eb25bf4dc23d8027269f2ae341fb2b2b84f
Instruction ID: f4547238e9b15f098583f6e7a29ad5d1a016b5704a22f35d65a3ab7f018ae362
Opcode Fuzzy Hash: 2fcb21d4fe3ff3b998ebc2bd8af41eb25bf4dc23d8027269f2ae341fb2b2b84f
Instruction Fuzzy Hash: EF1104A18043A22DFB3246284C44B77AF884F5A764F19407BE4C6763C3CA7C9C52866D

Function 004040AF Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

GetWindowLongA.USER32(?,000000EB), ref: 004040CC
GetSysColor.USER32(00000000), ref: 004040E8
SetTextColor.GDI32(?,00000000), ref: 004040F4
SetBkMode.GDI32(?,?), ref: 00404100
GetSysColor.USER32(?), ref: 00404113
SetBkColor.GDI32(?,?), ref: 00404123
DeleteObject.GDI32(?), ref: 0040413D
CreateBrushIndirect.GDI32(?), ref: 00404147

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
Instruction ID: b9626d203e07c142b7df78836af29c525e1d4ad6db78ea87979aa0b8fd7aa94c
Opcode Fuzzy Hash: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
Instruction Fuzzy Hash: 9C219671904704ABC7219F78DD48B4BBBF8AF41714F048529E996F63E0D734E944CB55

Function 00402C17 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,00000000), ref: 00402C2F
GetTickCount.KERNEL32 ref: 00402C4D
wsprintfA.USER32 ref: 00402C7B

Part of subcall function 0040507C: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000,?), ref: 004050B5
Part of subcall function 0040507C: lstrlenA.KERNEL32(00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000), ref: 004050C5
Part of subcall function 0040507C: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00402C8E,00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,00000000,00000000,00000000), ref: 004050D8
Part of subcall function 0040507C: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nso2EC8.tmp\), ref: 004050EA
Part of subcall function 0040507C: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405110
Part of subcall function 0040507C: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040512A
Part of subcall function 0040507C: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405138

CreateDialogParamA.USER32(0000006F,00000000,00402B7F,00000000), ref: 00402C9F
ShowWindow.USER32(00000000,00000005), ref: 00402CAD

Part of subcall function 00402BFB: MulDiv.KERNEL32(00040909,00000064,000430CF), ref: 00402C10

Strings

... %d%%, xrefs: 00402C75

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
String ID: ... %d%%
API String ID: 722711167-2449383134
Opcode ID: cd814f97995ab4d525a9326c00e86b88d6fec88510706dfa7be7368b8ebbbedc
Instruction ID: 50736a5f322e453d47399e53c3729a9749aec8e4ed59b6a4d84230157c1bc9e9
Opcode Fuzzy Hash: cd814f97995ab4d525a9326c00e86b88d6fec88510706dfa7be7368b8ebbbedc
Instruction Fuzzy Hash: 400161B090A624EBEB21AF64EF0DD9F7768EB04701B444177F405B11E4D6B89942C69E

Function 00404947 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404962
GetMessagePos.USER32 ref: 0040496A
ScreenToClient.USER32(?,?), ref: 00404984
SendMessageA.USER32(?,00001111,00000000,?), ref: 00404996
SendMessageA.USER32(?,0000110C,00000000,?), ref: 004049BC

Strings

f, xrefs: 00404998

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
Instruction ID: 9a5aaf7a7a2eb46524cfe6ed05727662581176125bc7a9594c14671d6fd5834d
Opcode Fuzzy Hash: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
Instruction Fuzzy Hash: D60152B1D00219BADB11DBA4DC45FFFBBBCAF55711F10416BBA10B61C0C7B869018BA5

Function 00401D38 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 00401D3B
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D48
MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D57
ReleaseDC.USER32(?,00000000), ref: 00401D68
CreateFontIndirectA.GDI32(0040A808), ref: 00401DB3

Strings

MS Shell Dlg, xrefs: 00401D99

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectRelease
String ID: MS Shell Dlg
API String ID: 3808545654-76309092
Opcode ID: d1d98ef4ca3702c11c3c6dceaa5369c7d293144b8b7f1186970544015a90a800
Instruction ID: 002072324c9ca14b61f47775792bd0911152047613ce7f91f46ea316c06ba8c0
Opcode Fuzzy Hash: d1d98ef4ca3702c11c3c6dceaa5369c7d293144b8b7f1186970544015a90a800
Instruction Fuzzy Hash: 22016232944340AFE7016770AE5EBAA3FA89795305F108479F641B62E2C67801568F6F

Function 00402B7F Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B9A
wsprintfA.USER32 ref: 00402BCE
SetWindowTextA.USER32(?,?), ref: 00402BDE
SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BF0

Strings

unpacking data: %d%%, xrefs: 00402BBC, 00402BCC
verifying installer: %d%%, xrefs: 00402BC3

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: unpacking data: %d%%$verifying installer: %d%%
API String ID: 1451636040-1158693248
Opcode ID: ef5ff3cba37bdb2e26199f17b8c5be3437539e0f0002abd4d10d443ac5288961
Instruction ID: 59ddb31903a36680b4224ad2704aa62d89b79b457576c75755388437ec856a92
Opcode Fuzzy Hash: ef5ff3cba37bdb2e26199f17b8c5be3437539e0f0002abd4d10d443ac5288961
Instruction Fuzzy Hash: D5F01D70900208AAEF205F60DD0ABAE3779FB04345F00803AFA16B51D0D7B9AA559B59

Function 004026C6 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040271A
GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402736
GlobalFree.KERNEL32(?), ref: 0040276F
GlobalFree.KERNEL32(00000000), ref: 00402782
CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040279A
DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004027AE

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Global$AllocFree$CloseDeleteFileHandle
String ID:
API String ID: 2667972263-0
Opcode ID: 0e36b26ee22d7501edd2ef33c0577b5ec76b9354ab5b86bc7660185fc0bff58a
Instruction ID: 485419aab899adaa45f09767fc84dfb68f9751acdadaf5e244b928a283e6c860
Opcode Fuzzy Hash: 0e36b26ee22d7501edd2ef33c0577b5ec76b9354ab5b86bc7660185fc0bff58a
Instruction Fuzzy Hash: 0A21AE71800128BBCF116FA5CE89DAE7A79EF08364F10423AF921762D0C7795D018F98

Function 0040483D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(Driver Support Setup ,Driver Support Setup ,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404758,000000DF,00000000,00000400,?), ref: 004048DB
wsprintfA.USER32 ref: 004048E3
SetDlgItemTextA.USER32(?,Driver Support Setup ), ref: 004048F6

Strings

Driver Support Setup , xrefs: 004048CD, 004048D2, 004048D8, 004048EC
%u.%u%s%s, xrefs: 004048C5

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s$Driver Support Setup
API String ID: 3540041739-2666543004
Opcode ID: 816a97f40fb741a7874f6231f68a2f52d84a672703b9ff014e4c8c1b7defe931
Instruction ID: c0766d521516c7b6303674c7dd8cea214f166acaf9b397f83c092fcb524d35e8
Opcode Fuzzy Hash: 816a97f40fb741a7874f6231f68a2f52d84a672703b9ff014e4c8c1b7defe931
Instruction Fuzzy Hash: 6A110A736041283BDB0076ADDC45EAF3288DB85374F254637FA65F21D1EA78CC1285E8

Function 00402A7A Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A9B
RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AD7
RegCloseKey.ADVAPI32(?), ref: 00402AE0
RegCloseKey.ADVAPI32(?), ref: 00402B05
RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B23

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Close$DeleteEnumOpen
String ID:
API String ID: 1912718029-0
Opcode ID: ba179b4ab06ec51544505c7bb4ef6d82f25395ff453b8f9fc11c3f7a3e81ed6a
Instruction ID: 2c69578fec59b839bbbb6554d628e5ed2d7180fb0bd31e8d2d7d3181fb534eb1
Opcode Fuzzy Hash: ba179b4ab06ec51544505c7bb4ef6d82f25395ff453b8f9fc11c3f7a3e81ed6a
Instruction Fuzzy Hash: 93113D71A00108BEDF229F90DE89DAA3B7DEB54349B504436F901F10A0D775AE51EB69

Function 00403AA8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON

Download Yara Rule

APIs

SetWindowTextA.USER32(00000000,00422F20), ref: 00403B40

Strings

"C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe", xrefs: 00403AA9
Driver Support Setup , xrefs: 00403AAB
1033, xrefs: 00403AAC, 00403AB6, 00403B27

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: TextWindow
String ID: "C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe"$1033$Driver Support Setup
API String ID: 530164218-344969561
Opcode ID: dc7de13f03dcb223900496a96d71cfcacf6227c358a972dc05920cca8a73c9bc
Instruction ID: 4ecc7a7cce5d2b157b8937249730f08b858357f8198c33761da0ca3de106299a
Opcode Fuzzy Hash: dc7de13f03dcb223900496a96d71cfcacf6227c358a972dc05920cca8a73c9bc
Instruction Fuzzy Hash: CE11C971B006119BC7309F55DC909737B7CEB8571A364817FD90167391D73DAD029A58

Function 004058D5 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403218,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040341B), ref: 004058DB
CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403218,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040341B), ref: 004058E4
lstrcatA.KERNEL32(?,00409014), ref: 004058F5

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 004058D5

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CharPrevlstrcatlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 2659869361-3081826266
Opcode ID: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
Instruction ID: 3de60a59262c475c5440d19c682801eda6224deee4fb27ea49e877a9fa99e37c
Opcode Fuzzy Hash: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
Instruction Fuzzy Hash: A6D0A972605A303AD20233198C05E8B3A08CF26351B040032F641B22A2CA7C0E418BFE

Function 0040596E Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

CharNextA.USER32(?,?,C:\,?,004059DA,C:\,C:\,74DF3410,?,74DF2EE0,00405725,?,74DF3410,74DF2EE0,00000000), ref: 0040597C
CharNextA.USER32(00000000), ref: 00405981
CharNextA.USER32(00000000), ref: 00405995

Strings

C:\, xrefs: 0040596F

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CharNext
String ID: C:\
API String ID: 3213498283-3404278061
Opcode ID: c01f0a1332e094523614662ca2a683f3687d2570a221d834ee5f6cec315170af
Instruction ID: 93fa8612b98c37d3538e1dab61372dab2b439c5e428625c22ffade58a408e5cb
Opcode Fuzzy Hash: c01f0a1332e094523614662ca2a683f3687d2570a221d834ee5f6cec315170af
Instruction Fuzzy Hash: D0F096D1909F60ABFB3292684C54B775B8DCB55771F18547BE540B62C2C27C48408FAA

Function 00404FF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 0040501F
CallWindowProcA.USER32(?,?,?,?), ref: 00405070

Part of subcall function 00404094: SendMessageA.USER32(00030492,00000000,00000000,00000000), ref: 004040A6

Strings

, xrefs: 00405000

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: 0b9e3fe4afe9fd5950d24fc38bd805c0ffc83546a9c92a8d1e346af401a4be56
Instruction ID: c10ccb832a2a3496aa312e1d90523b33251ee11bfabb6cbb9dcba6f20acc8f53
Opcode Fuzzy Hash: 0b9e3fe4afe9fd5950d24fc38bd805c0ffc83546a9c92a8d1e346af401a4be56
Instruction Fuzzy Hash: ED018471504609ABDF205F61EC80EAF3725EB84754F148037FB01751E2C77A8C929FAA

Function 0040591C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402D22,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe,80000000,00000003), ref: 00405922
CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402D22,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe,C:\Users\user\Desktop\SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe,80000000,00000003), ref: 00405930

Strings

C:\Users\user\Desktop, xrefs: 0040591C

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: CharPrevlstrlen
String ID: C:\Users\user\Desktop
API String ID: 2709904686-224404859
Opcode ID: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
Instruction ID: 8de3941b568bd0f8b26bcb964e879cd368c776abfab0e8ce3c3ebd0dc0734e68
Opcode Fuzzy Hash: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
Instruction Fuzzy Hash: 1CD0C7B2409D70AEE3036314DC04F9F6A48DF27715F094462E181E61A1C6BC5D814BED

Function 00405A3B Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405C98,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A4B
lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405A63
CharNextA.USER32(00000000,?,00000000,00405C98,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A74
lstrlenA.KERNEL32(00000000,?,00000000,00405C98,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A7D

Memory Dump Source

Source File: 00000000.00000002.1935471879.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.1935447957.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935596602.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000421000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935634660.0000000000429000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1935895936.000000000047E000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_SecuriteInfo.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: ca0b18bb87844b4bf03c2f7d3918b69422ab9094ff5260ece92dc9b1c2472986
Instruction ID: 761e0a114986e2dc795515ee57e72db75caae44d6787476300dd9688655b7936
Opcode Fuzzy Hash: ca0b18bb87844b4bf03c2f7d3918b69422ab9094ff5260ece92dc9b1c2472986
Instruction Fuzzy Hash: 2FF06232605518BFC7129FA5DC40D9EBBA8EF16350B2541B5F800F7250D674EE019FA9

Analysis Process: DriverSupport.exePID: 7720, Parent PID: 7424COMMON

Execution Graph

Execution Coverage:	26.5%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	1297
Total number of Limit Nodes:	35

Executed Functions

Function 0040322B Relevance: 93.1, APIs: 34, Strings: 19, Instructions: 357
stringcomfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE ref: 00403250
GetVersion.KERNEL32 ref: 00403256
lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040327F
#17.COMCTL32(00000007,00000009), ref: 004032A1
OleInitialize.OLE32(00000000), ref: 004032A8
SHGetFileInfoA.SHELL32(0041ECF0,00000000,?,00000160,00000000), ref: 004032C4
GetCommandLineA.KERNEL32(00422F20,NSIS Error), ref: 004032D9
GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:"",00000000), ref: 004032EC
CharNextA.USER32(00000000,"C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:"",00000020), ref: 00403317
GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 00403414
GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403425
lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403431
GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403445
lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 0040344D
SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 0040345E
SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 00403466
DeleteFileA.KERNELBASE(1033), ref: 0040347A

Part of subcall function 004061FC: GetModuleHandleA.KERNEL32(?,?,?,00403295,00000009), ref: 0040620E
Part of subcall function 004061FC: GetProcAddress.KERNEL32(00000000,?), ref: 00406229

ExitProcess.KERNEL32(?), ref: 00403523
OleUninitialize.OLE32(?), ref: 00403528
ExitProcess.KERNEL32 ref: 00403549
GetCurrentProcess.KERNEL32(00000028,?), ref: 00403666
OpenProcessToken.ADVAPI32(00000000), ref: 0040366D
LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403685
AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 004036A4
ExitWindowsEx.USER32(00000002,80040002), ref: 004036C8
ExitProcess.KERNEL32 ref: 004036EB

Part of subcall function 00405659: MessageBoxIndirectA.USER32(00409230), ref: 004056B4

Strings

~nsu, xrefs: 00403554
Error launching installer, xrefs: 004034E0
1033, xrefs: 00403475
C:\Users\user\AppData\Local\Temp\DriverSupport.exe, xrefs: 00403606
Error writing temporary file. Make sure your temp folder is valid., xrefs: 0040323F
TMP, xrefs: 00403461
Low, xrefs: 00403447
.tmp, xrefs: 00403570
C:\Users\user\AppData\Local\Temp\, xrefs: 00403409, 0040340E, 00403424, 00403430, 0040343F, 0040344C, 00403458, 00403460, 00403559, 0040356A, 00403575, 00403581, 0040358E, 0040359D, 0040364C
NSIS Error, xrefs: 004032CA
TEMP, xrefs: 00403459
C:\Program Files (x86)\Driver Support, xrefs: 00403505
\Temp, xrefs: 0040342B
SeShutdownPrivilege, xrefs: 0040367F
"C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:"", xrefs: 004032DF, 004032E5, 0040349E
", xrefs: 0040333C
C:\Program Files (x86)\Driver Support, xrefs: 004033F9, 004034FA, 004035A4, 004035AD
C:\Users\user\AppData\Local\Temp, xrefs: 0040357B, 00403580, 004035AC
UXTHEME, xrefs: 00403273, 00403278, 0040327E

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: Process$Exit$EnvironmentFileHandleModulePathTempTokenVariableWindowslstrcat$AddressAdjustCharCommandCurrentDeleteDirectoryErrorIndirectInfoInitializeLineLookupMessageModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrlen
String ID: "$"C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:""$.tmp$1033$C:\Program Files (x86)\Driver Support$C:\Program Files (x86)\Driver Support$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\DriverSupport.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
API String ID: 3329125770-3391887178
Opcode ID: 5e28d8b8d97ca94594f0498f32c0c003763ec4c232e88559ae5a69b57df92bfb
Instruction ID: 576d03f4a97a107fe364ed0b5bad1c5a822c5763e21245f1fe88aefb499f64b7
Opcode Fuzzy Hash: 5e28d8b8d97ca94594f0498f32c0c003763ec4c232e88559ae5a69b57df92bfb
Instruction Fuzzy Hash: 4DC106706082417AE7216F319D4DA2B3EA9EF85746F04457FF481B61E2CB7C9A01CB6E

Function 00405705 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 159
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DeleteFileA.KERNELBASE(?,?,74DF3410,74DF2EE0,00000000), ref: 0040572E
lstrcatA.KERNEL32(00420D38,\*.*,00420D38,?,?,74DF3410,74DF2EE0,00000000), ref: 00405776
lstrcatA.KERNEL32(?,00409014,?,00420D38,?,?,74DF3410,74DF2EE0,00000000), ref: 00405797
lstrlenA.KERNEL32(?,?,00409014,?,00420D38,?,?,74DF3410,74DF2EE0,00000000), ref: 0040579D
FindFirstFileA.KERNELBASE(00420D38,?,?,?,00409014,?,00420D38,?,?,74DF3410,74DF2EE0,00000000), ref: 004057AE
FindNextFileA.KERNELBASE(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 0040585B
FindClose.KERNEL32(00000000), ref: 0040586C

Strings

\*.*, xrefs: 00405770
8B, xrefs: 0040575E
"C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:"", xrefs: 00405705

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: "C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:""$8B$\*.*
API String ID: 2035342205-268609679
Opcode ID: 24cac4d93cf5da8dc2252ed7b5c7d46d1edb9b71d2bce9283bb7b2a387715e8a
Instruction ID: 0bcf9a9e67a33d50b3dc7b196bcae3add4761e648fc1c1af8ecd3a5bcda4d25e
Opcode Fuzzy Hash: 24cac4d93cf5da8dc2252ed7b5c7d46d1edb9b71d2bce9283bb7b2a387715e8a
Instruction Fuzzy Hash: 8F51A331800A08BADF217B658C89BAF7B78DF46754F14807BF851761D2C73C8991DEAA

Function 004064AE Relevance: 5.4, APIs: 4, Instructions: 382COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0a3870b215c6cb57f5be28c47361f52d581e4686ba2b9b0247380936f8f490c
Instruction ID: 4218cb5ebcdace98cdb1216374bea5ca06482cd82b52ee1cf8be947d1aeb6f3c
Opcode Fuzzy Hash: a0a3870b215c6cb57f5be28c47361f52d581e4686ba2b9b0247380936f8f490c
Instruction Fuzzy Hash: 29F17570D00269CBDF28CFA8C8946ADBBB1FF44305F25856ED856BB281D3785A96CF44

Function 00406167 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNELBASE(74DF3410,00421580,C:\,00405A06,C:\,C:\,00000000,C:\,C:\,74DF3410,?,74DF2EE0,00405725,?,74DF3410,74DF2EE0), ref: 00406172
FindClose.KERNELBASE(00000000), ref: 0040617E

Strings

C:\, xrefs: 00406167

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID: C:\
API String ID: 2295610775-3404278061
Opcode ID: f9303f41664d55177506eb3caad4b25aa18344ea0c32c7844788a1b00efad07c
Instruction ID: 121c98e09340d698ac486e65b2e2524f4cd38212b93dde10f2a633de382b9f18
Opcode Fuzzy Hash: f9303f41664d55177506eb3caad4b25aa18344ea0c32c7844788a1b00efad07c
Instruction Fuzzy Hash: 82D012319190207FC34117396C0C84B7A589F653317528B33F86AF52F0D3349CA286ED

Function 00402688 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNELBASE(00000000,?,00000002), ref: 00402697

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: a658cef3a5151b2b290093738bd42b6efc4bc145775ef21b79a10a3d683c1761
Instruction ID: 89e5e1f79722e37631beb13baf5993bff89a91e8d172cde9574b2276e59dc765
Opcode Fuzzy Hash: a658cef3a5151b2b290093738bd42b6efc4bc145775ef21b79a10a3d683c1761
Instruction Fuzzy Hash: CCF02072608100AFE700EBB48948AEEB778DF20324F60057BE240A20C1C7B84A849A3A

Function 004051BA Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282
windowclipboardmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetDlgItem.USER32(?,00000403), ref: 00405219
GetDlgItem.USER32(?,000003EE), ref: 00405228
GetClientRect.USER32(?,?), ref: 00405265
GetSystemMetrics.USER32(00000002), ref: 0040526C
SendMessageA.USER32(?,0000101B,00000000,?), ref: 0040528D
SendMessageA.USER32(?,00001036,00004000,00004000), ref: 0040529E
SendMessageA.USER32(?,00001001,00000000,?), ref: 004052B1
SendMessageA.USER32(?,00001026,00000000,?), ref: 004052BF
SendMessageA.USER32(?,00001024,00000000,?), ref: 004052D2
ShowWindow.USER32(00000000,?,0000001B,?), ref: 004052F4
ShowWindow.USER32(?,00000008), ref: 00405308
GetDlgItem.USER32(?,000003EC), ref: 00405329
SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405339
SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00405352
SendMessageA.USER32(00000000,00002001,00000000,?), ref: 0040535E
GetDlgItem.USER32(?,000003F8), ref: 00405237

Part of subcall function 0040407D: SendMessageA.USER32(00000028,?,00000001,00403EAE), ref: 0040408B

GetDlgItem.USER32(?,000003EC), ref: 0040537A
CreateThread.KERNELBASE(00000000,00000000,Function_0000514E,00000000), ref: 00405388
FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040538F
ShowWindow.USER32(00000000), ref: 004053B2
ShowWindow.USER32(?,00000008), ref: 004053B9
ShowWindow.USER32(00000008), ref: 004053FF
SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405433
CreatePopupMenu.USER32 ref: 00405444
AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405459
GetWindowRect.USER32(?,000000FF), ref: 00405479
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405492
SendMessageA.USER32(?,0000102D,00000000,?), ref: 004054CE
OpenClipboard.USER32(00000000), ref: 004054DE
EmptyClipboard.USER32 ref: 004054E4
GlobalAlloc.KERNEL32(00000042,?), ref: 004054ED
GlobalLock.KERNEL32(00000000), ref: 004054F7
SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040550B
GlobalUnlock.KERNEL32(00000000), ref: 00405524
SetClipboardData.USER32(00000001,00000000), ref: 0040552F
CloseClipboard.USER32 ref: 00405535

Strings

Driver Support Setup , xrefs: 004054AA

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
String ID: Driver Support Setup
API String ID: 4154960007-3250207643
Opcode ID: 19af18225f3d6a06406101e0b67d5efedd4b903bdf76c278e79e4a0bb0c8326d
Instruction ID: 22ae5336f142fb48a9cf727d400d9a9d64ef180589f118636d3b9fd0a83d5397
Opcode Fuzzy Hash: 19af18225f3d6a06406101e0b67d5efedd4b903bdf76c278e79e4a0bb0c8326d
Instruction Fuzzy Hash: 0FA147B1900208BFDB119FA0DD89EAE7BB9FB08355F00407AFA05B61A0C7B55E51DF69

Function 00403B75 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345
windowstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403BB1
ShowWindow.USER32(?), ref: 00403BCE
DestroyWindow.USER32 ref: 00403BE2
SetWindowLongA.USER32(?,00000000,00000000), ref: 00403BFE
GetDlgItem.USER32(?,?), ref: 00403C1F
SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403C33
IsWindowEnabled.USER32(00000000), ref: 00403C3A
GetDlgItem.USER32(?,00000001), ref: 00403CE8
GetDlgItem.USER32(?,00000002), ref: 00403CF2
SetClassLongA.USER32(?,000000F2,?), ref: 00403D0C
SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403D5D
GetDlgItem.USER32(?,00000003), ref: 00403E03
ShowWindow.USER32(00000000,?), ref: 00403E24
KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403E36
EnableWindow.USER32(?,?), ref: 00403E51
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403E67
EnableMenuItem.USER32(00000000), ref: 00403E6E
SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403E86
SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403E99
lstrlenA.KERNEL32(Driver Support Setup ,?,Driver Support Setup ,00422F20), ref: 00403EC2
SetWindowTextA.USER32(?,Driver Support Setup ), ref: 00403ED1
ShowWindow.USER32(?,0000000A), ref: 00404005

Strings

Driver Support Setup , xrefs: 00403EAE, 00403EB8, 00403EC1, 00403ECF

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
String ID: Driver Support Setup
API String ID: 3282139019-3250207643
Opcode ID: 5db2143f2917a894034b19fc2abb5fc3ef727a551cec3093833a2ac212f5d40f
Instruction ID: c8c4f9f6fa32ab432123c95edc0b9dc077676c0f3e6a7dc1ab02adf3a8b3c805
Opcode Fuzzy Hash: 5db2143f2917a894034b19fc2abb5fc3ef727a551cec3093833a2ac212f5d40f
Instruction Fuzzy Hash: 54C1D3B1A04205BBDB206F61ED89D2B3A78FB85306F51443EF611B11F1C779A942AB1E

Function 004037E3 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215
stringregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004061FC: GetModuleHandleA.KERNEL32(?,?,?,00403295,00000009), ref: 0040620E
Part of subcall function 004061FC: GetProcAddress.KERNEL32(00000000,?), ref: 00406229

lstrcatA.KERNEL32(1033,Driver Support Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Driver Support Setup ,00000000,00000002,74DF3410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:"",00000000), ref: 0040385E
lstrlenA.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files (x86)\Driver Support,1033,Driver Support Setup ,80000001,Control Panel\Desktop\ResourceLocale,00000000,Driver Support Setup ,00000000,00000002,74DF3410), ref: 004038D3
lstrcmpiA.KERNEL32(?,.exe), ref: 004038E6
GetFileAttributesA.KERNEL32(Remove folder: ), ref: 004038F1
LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Program Files (x86)\Driver Support), ref: 0040393A

Part of subcall function 00405DC1: wsprintfA.USER32 ref: 00405DCE

RegisterClassA.USER32(00422EC0), ref: 00403977
SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 0040398F
CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 004039C4
ShowWindow.USER32(00000005,00000000), ref: 004039FA
GetClassInfoA.USER32(00000000,RichEdit20A,00422EC0), ref: 00403A26
GetClassInfoA.USER32(00000000,RichEdit,00422EC0), ref: 00403A33
RegisterClassA.USER32(00422EC0), ref: 00403A3C
DialogBoxParamA.USER32(?,00000000,00403B75,00000000), ref: 00403A5B

Strings

Remove folder: , xrefs: 004038A1, 004038A9, 004038B6, 00403900, 00403906
_Nb, xrefs: 00403956, 004039BE
1033, xrefs: 00403803, 00403859
RichEd20, xrefs: 00403A00
.DEFAULT\Control Panel\International, xrefs: 00403849
C:\Users\user\AppData\Local\Temp\, xrefs: 004037E8
RichEdit20A, xrefs: 00403A1E, 00403A24
Driver Support Setup , xrefs: 0040380F, 00403815, 0040383A, 00403843, 00403858
Control Panel\Desktop\ResourceLocale, xrefs: 00403817
.exe, xrefs: 004038E0
"C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:"", xrefs: 004037E7
C:\Program Files (x86)\Driver Support, xrefs: 0040386D, 00403875, 0040390D, 00403913, 00403923
RichEdit, xrefs: 00403A2D
RichEd32, xrefs: 00403A0E

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
String ID: "C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:""$.DEFAULT\Control Panel\International$.exe$1033$C:\Program Files (x86)\Driver Support$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Driver Support Setup $Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
API String ID: 1975747703-3698515564
Opcode ID: f321f38865debe7e05a28eb2188726e223bb839ce9309e8ec04d516c2c1b8f5e
Instruction ID: 6c8974e4dfdcf182ca6d095a6101ff5518a0df20e425d3d5ae506d2571b44078
Opcode Fuzzy Hash: f321f38865debe7e05a28eb2188726e223bb839ce9309e8ec04d516c2c1b8f5e
Instruction Fuzzy Hash: 076191B17442007ED620AF659D45F2B3AACEB8475AF40447FF941B22E2C7BC9D029A7D

Function 00402CB6 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00402CCA
GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\DriverSupport.exe,00000400), ref: 00402CE6

Part of subcall function 00405AD6: GetFileAttributesA.KERNELBASE(00000003,00402CF9,C:\Users\user\AppData\Local\Temp\DriverSupport.exe,80000000,00000003), ref: 00405ADA
Part of subcall function 00405AD6: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405AFC

GetFileSize.KERNEL32(00000000,00000000,0042B000,00000000,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\DriverSupport.exe,C:\Users\user\AppData\Local\Temp\DriverSupport.exe,80000000,00000003), ref: 00402D2F
GlobalAlloc.KERNELBASE(00000040,00409130), ref: 00402E76

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00402CC0, 00402E8E
Error launching installer, xrefs: 00402D06
C:\Users\user\AppData\Local\Temp\DriverSupport.exe, xrefs: 00402CD0, 00402CDF, 00402CF3, 00402D10
Error writing temporary file. Make sure your temp folder is valid., xrefs: 00402EBF
Null, xrefs: 00402DAF
soft, xrefs: 00402DA6
Inst, xrefs: 00402D9D
"C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:"", xrefs: 00402CB6
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402F0D
C:\Users\user\AppData\Local\Temp, xrefs: 00402D11, 00402D16, 00402D1C

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
String ID: "C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:""$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\DriverSupport.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
API String ID: 2803837635-1581395272
Opcode ID: 2876f998b4df774fb1c5612d1fda4f3509dfd8569b4d56476e84d5951189c2aa
Instruction ID: 6560279c47655c84bfe4d90bfb6f1ef804bba6314c77a30d8371cd5976d9e3e8
Opcode Fuzzy Hash: 2876f998b4df774fb1c5612d1fda4f3509dfd8569b4d56476e84d5951189c2aa
Instruction Fuzzy Hash: C66103B1A40215ABDB20AF60DE89B9E77B8EB04354F51413BF501B72D1D7BC9E818B9C

Function 00405E85 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 199
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersion.KERNEL32(?,Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00000000,004050B4,Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00000000), ref: 00405F36
GetSystemDirectoryA.KERNEL32(Remove folder: ,00000400), ref: 00405FB1
GetWindowsDirectoryA.KERNEL32(Remove folder: ,00000400), ref: 00405FC4
SHGetSpecialFolderLocation.SHELL32(?,00000000), ref: 00406000
SHGetPathFromIDListA.SHELL32(00000000,Remove folder: ), ref: 0040600E
CoTaskMemFree.OLE32(00000000), ref: 00406019
lstrcatA.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040603B
lstrlenA.KERNEL32(Remove folder: ,?,Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00000000,004050B4,Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00000000), ref: 0040608D

Strings

Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\, xrefs: 00405EB4
Remove folder: , xrefs: 00405EAC, 00405F7E, 00405F9B, 00405FB0, 00405FC3, 00405FDF, 0040600A, 0040603A, 00406040, 00406058, 0040606B, 00406086, 0040608C, 00406097, 004060C1
\Microsoft\Internet Explorer\Quick Launch, xrefs: 00406035
Software\Microsoft\Windows\CurrentVersion, xrefs: 00405F80

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
API String ID: 900638850-1088145021
Opcode ID: d636f2ff673ad150710af49f9aba5b8caeaeebcde03bf82713dac66827127ef6
Instruction ID: a8b5a8e5c19b1295dd56f0f1fbd515d1e85c9865fba9c5a77ffde0f73355f29a
Opcode Fuzzy Hash: d636f2ff673ad150710af49f9aba5b8caeaeebcde03bf82713dac66827127ef6
Instruction Fuzzy Hash: DE6123B1A40502ABDF219F24CC84BBB3BB4DB45354F15813BE902B62D1D37D4952DB5E

Function 00401751 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcatA.KERNEL32(00000000,00000000,Call,C:\Program Files (x86)\Driver Support,00000000,00000000,00000031), ref: 00401790
CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Program Files (x86)\Driver Support,00000000,00000000,00000031), ref: 004017BA

Part of subcall function 00405E63: lstrcpynA.KERNEL32(?,?,00000400,004032D9,00422F20,NSIS Error), ref: 00405E70

Part of subcall function 0040507C: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000,?), ref: 004050B5
Part of subcall function 0040507C: lstrlenA.KERNEL32(00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000), ref: 004050C5
Part of subcall function 0040507C: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00402C8E,00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00000000,00000000,00000000), ref: 004050D8
Part of subcall function 0040507C: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\), ref: 004050EA
Part of subcall function 0040507C: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405110
Part of subcall function 0040507C: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040512A
Part of subcall function 0040507C: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405138

Strings

Call, xrefs: 0040176D, 00401783, 00401795, 004017A6, 004017DC, 004017F2, 00401810, 00401850, 004018D1, 004018DA, 004018E4, 004018EF
C:\Program Files (x86)\Driver Support, xrefs: 0040177E
C:\Users\user\AppData\Local\Temp\nsf71FB.tmp, xrefs: 0040179B, 0040180A, 00401828
C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\System.dll, xrefs: 0040181E, 0040183A

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID: C:\Program Files (x86)\Driver Support$C:\Users\user\AppData\Local\Temp\nsf71FB.tmp$C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\System.dll$Call
API String ID: 1941528284-3114846035
Opcode ID: 950f7607a7ee22e7dd6ae53e413cd0b949ef15d8dcc5b30fd2016d43ed9d8bbe
Instruction ID: 7023b4eef350b7a4ada653e1e4d9b110c77c4e6d7f727d83c91ff2b2eb458513
Opcode Fuzzy Hash: 950f7607a7ee22e7dd6ae53e413cd0b949ef15d8dcc5b30fd2016d43ed9d8bbe
Instruction Fuzzy Hash: 3941C472A00514BACF107BB5CC85EAF3668EF45369B20863BF121B21E1D67C4A41CBAD

Function 0040507C Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73
stringwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000,?), ref: 004050B5
lstrlenA.KERNEL32(00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000), ref: 004050C5
lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00402C8E,00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00000000,00000000,00000000), ref: 004050D8
SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\), ref: 004050EA
SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405110
SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040512A
SendMessageA.USER32(?,00001013,?,00000000), ref: 00405138

Strings

Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\, xrefs: 0040509C, 004050AE, 004050B4, 004050D7, 004050E3

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: MessageSend$lstrlen$TextWindowlstrcat
String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\
API String ID: 2531174081-4053739957
Opcode ID: 871ddc24a54fb64aeccd7c8069c75cad2e612add14608668d5a5d769126a8d66
Instruction ID: 0932fbc12a6b25bcac4b474ac1e4098b180b1803f9783341f4c7184ef00e87b2
Opcode Fuzzy Hash: 871ddc24a54fb64aeccd7c8069c75cad2e612add14608668d5a5d769126a8d66
Instruction Fuzzy Hash: 7E218C71E00508BADF119FA5CD84EDFBFA9EF04358F14807AF944A6291C7789A41CFA8

Function 00405542 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405585
GetLastError.KERNEL32 ref: 00405599
SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004055AE
GetLastError.KERNEL32 ref: 004055B8

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405568
ds@, xrefs: 00405577
ts@, xrefs: 00405548
C:\Users\user\AppData\Local\Temp, xrefs: 00405542

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: ErrorLast$CreateDirectoryFileSecurity
String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$ds@$ts@
API String ID: 3449924974-3456956737
Opcode ID: f10b22bb5142ab39e3e91bc7df170e02474760785f1b3b99a39c7e09e389b4b4
Instruction ID: 9e56051543debb7748005a245647f72f9f0c442d478d44b0b7514676580bb89d
Opcode Fuzzy Hash: f10b22bb5142ab39e3e91bc7df170e02474760785f1b3b99a39c7e09e389b4b4
Instruction Fuzzy Hash: 2701E571D14259EAEF119BA0CD487EFBBB9EB04354F008176E905B6280D378A604CBAA

Function 0040618E Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004061A5
wsprintfA.USER32 ref: 004061DE
LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004061F2

Strings

\, xrefs: 004061B6
%s%s.dll, xrefs: 004061D8
UXTHEME, xrefs: 00406197

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: DirectoryLibraryLoadSystemwsprintf
String ID: %s%s.dll$UXTHEME$\
API String ID: 2200240437-4240819195
Opcode ID: c7ba92785c192ffb77ecdfb90d0fa47c7b7783556fece6129122b9a6395f8fae
Instruction ID: 17d4186d305cf40b40e49104478d07e272734a7bb4b2e73e379b3f466295ecaf
Opcode Fuzzy Hash: c7ba92785c192ffb77ecdfb90d0fa47c7b7783556fece6129122b9a6395f8fae
Instruction Fuzzy Hash: D1F0FC3095410567DB159768DC0DFFF365CBB08304F140176A546E51D2D574E9288B69

Function 00402364 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71
registrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023A2
lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsf71FB.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004023C2
RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsf71FB.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023FB
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsf71FB.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024D8

Strings

C:\Users\user\AppData\Local\Temp\nsf71FB.tmp, xrefs: 004023B3, 004023C1, 004023D5, 004023E5, 004023F0

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: CloseCreateValuelstrlen
String ID: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp
API String ID: 1356686001-218192138
Opcode ID: fb028ea9a3c1377fa955fbec5e4f8c63137c8eb023b24ebe4bb089e106aefc17
Instruction ID: 5da3480c5977201a3ee5f00a5bba4dd76bcb837ef72d2191196963f4bf358416
Opcode Fuzzy Hash: fb028ea9a3c1377fa955fbec5e4f8c63137c8eb023b24ebe4bb089e106aefc17
Instruction Fuzzy Hash: C91175B1E00108BFEB10EFA4DE89EAF7A79EB54358F10403AF505B61D1D7B85D419B28

Function 00405B05 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00405B19
GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 00405B33

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 00405B08
nsa, xrefs: 00405B10
"C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:"", xrefs: 00405B05

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: "C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:""$C:\Users\user\AppData\Local\Temp\$nsa
API String ID: 1716503409-3685458731
Opcode ID: fefc0482c854070ed442c91c2c9b831f833a608d20a08577fe9f9df7fb59a314
Instruction ID: 324d89babc139fd35718223d4ac3f7893030d86c2087b7febc7e38ed5d635a65
Opcode Fuzzy Hash: fefc0482c854070ed442c91c2c9b831f833a608d20a08577fe9f9df7fb59a314
Instruction Fuzzy Hash: ABF082367486086BDB109F55EC08B9BBBADDF91750F10C03BFA089A1D0D6B1B9548B59

Function 00401CDE Relevance: 7.5, APIs: 5, Instructions: 39
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetDlgItem.USER32(?), ref: 00401CE2
GetClientRect.USER32(00000000,?), ref: 00401CEF
LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D10
SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
DeleteObject.GDI32(00000000), ref: 00401D2D

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 4b124ebf7538d090bfdb3da7142055cc4b6059543a11cd4ffa057e0c03021937
Instruction ID: 869b35d44be7719ac4f8667573c2d83536e062a508785c5670752e956bf1946f
Opcode Fuzzy Hash: 4b124ebf7538d090bfdb3da7142055cc4b6059543a11cd4ffa057e0c03021937
Instruction Fuzzy Hash: 1BF0ECB2A04114AFEB01ABE4DD88DAFB7BDEB54305B104476F602F6191C7749D018B79

Function 00401BCA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76
windowtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C42

Strings

!, xrefs: 00401BFE

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: MessageSend$Timeout
String ID: !
API String ID: 1777923405-2657877971
Opcode ID: ad1d7a036ab88fba9f9fdc6597bbebd1d15290bbc18337a07dfb235f94005d72
Instruction ID: c441286f21dc3666a3e0908ea9deaf0382d764bfe0b712af27a045ad0adee08b
Opcode Fuzzy Hash: ad1d7a036ab88fba9f9fdc6597bbebd1d15290bbc18337a07dfb235f94005d72
Instruction Fuzzy Hash: 1A216271A44108BFEF129FB0C94AAAE7B75DB44308F14807EF541B61D1D6B886419B29

Function 00401F90 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401FBB

Part of subcall function 0040507C: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000,?), ref: 004050B5
Part of subcall function 0040507C: lstrlenA.KERNEL32(00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000), ref: 004050C5
Part of subcall function 0040507C: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00402C8E,00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00000000,00000000,00000000), ref: 004050D8
Part of subcall function 0040507C: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\), ref: 004050EA
Part of subcall function 0040507C: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405110
Part of subcall function 0040507C: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040512A
Part of subcall function 0040507C: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405138

LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FCB
GetProcAddress.KERNEL32(00000000,?), ref: 00401FDB
FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402045

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
String ID:
API String ID: 2987980305-0
Opcode ID: e3c3d8a1629abc745538675de81c2d5dcd54a9ae6fab7bf6c9fd3347a21f082d
Instruction ID: 215a549463b1ff6cdb2c8ab56b147df35cc58612cba094cab406bca79a610b2d
Opcode Fuzzy Hash: e3c3d8a1629abc745538675de81c2d5dcd54a9ae6fab7bf6c9fd3347a21f082d
Instruction Fuzzy Hash: A0212E76904215FBDF217F648E48A6E3670AB45318F30423BF701B62D0D7BC4942DA6E

Function 004036F1 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403528,?), ref: 00403703
CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403528,?), ref: 00403717

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 004036F6
C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\, xrefs: 00403727

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: CloseHandle
String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\
API String ID: 2962429428-1944565238
Opcode ID: bce50272980b2b115c412ee18181e99af888c32c9f017689cab30043875d87d7
Instruction ID: a64c404821d2138faf7c298dc7aa4842799881c741ebf925b7f901023762ac75
Opcode Fuzzy Hash: bce50272980b2b115c412ee18181e99af888c32c9f017689cab30043875d87d7
Instruction Fuzzy Hash: C6E086B0500620D6C524AF7CAD855463B196B413357208322F574F30F1C338AD435EAC

Function 0040205E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(00407408,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020DD
MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402189

Strings

C:\Program Files (x86)\Driver Support, xrefs: 0040211D

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID: C:\Program Files (x86)\Driver Support
API String ID: 123533781-3313422455
Opcode ID: 814b7ea8dca6599385978487c0f202a2bde9097081401cb59e3c034f0ab4e669
Instruction ID: 56974f308a9a67f015f648966d3a58154011754483a046e15126684feee28a9b
Opcode Fuzzy Hash: 814b7ea8dca6599385978487c0f202a2bde9097081401cb59e3c034f0ab4e669
Instruction Fuzzy Hash: 255138B5A00208BFCF10DFA4C988A9D7BB5FF48318F20856AF515EB2D1DB799941CB54

Function 004015B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

Part of subcall function 0040596E: CharNextA.USER32(?,?,C:\,?,004059DA,C:\,C:\,74DF3410,?,74DF2EE0,00405725,?,74DF3410,74DF2EE0,00000000), ref: 0040597C
Part of subcall function 0040596E: CharNextA.USER32(00000000), ref: 00405981
Part of subcall function 0040596E: CharNextA.USER32(00000000), ref: 00405995

GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605

Part of subcall function 00405542: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405585

SetCurrentDirectoryA.KERNEL32(00000000,C:\Program Files (x86)\Driver Support,00000000,00000000,000000F0), ref: 00401634

Strings

C:\Program Files (x86)\Driver Support, xrefs: 00401629

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: CharNext$Directory$AttributesCreateCurrentFile
String ID: C:\Program Files (x86)\Driver Support
API String ID: 1892508949-3313422455
Opcode ID: 7c082fd94d62b49e0a0772216ac902d0a5e288ced7259b00feb75cd76b1be880
Instruction ID: f000a06b92b438bb55e13d50866b264c9e4ef6e61e5cb38cc97b05dde0840845
Opcode Fuzzy Hash: 7c082fd94d62b49e0a0772216ac902d0a5e288ced7259b00feb75cd76b1be880
Instruction Fuzzy Hash: 3F110436504151BFEF217B654C405BF27B0EA92324738467FE592B22E6C63C0A42AA3E

Function 004059C3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00405E63: lstrcpynA.KERNEL32(?,?,00000400,004032D9,00422F20,NSIS Error), ref: 00405E70

Part of subcall function 0040596E: CharNextA.USER32(?,?,C:\,?,004059DA,C:\,C:\,74DF3410,?,74DF2EE0,00405725,?,74DF3410,74DF2EE0,00000000), ref: 0040597C
Part of subcall function 0040596E: CharNextA.USER32(00000000), ref: 00405981
Part of subcall function 0040596E: CharNextA.USER32(00000000), ref: 00405995

lstrlenA.KERNEL32(C:\,00000000,C:\,C:\,74DF3410,?,74DF2EE0,00405725,?,74DF3410,74DF2EE0,00000000), ref: 00405A16
GetFileAttributesA.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,74DF3410,?,74DF2EE0,00405725,?,74DF3410,74DF2EE0), ref: 00405A26

Strings

C:\, xrefs: 004059C9, 004059CE, 004059D4, 00405A0F, 00405A15, 00405A1D, 00405A25

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: CharNext$AttributesFilelstrcpynlstrlen
String ID: C:\
API String ID: 3248276644-3404278061
Opcode ID: 0ef386635608f692f0e7c0f61560742430c47c7f4d5a656852c6bdb0725f2d70
Instruction ID: c86e2d8d38d71570b191e9a15eff5061e4cbb4187268480765cc96090d0558f9
Opcode Fuzzy Hash: 0ef386635608f692f0e7c0f61560742430c47c7f4d5a656852c6bdb0725f2d70
Instruction Fuzzy Hash: A2F07D71200D5052C73233350C4669F1644CE82374708023BF8A0B22D2D73C8D02CD7D

Function 004055F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00421538,Error launching installer), ref: 0040561D
CloseHandle.KERNEL32(?), ref: 0040562A

Strings

Error launching installer, xrefs: 00405607

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID: Error launching installer
API String ID: 3712363035-66219284
Opcode ID: 8605fb0cc1bd08462260b177f6e223d0fe872a64a1cb3e3de70a479640e30f4e
Instruction ID: f5a249c54adfd8c255b7380a03a9b1716d63bb632b604881324be9db7dcd8e21
Opcode Fuzzy Hash: 8605fb0cc1bd08462260b177f6e223d0fe872a64a1cb3e3de70a479640e30f4e
Instruction Fuzzy Hash: EAE0BFB4A002097FEB109B64ED45F7B76ACEB10704F908571BD15F2160D678A9518A79

Function 004068E3 Relevance: 5.2, APIs: 4, Instructions: 236COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8132e083a1160923351ce27f8cc58d18c93b4828372388658a00552e8c1634b1
Instruction ID: 9d08257b753d1dc8d50a425e5d18a9377fc83dd762af72a05302a0d5f43d32a7
Opcode Fuzzy Hash: 8132e083a1160923351ce27f8cc58d18c93b4828372388658a00552e8c1634b1
Instruction Fuzzy Hash: EDA13571E00228CBDB28CFA9C8547ADBBB1FF44305F15816ED856BB281D7785A96CF44

Function 00406AE4 Relevance: 5.2, APIs: 4, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd2b84360dd7c3bf672bcc78a832e40c60aaabd2d33ded0d5d318971a638696
Instruction ID: 4069c4fc72520be48e16bfd385b53c7c255c7f0e47fd3261c7dbfe51bff91a5a
Opcode Fuzzy Hash: 8cd2b84360dd7c3bf672bcc78a832e40c60aaabd2d33ded0d5d318971a638696
Instruction Fuzzy Hash: 0B913470E04228CBEF28CF99C8547ADBBB1FF44305F15816AD856BB291C378A996CF44

Function 004067FA Relevance: 5.2, APIs: 4, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41c8aa7f72f1f93a2cbcdf9f632d1ef5542b7afda86631119225c1b51720529c
Instruction ID: e16a5cd5122dbeef30614bcf2b0def54f3f28e6aa070a3c0d2e235184150711d
Opcode Fuzzy Hash: 41c8aa7f72f1f93a2cbcdf9f632d1ef5542b7afda86631119225c1b51720529c
Instruction Fuzzy Hash: B1814771E04228CBDF24CFA9C8447ADBBB1FF44305F25816AD856BB281C7789996CF54

Function 004062FF Relevance: 5.2, APIs: 4, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 344cb5358226c0404198c7d180aef45b95627368966a6db8480b9102282d8a8c
Instruction ID: 250af7da94f29308333f8738aaa2927d74ee5fc9a8e658dcecc26e0f3faccd11
Opcode Fuzzy Hash: 344cb5358226c0404198c7d180aef45b95627368966a6db8480b9102282d8a8c
Instruction Fuzzy Hash: A7816631E04228DBDF24CFA9C8447AEBBB1FF44305F11816AD856BB281C7785A96CF54

Function 0040674D Relevance: 5.2, APIs: 4, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fcb4a8d7ef675eb47b5d59acfe40d72c7d0968365e25b36553ac1c3905db65f
Instruction ID: d3a2940f28ad1956632bfd73bee9eff7b9b7c3d901c1c2bf8e917ae235022c86
Opcode Fuzzy Hash: 2fcb4a8d7ef675eb47b5d59acfe40d72c7d0968365e25b36553ac1c3905db65f
Instruction Fuzzy Hash: 2D713471E00228DBDF24CFA9C8547ADBBB1FF44305F15806AD816BB281C778AA96DF54

Function 0040686B Relevance: 5.2, APIs: 4, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da2f706e7974a2021bad9ffdb380539c5442a57272a58128905f842303d595e8
Instruction ID: aa5f261e6b50ba4db5ffebf04d3efdb0ff665d1262494a5322ec58a673e68ddc
Opcode Fuzzy Hash: da2f706e7974a2021bad9ffdb380539c5442a57272a58128905f842303d595e8
Instruction Fuzzy Hash: 91715671E00228DBDF28CF99C854BADBBB1FF44305F15806AD816BB281C778A992DF54

Function 004067B7 Relevance: 5.2, APIs: 4, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: feb90363471a84b63e8ff2d487282df12a040b782cd1455c92e9c1b62a64594c
Instruction ID: ff328c296e0f6909f1720754cbeef76fe0f6b635d5236ea2459b9db161edb35a
Opcode Fuzzy Hash: feb90363471a84b63e8ff2d487282df12a040b782cd1455c92e9c1b62a64594c
Instruction Fuzzy Hash: 9F715771E00228DBEF28CF99C8547ADBBB1FF44305F15806AD856BB281C778AA56DF44

Function 00403064 Relevance: 4.6, APIs: 3, Instructions: 101COMMON

Download Yara Rule

APIs

GetTickCount.KERNEL32 ref: 00403078

Part of subcall function 004031E3: SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EE1,?), ref: 004031F1

SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,00402F8E,00000004,00000000,00000000,?,?,00402F08,000000FF,00000000,00000000,00409130,?), ref: 004030AB
SetFilePointer.KERNELBASE(0015FD27,00000000,00000000,004128D8,00004000,?,00000000,00402F8E,00000004,00000000,00000000,?,?,00402F08,000000FF,00000000), ref: 004031A6

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: FilePointer$CountTick
String ID:
API String ID: 1092082344-0
Opcode ID: a36c4bf57cb6e858ef063313d681270ada8638ec8a77c6c3e08efa629b838403
Instruction ID: 32da71d67e65fe5252f8ded7d9303c2dcf981c5e4867c3c67dada36b4a4d5a13
Opcode Fuzzy Hash: a36c4bf57cb6e858ef063313d681270ada8638ec8a77c6c3e08efa629b838403
Instruction Fuzzy Hash: DD31B2B29012109FDB10BF2AFE4086A3BECE748356715823BE400B62E0C739DD52DB5E

Function 00401E44 Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 0040507C: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000,?), ref: 004050B5
Part of subcall function 0040507C: lstrlenA.KERNEL32(00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000), ref: 004050C5
Part of subcall function 0040507C: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00402C8E,00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00000000,00000000,00000000), ref: 004050D8
Part of subcall function 0040507C: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\), ref: 004050EA
Part of subcall function 0040507C: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405110
Part of subcall function 0040507C: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040512A
Part of subcall function 0040507C: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405138

Part of subcall function 004055F4: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00421538,Error launching installer), ref: 0040561D
Part of subcall function 004055F4: CloseHandle.KERNEL32(?), ref: 0040562A

WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E7E
GetExitCodeProcess.KERNEL32(?,?), ref: 00401E8E
FindCloseChangeNotification.KERNELBASE(?,00000000,000000EB,00000000), ref: 00401EB3

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcat
String ID:
API String ID: 3954718778-0
Opcode ID: 096e88279cee13df4d4a1d55db3feec4ed85e326209c06b1e7a9aeb0364fe118
Instruction ID: 8164f88ac99e46b686dec60b6f66323921365fc284b2c72d55c18730983d64c3
Opcode Fuzzy Hash: 096e88279cee13df4d4a1d55db3feec4ed85e326209c06b1e7a9aeb0364fe118
Instruction Fuzzy Hash: 97015731904114EBDF11AFA1C98899F7BB2EF00344F20817BF601B52E1C7789A419B9A

Function 00405D4A Relevance: 4.5, APIs: 3, Instructions: 45registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(80000002,00405F8F,00000000,00000002,?,00000002,?,?,00405F8F,80000002,Software\Microsoft\Windows\CurrentVersion,?,Remove folder: ,?), ref: 00405D73
RegQueryValueExA.KERNELBASE(?,?,00000000,00405F8F,?,00405F8F), ref: 00405D94
RegCloseKey.KERNELBASE(?), ref: 00405DB5

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: 0c8888e50600bbfc423f29d3e13c34afc4b2d72f1a725d9a4029968a390a76be
Instruction ID: 75195c41eba113777763a56ee97b1b5287ad365fc5d4740e3ebf2a0583ed9f98
Opcode Fuzzy Hash: 0c8888e50600bbfc423f29d3e13c34afc4b2d72f1a725d9a4029968a390a76be
Instruction Fuzzy Hash: F9015A7254020AEFDB128F64EC48EEB3FACEF18354F008036F904E6260D235D964CBA5

Function 00402482 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B6C

RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 004024B0
RegEnumValueA.KERNELBASE(00000000,00000000,?,?,?,?,?,?,00000003), ref: 004024C3
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsf71FB.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024D8

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: Enum$CloseOpenValue
String ID:
API String ID: 167947723-0
Opcode ID: 47ab25418fb38c8c5b03f0ebc620af0af5168f3c50133958f6b2384b9cd533c1
Instruction ID: e09e8e067f2b8771eb66943483239aed03eb61d96520190a1401bf15a77a7747
Opcode Fuzzy Hash: 47ab25418fb38c8c5b03f0ebc620af0af5168f3c50133958f6b2384b9cd533c1
Instruction Fuzzy Hash: BAF0AD72A04200BFEB11AF659E88EBB7A6DEB80344B10443AF505A61C0D6B84A459A7A

Function 004056BD Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00405AB1: GetFileAttributesA.KERNELBASE(?,?,004056C9,?,?,00000000,004058AC,?,?,?,?), ref: 00405AB6
Part of subcall function 00405AB1: SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405ACA

RemoveDirectoryA.KERNELBASE(?,?,?,00000000,004058AC), ref: 004056D8
DeleteFileA.KERNELBASE(?,?,?,00000000,004058AC), ref: 004056E0
SetFileAttributesA.KERNEL32(?,00000000), ref: 004056F8

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: File$Attributes$DeleteDirectoryRemove
String ID:
API String ID: 1655745494-0
Opcode ID: ecb533084f054dec527d8ee4002c22eb7271b0964ed621fa894de998c2c2fbf7
Instruction ID: 7218464210d320bbb7aaa7b2b3498e6226de7d0fc9260b199a665c24177db626
Opcode Fuzzy Hash: ecb533084f054dec527d8ee4002c22eb7271b0964ed621fa894de998c2c2fbf7
Instruction Fuzzy Hash: 4FE0E53150EA9157C2105731990C75F6AD8DF86324F840E36F955B21D0D7B94C068EAE

Function 00402F5C Relevance: 3.1, APIs: 2, Instructions: 88COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00409130,00000000,00000000,00000000,00000000,?,?,00402F08,000000FF,00000000,00000000,00409130,?), ref: 00402F81

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 318766a007564a5c8c6069328ff7bf9d8ddc724485930b67641b25b8ac31027b
Instruction ID: 983d4f283b3a49842741e08d62faa859851885946f81c7e75766fedec90a3088
Opcode Fuzzy Hash: 318766a007564a5c8c6069328ff7bf9d8ddc724485930b67641b25b8ac31027b
Instruction Fuzzy Hash: 32319F70202219EFDF20EF56DD44A9B7BACEB00755F20803AF904E61D0D279DE40DBA9

Function 00402410 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B6C

RegQueryValueExA.KERNELBASE(00000000,00000000,?,?,?,?), ref: 00402440
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsf71FB.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024D8

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: 408be7f7af0432980abd1dac26f88ffd518e424ecbfe51417bc02b193546086b
Instruction ID: ea61b96732c3ecdd8e38099917432d45b641eb3d8d4d3075f09eb17731070f47
Opcode Fuzzy Hash: 408be7f7af0432980abd1dac26f88ffd518e424ecbfe51417bc02b193546086b
Instruction Fuzzy Hash: 7111A771905205FFDF14DF64C6889AEBBB4EF11349F20847FE141B62C0D2B84A45DB5A

Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
SendMessageA.USER32(?,00000402,00000000), ref: 004013F4

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 6f3fd260d9a20665192313664cef065be83871c58b0681ff97f62226ed226405
Instruction ID: 8ec6bfb8ef4f3ff43576048fe9568e939b5e998f238dec90285f5c94a9fc96e2
Opcode Fuzzy Hash: 6f3fd260d9a20665192313664cef065be83871c58b0681ff97f62226ed226405
Instruction Fuzzy Hash: 2201F431B24210ABE7294B389E04B6A36A8F710314F11823BF911F66F1D7B8DC029B4D

Function 00402308 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B6C

RegDeleteValueA.KERNELBASE(00000000,00000000,00000033), ref: 00402327
RegCloseKey.ADVAPI32(00000000), ref: 00402330

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: CloseDeleteOpenValue
String ID:
API String ID: 849931509-0
Opcode ID: 88086720c86d129164a725f5313cdf10b224a6eba0820ba03869662ae5bc5fd2
Instruction ID: 87e18c8b9cd74d0bde17796df308dc93964f3544418e05dee947639aacfbea4d
Opcode Fuzzy Hash: 88086720c86d129164a725f5313cdf10b224a6eba0820ba03869662ae5bc5fd2
Instruction Fuzzy Hash: 4CF04473A00110AFDB10BFA48A4EAAE76799B50345F14443BF201B61C1D9BD4D12866D

Function 0040514E Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 0040515E

Part of subcall function 00404094: SendMessageA.USER32(00040492,00000000,00000000,00000000), ref: 004040A6

OleUninitialize.OLE32(00000404,00000000), ref: 004051AA

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: InitializeMessageSendUninitialize
String ID:
API String ID: 2896919175-0
Opcode ID: a1e759c3ba7025077e10085eb26d18bfe45318352d138b018d477bc6a8fcf70b
Instruction ID: 484cf87bc9531c098fcd3877696a47d73f7080a50005c66256059c60e8f5965f
Opcode Fuzzy Hash: a1e759c3ba7025077e10085eb26d18bfe45318352d138b018d477bc6a8fcf70b
Instruction Fuzzy Hash: FAF0F0F6A04201BAEA611B549804B1A72B0DBC4702F80813AFF04B62A1923D58428A1D

Function 004061FC Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,?,00403295,00000009), ref: 0040620E
GetProcAddress.KERNEL32(00000000,?), ref: 00406229

Part of subcall function 0040618E: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 004061A5
Part of subcall function 0040618E: wsprintfA.USER32 ref: 004061DE
Part of subcall function 0040618E: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 004061F2

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
String ID:
API String ID: 2547128583-0
Opcode ID: 2c630675a567476a72db336401282eceef6d354bbdda173821c126d7c14613da
Instruction ID: 835994d0d4e2d07c36af23a3dc0c9bac066575a7a99d708227b603b56203bf9f
Opcode Fuzzy Hash: 2c630675a567476a72db336401282eceef6d354bbdda173821c126d7c14613da
Instruction Fuzzy Hash: 7EE08632A04111BAD650B6745D0496B73AC9B84740302487EF906F2185E7389C3196AA

Function 0040374E Relevance: 3.0, APIs: 2, Instructions: 19COMMON

Download Yara Rule

APIs

FreeLibrary.KERNELBASE(?,74DF3410,00000000,74DF2EE0,00403725,C:\Users\user\AppData\Local\Temp\,00403528,?), ref: 00403768
GlobalFree.KERNEL32(00000000), ref: 0040376F

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: Free$GlobalLibrary
String ID:
API String ID: 1100898210-0
Opcode ID: e3dda661aee8dd5407b6d454dedd461a768af1d3b2e32b7100c159d0cb86a48a
Instruction ID: 4d546273b2e2ac293021758f575ee9690d45bf8ac48a1713c9e78277a1952258
Opcode Fuzzy Hash: e3dda661aee8dd5407b6d454dedd461a768af1d3b2e32b7100c159d0cb86a48a
Instruction Fuzzy Hash: 14E08C7280103057D6212F25EE04B5AB6686B48B22F05406AEC417B2A087742C424AC9

Function 00405AD6 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000003,00402CF9,C:\Users\user\AppData\Local\Temp\DriverSupport.exe,80000000,00000003), ref: 00405ADA
CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405AFC

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 4a69860c6089f1fb7fd455c1891d9cc54c05e48a968a67635bcc5e625bd0c43f
Instruction ID: 2e597581bf20324382b204af2e2b9293bc3b27f4d9e8cb915424ec39c2be7a6e
Opcode Fuzzy Hash: 4a69860c6089f1fb7fd455c1891d9cc54c05e48a968a67635bcc5e625bd0c43f
Instruction Fuzzy Hash: A7D09E31658201EFFF098F20DD16F2EBBA2EB84B00F10962CBA92941E0D6755815DB26

Function 00405AB1 Relevance: 3.0, APIs: 2, Instructions: 13COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(?,?,004056C9,?,?,00000000,004058AC,?,?,?,?), ref: 00405AB6
SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405ACA

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 123b2631ce2b274a689f6f42d71c67174a47df8962c272e460887a4e83ced065
Instruction ID: a7f0a3a241a8181cef173a1dc0fd71ceb180899bf82cabeb0f5c2b47daa9e471
Opcode Fuzzy Hash: 123b2631ce2b274a689f6f42d71c67174a47df8962c272e460887a4e83ced065
Instruction Fuzzy Hash: 0AD0C972908121AFC2102728AD0C89BBB65EB54271B118B31FDAAA22B0D7304C528AA5

Function 004055BF Relevance: 3.0, APIs: 2, Instructions: 9COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNELBASE(?,00000000,0040321E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040341B), ref: 004055C5
GetLastError.KERNEL32 ref: 004055D3

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
Instruction ID: ee333ff4e59061917a1f290c3015eab559b7a368ac9c9957fcbd809aee07952f
Opcode Fuzzy Hash: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
Instruction Fuzzy Hash: 04C08C31618102EBDB200B30CE08B073E61AB00381F208831A006F10E4CA349000C93F

Function 0040265E Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNELBASE(00000000,?), ref: 00402670

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: a714cea26e4a6e614d432e24e727f2ff479c0488c6a78fa6ef151a04a7dfca1b
Instruction ID: 66eed7d3d6a45b6d0fc315ef66912ba15e4e3fdbd96af4f4f129b47eb9281778
Opcode Fuzzy Hash: a714cea26e4a6e614d432e24e727f2ff479c0488c6a78fa6ef151a04a7dfca1b
Instruction Fuzzy Hash: 6AE0E576604100EBEB10EBA0D988AAE73A8DF10304B20847BD201E21C0E3B94A459B7A

Function 00402B44 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B6C

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: ed1d997f1767e4ebe1524a955060e6e59f62574de8c72c2eb948d7caa6f8d669
Instruction ID: 806e3b40af95552ac91145e5354a2e2caa18036cb762c00ee55acc3717e10e35
Opcode Fuzzy Hash: ed1d997f1767e4ebe1524a955060e6e59f62574de8c72c2eb948d7caa6f8d669
Instruction Fuzzy Hash: D3E04FB6240108AFDB00EFA4DD46FA537ECE714701F008021B608D6091C674E5108B69

Function 00405B4E Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(00409130,00000000,00000000,00000000,00000000,004128D8,0040A8D8,004031E0,00409130,00409130,004030E4,004128D8,00004000,?,00000000,00402F8E), ref: 00405B62

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: ffd4dfc917ffc97e7d907f9c2c90699c203f3b0ebfd4578ed28d6b2a376640fe
Instruction ID: c996f9a7b3ae33303237a126fc5a394e9691c2321a0fe14ef9137570749964f2
Opcode Fuzzy Hash: ffd4dfc917ffc97e7d907f9c2c90699c203f3b0ebfd4578ed28d6b2a376640fe
Instruction Fuzzy Hash: EAE08C3221465EABCF109E509C00EEB3B6CEB00360F008432FD24E2090D230F8209BA4

Function 00405B7D Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(00409130,00000000,00000000,00000000,00000000,00411934,0040A8D8,00403164,0040A8D8,00411934,004128D8,00004000,?,00000000,00402F8E,00000004), ref: 00405B91

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
Instruction ID: 30ff8eedcc03066b87caa2a29a7ef1e7350fb4aaf77a02d24525aee886acae2a
Opcode Fuzzy Hash: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
Instruction Fuzzy Hash: 19E0EC3261425AEFEF609E659C00AEB7B7CFB05360F008432F925E6190D635F9219BA5

Function 00404048 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

SetDlgItemTextA.USER32(?,?,00000000), ref: 00404062

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: ItemText
String ID:
API String ID: 3367045223-0
Opcode ID: 57704bdb4396f032d3f5e68225151eafdca643c84b282080e1a943230575ebd6
Instruction ID: e527cde694e4746e823f20d7cbf8bde5da20a15a663149da90d8392309f3eb92
Opcode Fuzzy Hash: 57704bdb4396f032d3f5e68225151eafdca643c84b282080e1a943230575ebd6
Instruction Fuzzy Hash: 88C04C75148640BFD741A755CC42F1FB799EF94315F40C92EB59CA11D1CA3686209E26

Function 00404094 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(00040492,00000000,00000000,00000000), ref: 004040A6

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 50a7dacb6371fe0cd67611078dbaf3ccf85a23f01bbb2752a0812b92d5b89748
Instruction ID: add50700843ac817ab7d6e51381e723622021bba1cfe7f2961aa6f321ae6f442
Opcode Fuzzy Hash: 50a7dacb6371fe0cd67611078dbaf3ccf85a23f01bbb2752a0812b92d5b89748
Instruction Fuzzy Hash: 1CC04C71744201BAEA319B509D49F0777986750700F6644257320B60D1C6B4E410E62D

Function 0040407D Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(00000028,?,00000001,00403EAE), ref: 0040408B

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 3d364c0f7cae05b6249e8bcc12743ca4c2e9a63f4273028bf1a1c1708aea3851
Instruction ID: a78b9239c319e9cb66b61a8ea9955aebbc10e43728856a3b978814f56e37e297
Opcode Fuzzy Hash: 3d364c0f7cae05b6249e8bcc12743ca4c2e9a63f4273028bf1a1c1708aea3851
Instruction Fuzzy Hash: 19B092B6684200BAEE228B00DD09F457AB2E7A8742F008024B200240B0CAB200A1DB19

Function 004031E3 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402EE1,?), ref: 004031F1

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D

Function 0040406A Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,00403E47), ref: 00404074

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 14a97dc87043aa2e894c667cdbf79e2d841fd90f9686f850a1099e45bc3f86c8
Instruction ID: 4b90da896e4fa09681504a9dabf2ba00c57f91177066947fb67d52e8ca440c18
Opcode Fuzzy Hash: 14a97dc87043aa2e894c667cdbf79e2d841fd90f9686f850a1099e45bc3f86c8
Instruction Fuzzy Hash: FCA012324040009BCB014B90FE04C457F31A754300701C031E10180030C2310824FF09

Non-executed Functions

Function 004049F9 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003F9), ref: 00404A11
GetDlgItem.USER32(?,00000408), ref: 00404A1C
GlobalAlloc.KERNEL32(00000040,?), ref: 00404A66
LoadBitmapA.USER32(0000006E), ref: 00404A79
SetWindowLongA.USER32(?,000000FC,00404FF0), ref: 00404A92
ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404AA6
ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404AB8
SendMessageA.USER32(?,00001109,00000002), ref: 00404ACE
SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 00404ADA
SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 00404AEC
DeleteObject.GDI32(00000000), ref: 00404AEF
SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404B1A
SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404B26
SendMessageA.USER32(?,00001100,00000000,?), ref: 00404BBB
SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 00404BE6
SendMessageA.USER32(?,00001100,00000000,?), ref: 00404BFA
GetWindowLongA.USER32(?,000000F0), ref: 00404C29
SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404C37
ShowWindow.USER32(?,00000005), ref: 00404C48
SendMessageA.USER32(?,00000419,00000000,?), ref: 00404D45
SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404DAA
SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404DBF
SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404DE3
SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404E03
ImageList_Destroy.COMCTL32(00000000), ref: 00404E18
GlobalFree.KERNEL32(00000000), ref: 00404E28
SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404EA1
SendMessageA.USER32(?,00001102,?,?), ref: 00404F4A
SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404F59
InvalidateRect.USER32(?,00000000,00000001), ref: 00404F79
ShowWindow.USER32(?,00000000), ref: 00404FC7
GetDlgItem.USER32(?,000003FE), ref: 00404FD2
ShowWindow.USER32(00000000), ref: 00404FD9

Strings

M, xrefs: 00404BA2
N, xrefs: 00404C83
, xrefs: 00404FB1

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
String ID: $M$N
API String ID: 1638840714-813528018
Opcode ID: f71c4aa5fa736d427a4380ee5912dc7cb3dc5a811f5ff7b07bbbad78877c99f0
Instruction ID: 3cd80f6d66a0a8d02be1144e931921fec7cdafd03fadcad4e17be0217faf115b
Opcode Fuzzy Hash: f71c4aa5fa736d427a4380ee5912dc7cb3dc5a811f5ff7b07bbbad78877c99f0
Instruction Fuzzy Hash: 9D026EB0900209AFEB10DF94DD85AAE7BB5FB84315F10813AF611B62E1C7789E42DF58

Function 00404191 Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 205windowstringCOMMON

Download Yara Rule

APIs

CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 0040421C
GetDlgItem.USER32(00000000,000003E8), ref: 00404230
SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 0040424E
GetSysColor.USER32(?), ref: 0040425F
SendMessageA.USER32(00000000,00000443,00000000,?), ref: 0040426E
SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 0040427D
lstrlenA.KERNEL32(?), ref: 00404280
SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 0040428F
SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004042A4
GetDlgItem.USER32(?,0000040A), ref: 00404306
SendMessageA.USER32(00000000), ref: 00404309
GetDlgItem.USER32(?,000003E8), ref: 00404334
SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 00404374
LoadCursorA.USER32(00000000,00007F02), ref: 00404383
SetCursor.USER32(00000000), ref: 0040438C
ShellExecuteA.SHELL32(0000070B,open,004226C0,00000000,00000000,00000001), ref: 0040439F
LoadCursorA.USER32(00000000,00007F00), ref: 004043AC
SetCursor.USER32(00000000), ref: 004043AF
SendMessageA.USER32(00000111,00000001,00000000), ref: 004043DB
SendMessageA.USER32(00000010,00000000,00000000), ref: 004043EF

Strings

\A@, xrefs: 00404394
Remove folder: , xrefs: 0040435F
N, xrefs: 00404322
open, xrefs: 00404397

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
String ID: N$Remove folder: $\A@$open
API String ID: 3615053054-2758328528
Opcode ID: 0d3f312fefaf2c190e171dfa2e1175f61d5d84c52849205d92d9bfd162526d75
Instruction ID: aa20bcc63d66581fa7bbac4c1809bf2e03719b1a0f02ef32c38fc7c0d03722a0
Opcode Fuzzy Hash: 0d3f312fefaf2c190e171dfa2e1175f61d5d84c52849205d92d9bfd162526d75
Instruction Fuzzy Hash: 3D6191B1A40209BBEF109F61DC45F6A7B69FB84714F108036FB01BA2D1C7B8A951CF98

Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
BeginPaint.USER32(?,?), ref: 00401047
GetClientRect.USER32(?,?), ref: 0040105B
CreateBrushIndirect.GDI32(00000000), ref: 004010CF
FillRect.USER32(00000000,?,00000000), ref: 004010E4
DeleteObject.GDI32(?), ref: 004010ED
CreateFontIndirectA.GDI32(?), ref: 00401105
SetBkMode.GDI32(00000000,00000001), ref: 00401126
SetTextColor.GDI32(00000000,000000FF), ref: 00401130
SelectObject.GDI32(00000000,?), ref: 00401140
DrawTextA.USER32(00000000,00422F20,000000FF,00000010,00000820), ref: 00401156
SelectObject.GDI32(00000000,00000000), ref: 00401160
DeleteObject.GDI32(?), ref: 00401165
EndPaint.USER32(?,?), ref: 0040116E

Strings

F, xrefs: 0040100C

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
String ID: F
API String ID: 941294808-1304234792
Opcode ID: 7c104425433eee9aa72c8594e5c9845c7e8c7dbb4814f5ad4226ea4ba1dd0cf1
Instruction ID: f6076547c65416f673289c9e9aa760257b54fe90aa12de16c0a46004740ece36
Opcode Fuzzy Hash: 7c104425433eee9aa72c8594e5c9845c7e8c7dbb4814f5ad4226ea4ba1dd0cf1
Instruction Fuzzy Hash: C2419B71804249AFCF058FA4CD459AFBBB9FF45310F00812AF961AA1A0C738EA50DFA5

Function 00404486 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003FB), ref: 004044D5
SetWindowTextA.USER32(00000000,?), ref: 004044FF
SHBrowseForFolderA.SHELL32(?,0041F108,?), ref: 004045B0
CoTaskMemFree.OLE32(00000000), ref: 004045BB
lstrcmpiA.KERNEL32(Remove folder: ,Driver Support Setup ), ref: 004045ED
lstrcatA.KERNEL32(?,Remove folder: ), ref: 004045F9
SetDlgItemTextA.USER32(?,000003FB,?), ref: 0040460B

Part of subcall function 0040563D: GetDlgItemTextA.USER32(?,?,00000400,00404642), ref: 00405650

Part of subcall function 004060CE: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:"",74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,00403206,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040341B), ref: 00406126
Part of subcall function 004060CE: CharNextA.USER32(?,?,?,00000000), ref: 00406133
Part of subcall function 004060CE: CharNextA.USER32(?,"C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:"",74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,00403206,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040341B), ref: 00406138
Part of subcall function 004060CE: CharPrevA.USER32(?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,00403206,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040341B), ref: 00406148

GetDiskFreeSpaceA.KERNEL32(0041ED00,?,?,0000040F,?,0041ED00,0041ED00,?,00000001,0041ED00,?,?,000003FB,?), ref: 004046C9
MulDiv.KERNEL32(?,0000040F,00000400), ref: 004046E4

Part of subcall function 0040483D: lstrlenA.KERNEL32(Driver Support Setup ,Driver Support Setup ,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404758,000000DF,00000000,00000400,?), ref: 004048DB
Part of subcall function 0040483D: wsprintfA.USER32 ref: 004048E3
Part of subcall function 0040483D: SetDlgItemTextA.USER32(?,Driver Support Setup ), ref: 004048F6

Strings

Driver Support Setup , xrefs: 00404583, 004045E6
Remove folder: , xrefs: 004045E7, 004045EC, 004045F7
A, xrefs: 004045A9
C:\Program Files (x86)\Driver Support, xrefs: 004045D6

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
String ID: A$C:\Program Files (x86)\Driver Support$Driver Support Setup $Remove folder:
API String ID: 2624150263-3306077820
Opcode ID: 270dc7a5b9dcdb78d87257eb559ab6150f0e039b037db56f317b36bf3157eca3
Instruction ID: 175f10717e4f371f028a94a7e43d857af948bb7b3e906aba32508f1788989df3
Opcode Fuzzy Hash: 270dc7a5b9dcdb78d87257eb559ab6150f0e039b037db56f317b36bf3157eca3
Instruction Fuzzy Hash: 27A18FF1900209ABDB11AFA5CC45AAFB7B8EF85314F14843BF601B72D1D77C9A418B69

Function 00405BAC Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON

Download Yara Rule

APIs

lstrcpyA.KERNEL32(00421AC0,NUL,?,00000000,?,00000000,00405D3F,?,?), ref: 00405BBB
CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,00405D3F,?,?), ref: 00405BDF
GetShortPathNameA.KERNEL32(?,00421AC0,00000400), ref: 00405BE8

Part of subcall function 00405A3B: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405C98,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A4B
Part of subcall function 00405A3B: lstrlenA.KERNEL32(00000000,?,00000000,00405C98,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A7D

GetShortPathNameA.KERNEL32(00421EC0,00421EC0,00000400), ref: 00405C05
wsprintfA.USER32 ref: 00405C23
GetFileSize.KERNEL32(00000000,00000000,00421EC0,C0000000,00000004,00421EC0,?,?,?,?,?), ref: 00405C5E
GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405C6D
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CA5
SetFilePointer.KERNEL32(004093C8,00000000,00000000,00000000,00000000,004216C0,00000000,-0000000A,004093C8,00000000,[Rename],00000000,00000000,00000000), ref: 00405CFB
GlobalFree.KERNEL32(00000000), ref: 00405D0C
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405D13

Part of subcall function 00405AD6: GetFileAttributesA.KERNELBASE(00000003,00402CF9,C:\Users\user\AppData\Local\Temp\DriverSupport.exe,80000000,00000003), ref: 00405ADA
Part of subcall function 00405AD6: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405AFC

Strings

%s=%s, xrefs: 00405C19
NUL, xrefs: 00405BB5
[Rename], xrefs: 00405C8D, 00405C9F

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
String ID: %s=%s$NUL$[Rename]
API String ID: 222337774-4148678300
Opcode ID: 48efe9067dab4c6be72075fa3094db19553ee2d814aebd6cf6e6eb07f6957914
Instruction ID: f02436ff356463cbad731f06bd7f36315381bbfe77d8bed81a3cf794d1fe08c5
Opcode Fuzzy Hash: 48efe9067dab4c6be72075fa3094db19553ee2d814aebd6cf6e6eb07f6957914
Instruction Fuzzy Hash: 2231C274604B597BD2207B615D49F6B3A9CEF45758F24013BF905B22D2DA78AC008EBD

Function 004060CE Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON

Download Yara Rule

APIs

CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:"",74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,00403206,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040341B), ref: 00406126
CharNextA.USER32(?,?,?,00000000), ref: 00406133
CharNextA.USER32(?,"C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:"",74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,00403206,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040341B), ref: 00406138
CharPrevA.USER32(?,?,74DF3410,C:\Users\user\AppData\Local\Temp\,00000000,00403206,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040341B), ref: 00406148

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 004060CF
*?|<>/":, xrefs: 00406116
"C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:"", xrefs: 0040610A

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: Char$Next$Prev
String ID: "C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:""$*?|<>/":$C:\Users\user\AppData\Local\Temp\
API String ID: 589700163-1765450730
Opcode ID: 2fcb21d4fe3ff3b998ebc2bd8af41eb25bf4dc23d8027269f2ae341fb2b2b84f
Instruction ID: f4547238e9b15f098583f6e7a29ad5d1a016b5704a22f35d65a3ab7f018ae362
Opcode Fuzzy Hash: 2fcb21d4fe3ff3b998ebc2bd8af41eb25bf4dc23d8027269f2ae341fb2b2b84f
Instruction Fuzzy Hash: EF1104A18043A22DFB3246284C44B77AF884F5A764F19407BE4C6763C3CA7C9C52866D

Function 004040AF Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

GetWindowLongA.USER32(?,000000EB), ref: 004040CC
GetSysColor.USER32(00000000), ref: 004040E8
SetTextColor.GDI32(?,00000000), ref: 004040F4
SetBkMode.GDI32(?,?), ref: 00404100
GetSysColor.USER32(?), ref: 00404113
SetBkColor.GDI32(?,?), ref: 00404123
DeleteObject.GDI32(?), ref: 0040413D
CreateBrushIndirect.GDI32(?), ref: 00404147

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
Instruction ID: b9626d203e07c142b7df78836af29c525e1d4ad6db78ea87979aa0b8fd7aa94c
Opcode Fuzzy Hash: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
Instruction Fuzzy Hash: 9C219671904704ABC7219F78DD48B4BBBF8AF41714F048529E996F63E0D734E944CB55

Function 00402C17 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,00000000), ref: 00402C2F
GetTickCount.KERNEL32 ref: 00402C4D
wsprintfA.USER32 ref: 00402C7B

Part of subcall function 0040507C: lstrlenA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000,?), ref: 004050B5
Part of subcall function 0040507C: lstrlenA.KERNEL32(00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402C8E,00000000), ref: 004050C5
Part of subcall function 0040507C: lstrcatA.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00402C8E,00402C8E,Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,00000000,00000000,00000000), ref: 004050D8
Part of subcall function 0040507C: SetWindowTextA.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsf71FB.tmp\), ref: 004050EA
Part of subcall function 0040507C: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00405110
Part of subcall function 0040507C: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 0040512A
Part of subcall function 0040507C: SendMessageA.USER32(?,00001013,?,00000000), ref: 00405138

CreateDialogParamA.USER32(0000006F,00000000,00402B7F,00000000), ref: 00402C9F
ShowWindow.USER32(00000000,00000005), ref: 00402CAD

Part of subcall function 00402BFB: MulDiv.KERNEL32(00060F72,00000064,00064BC2), ref: 00402C10

Strings

... %d%%, xrefs: 00402C75

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
String ID: ... %d%%
API String ID: 722711167-2449383134
Opcode ID: cd814f97995ab4d525a9326c00e86b88d6fec88510706dfa7be7368b8ebbbedc
Instruction ID: 50736a5f322e453d47399e53c3729a9749aec8e4ed59b6a4d84230157c1bc9e9
Opcode Fuzzy Hash: cd814f97995ab4d525a9326c00e86b88d6fec88510706dfa7be7368b8ebbbedc
Instruction Fuzzy Hash: 400161B090A624EBEB21AF64EF0DD9F7768EB04701B444177F405B11E4D6B89942C69E

Function 00404947 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404962
GetMessagePos.USER32 ref: 0040496A
ScreenToClient.USER32(?,?), ref: 00404984
SendMessageA.USER32(?,00001111,00000000,?), ref: 00404996
SendMessageA.USER32(?,0000110C,00000000,?), ref: 004049BC

Strings

f, xrefs: 00404998

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
Instruction ID: 9a5aaf7a7a2eb46524cfe6ed05727662581176125bc7a9594c14671d6fd5834d
Opcode Fuzzy Hash: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
Instruction Fuzzy Hash: D60152B1D00219BADB11DBA4DC45FFFBBBCAF55711F10416BBA10B61C0C7B869018BA5

Function 00401D38 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 00401D3B
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D48
MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D57
ReleaseDC.USER32(?,00000000), ref: 00401D68
CreateFontIndirectA.GDI32(0040A808), ref: 00401DB3

Strings

MS Shell Dlg, xrefs: 00401D99

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectRelease
String ID: MS Shell Dlg
API String ID: 3808545654-76309092
Opcode ID: d1d98ef4ca3702c11c3c6dceaa5369c7d293144b8b7f1186970544015a90a800
Instruction ID: 002072324c9ca14b61f47775792bd0911152047613ce7f91f46ea316c06ba8c0
Opcode Fuzzy Hash: d1d98ef4ca3702c11c3c6dceaa5369c7d293144b8b7f1186970544015a90a800
Instruction Fuzzy Hash: 22016232944340AFE7016770AE5EBAA3FA89795305F108479F641B62E2C67801568F6F

Function 00402B7F Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B9A
wsprintfA.USER32 ref: 00402BCE
SetWindowTextA.USER32(?,?), ref: 00402BDE
SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BF0

Strings

verifying installer: %d%%, xrefs: 00402BC3
unpacking data: %d%%, xrefs: 00402BBC, 00402BCC

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: unpacking data: %d%%$verifying installer: %d%%
API String ID: 1451636040-1158693248
Opcode ID: ef5ff3cba37bdb2e26199f17b8c5be3437539e0f0002abd4d10d443ac5288961
Instruction ID: 59ddb31903a36680b4224ad2704aa62d89b79b457576c75755388437ec856a92
Opcode Fuzzy Hash: ef5ff3cba37bdb2e26199f17b8c5be3437539e0f0002abd4d10d443ac5288961
Instruction Fuzzy Hash: D5F01D70900208AAEF205F60DD0ABAE3779FB04345F00803AFA16B51D0D7B9AA559B59

Function 004026C6 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040271A
GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 00402736
GlobalFree.KERNEL32(?), ref: 0040276F
GlobalFree.KERNEL32(00000000), ref: 00402782
CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 0040279A
DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 004027AE

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: Global$AllocFree$CloseDeleteFileHandle
String ID:
API String ID: 2667972263-0
Opcode ID: ca0be688d7f720411948d387ee0049612bb77ca8bca973687b1d637323e3bb01
Instruction ID: 485419aab899adaa45f09767fc84dfb68f9751acdadaf5e244b928a283e6c860
Opcode Fuzzy Hash: ca0be688d7f720411948d387ee0049612bb77ca8bca973687b1d637323e3bb01
Instruction Fuzzy Hash: 0A21AE71800128BBCF116FA5CE89DAE7A79EF08364F10423AF921762D0C7795D018F98

Function 0040483D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(Driver Support Setup ,Driver Support Setup ,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404758,000000DF,00000000,00000400,?), ref: 004048DB
wsprintfA.USER32 ref: 004048E3
SetDlgItemTextA.USER32(?,Driver Support Setup ), ref: 004048F6

Strings

Driver Support Setup , xrefs: 004048CD, 004048D2, 004048D8, 004048EC
%u.%u%s%s, xrefs: 004048C5

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s$Driver Support Setup
API String ID: 3540041739-2666543004
Opcode ID: 816a97f40fb741a7874f6231f68a2f52d84a672703b9ff014e4c8c1b7defe931
Instruction ID: c0766d521516c7b6303674c7dd8cea214f166acaf9b397f83c092fcb524d35e8
Opcode Fuzzy Hash: 816a97f40fb741a7874f6231f68a2f52d84a672703b9ff014e4c8c1b7defe931
Instruction Fuzzy Hash: 6A110A736041283BDB0076ADDC45EAF3288DB85374F254637FA65F21D1EA78CC1285E8

Function 00402A7A Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32(?,?,00000000,?,?), ref: 00402A9B
RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AD7
RegCloseKey.ADVAPI32(?), ref: 00402AE0
RegCloseKey.ADVAPI32(?), ref: 00402B05
RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B23

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: Close$DeleteEnumOpen
String ID:
API String ID: 1912718029-0
Opcode ID: ba179b4ab06ec51544505c7bb4ef6d82f25395ff453b8f9fc11c3f7a3e81ed6a
Instruction ID: 2c69578fec59b839bbbb6554d628e5ed2d7180fb0bd31e8d2d7d3181fb534eb1
Opcode Fuzzy Hash: ba179b4ab06ec51544505c7bb4ef6d82f25395ff453b8f9fc11c3f7a3e81ed6a
Instruction Fuzzy Hash: 93113D71A00108BEDF229F90DE89DAA3B7DEB54349B504436F901F10A0D775AE51EB69

Function 00403AA8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON

Download Yara Rule

APIs

SetWindowTextA.USER32(00000000,00422F20), ref: 00403B40

Strings

Driver Support Setup , xrefs: 00403AAB
1033, xrefs: 00403AAC, 00403AB6, 00403B27
"C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:"", xrefs: 00403AA9

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: TextWindow
String ID: "C:\Users\user\AppData\Local\Temp\DriverSupport.exe" /LANGUAGE:1033 /WELCOME_SHOWN:true /AGREE_TO_LICENSE:true /SID: /TID: /IID: /VeloxumDownloadUrl: /TNAME:"" /PIXELURL:""$1033$Driver Support Setup
API String ID: 530164218-738021986
Opcode ID: dc7de13f03dcb223900496a96d71cfcacf6227c358a972dc05920cca8a73c9bc
Instruction ID: 4ecc7a7cce5d2b157b8937249730f08b858357f8198c33761da0ca3de106299a
Opcode Fuzzy Hash: dc7de13f03dcb223900496a96d71cfcacf6227c358a972dc05920cca8a73c9bc
Instruction Fuzzy Hash: CE11C971B006119BC7309F55DC909737B7CEB8571A364817FD90167391D73DAD029A58

Function 004058D5 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403218,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040341B), ref: 004058DB
CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403218,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040341B), ref: 004058E4
lstrcatA.KERNEL32(?,00409014), ref: 004058F5

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 004058D5

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: CharPrevlstrcatlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 2659869361-3081826266
Opcode ID: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
Instruction ID: 3de60a59262c475c5440d19c682801eda6224deee4fb27ea49e877a9fa99e37c
Opcode Fuzzy Hash: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
Instruction Fuzzy Hash: A6D0A972605A303AD20233198C05E8B3A08CF26351B040032F641B22A2CA7C0E418BFE

Function 0040596E Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

CharNextA.USER32(?,?,C:\,?,004059DA,C:\,C:\,74DF3410,?,74DF2EE0,00405725,?,74DF3410,74DF2EE0,00000000), ref: 0040597C
CharNextA.USER32(00000000), ref: 00405981
CharNextA.USER32(00000000), ref: 00405995

Strings

C:\, xrefs: 0040596F

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: CharNext
String ID: C:\
API String ID: 3213498283-3404278061
Opcode ID: c01f0a1332e094523614662ca2a683f3687d2570a221d834ee5f6cec315170af
Instruction ID: 93fa8612b98c37d3538e1dab61372dab2b439c5e428625c22ffade58a408e5cb
Opcode Fuzzy Hash: c01f0a1332e094523614662ca2a683f3687d2570a221d834ee5f6cec315170af
Instruction Fuzzy Hash: D0F096D1909F60ABFB3292684C54B775B8DCB55771F18547BE540B62C2C27C48408FAA

Function 00404FF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON

Download Yara Rule

APIs

IsWindowVisible.USER32(?), ref: 0040501F
CallWindowProcA.USER32(?,?,?,?), ref: 00405070

Part of subcall function 00404094: SendMessageA.USER32(00040492,00000000,00000000,00000000), ref: 004040A6

Strings

, xrefs: 00405000

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: Window$CallMessageProcSendVisible
String ID:
API String ID: 3748168415-3916222277
Opcode ID: 0b9e3fe4afe9fd5950d24fc38bd805c0ffc83546a9c92a8d1e346af401a4be56
Instruction ID: c10ccb832a2a3496aa312e1d90523b33251ee11bfabb6cbb9dcba6f20acc8f53
Opcode Fuzzy Hash: 0b9e3fe4afe9fd5950d24fc38bd805c0ffc83546a9c92a8d1e346af401a4be56
Instruction Fuzzy Hash: ED018471504609ABDF205F61EC80EAF3725EB84754F148037FB01751E2C77A8C929FAA

Function 0040591C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(80000000,C:\Users\user\AppData\Local\Temp,00402D22,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\DriverSupport.exe,C:\Users\user\AppData\Local\Temp\DriverSupport.exe,80000000,00000003), ref: 00405922
CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\AppData\Local\Temp,00402D22,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp,C:\Users\user\AppData\Local\Temp\DriverSupport.exe,C:\Users\user\AppData\Local\Temp\DriverSupport.exe,80000000,00000003), ref: 00405930

Strings

C:\Users\user\AppData\Local\Temp, xrefs: 0040591C

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: CharPrevlstrlen
String ID: C:\Users\user\AppData\Local\Temp
API String ID: 2709904686-47812868
Opcode ID: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
Instruction ID: 8de3941b568bd0f8b26bcb964e879cd368c776abfab0e8ce3c3ebd0dc0734e68
Opcode Fuzzy Hash: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
Instruction Fuzzy Hash: 1CD0C7B2409D70AEE3036314DC04F9F6A48DF27715F094462E181E61A1C6BC5D814BED

Function 00405A3B Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405C98,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A4B
lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405A63
CharNextA.USER32(00000000,?,00000000,00405C98,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A74
lstrlenA.KERNEL32(00000000,?,00000000,00405C98,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405A7D

Memory Dump Source

Source File: 00000004.00000002.2299269357.0000000000401000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00400000, based on PE: true

Associated: 00000004.00000002.2299227501.0000000000400000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299318337.0000000000407000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000409000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000421000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000424000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.0000000000428000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299346979.000000000043B000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000043C000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000004.00000002.2299568667.000000000047E000.00000002.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_400000_DriverSupport.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: ca0b18bb87844b4bf03c2f7d3918b69422ab9094ff5260ece92dc9b1c2472986
Instruction ID: 761e0a114986e2dc795515ee57e72db75caae44d6787476300dd9688655b7936
Opcode Fuzzy Hash: ca0b18bb87844b4bf03c2f7d3918b69422ab9094ff5260ece92dc9b1c2472986
Instruction Fuzzy Hash: 2FF06232605518BFC7129FA5DC40D9EBBA8EF16350B2541B5F800F7250D674EE019FA9

Analysis Process: DriverSupport.exePID: 7344, Parent PID: 7720COMMON

Executed Functions

Function 00007FFD9C930885 Relevance: 4.2, Instructions: 4246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4a8214c2a0c55978a1b5da5a63bef3aea2a06be6976da054dd127265f966c12
Instruction ID: d9c62bf313060c7bcc3b34a4ac05ec7d9a1a60cfae6093d7109bf5026cd17030
Opcode Fuzzy Hash: f4a8214c2a0c55978a1b5da5a63bef3aea2a06be6976da054dd127265f966c12
Instruction Fuzzy Hash: B683CD7061CB898FD7B5EB18C494BDAB7E1FF99340F5509A9E08DC7256DB74A880CB02

Function 00007FFD9C93093F Relevance: 4.2, Instructions: 4170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79b66f7deb73d9fe799e8551eae1de351538a827057ac44edbb65f2d7139fd4d
Instruction ID: f19ace9f5640c1900ebc69e82731fc91b5509673a8a13b6e75e42f0f29891c0f
Opcode Fuzzy Hash: 79b66f7deb73d9fe799e8551eae1de351538a827057ac44edbb65f2d7139fd4d
Instruction Fuzzy Hash: 3C73CC7061CB898FD7B5EB18C494BDAB7E1FF99340F5509A9E08DC7256DB74A880CB02

Function 00007FFD9BFEC449 Relevance: 2.9, Instructions: 2857COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9067232a0732b35c217a0a35e93c4bf92f03b8f6e2911d57f5adda2e43c1198
Instruction ID: a9b3b5c6f3e78407e985cd08f9e428a0477187d5348f998def3d07388db63d69
Opcode Fuzzy Hash: f9067232a0732b35c217a0a35e93c4bf92f03b8f6e2911d57f5adda2e43c1198
Instruction Fuzzy Hash: A1231834719D4A9FDBA4EB78C098B7977E1FF68305F0101B9E04EC7AA2DA25F9448B41

Function 00007FFD9C63A7AB Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81fe27d3a32b674d004217039151baf547bf7a6182fd5279a07731bc1e1b0723
Instruction ID: b9364c956931dee9e1cf7c4378862639ff5eabe0040c5c182205ac5296cab055
Opcode Fuzzy Hash: 81fe27d3a32b674d004217039151baf547bf7a6182fd5279a07731bc1e1b0723
Instruction Fuzzy Hash: 00F04F209161CA9ADBB1CFA4C8947FD36F0AF0A341F80A425EC0EE71A1CB7996C4D704

Function 00007FFD9C7F7FDB Relevance: 3.9, Strings: 3, Instructions: 133COMMON

Download Yara Rule

Strings

:, xrefs: 00007FFD9C7F80D3
D, xrefs: 00007FFD9C7F815C
4, xrefs: 00007FFD9C7F7F0B

Memory Dump Source

Source File: 00000027.00000002.4007023998.00007FFD9C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c7f0000_DriverSupport.jbxd

Similarity

API ID:
String ID: 4$:$D
API String ID: 0-343332187
Opcode ID: 183b69e34e1456ee6ce0daf5e2f8df8622b283ec6330d7af44be535b7abbe6a9
Instruction ID: 697169a1d6bf02ff3cd22549753165362d925ad550d810003365574f8f477ab3
Opcode Fuzzy Hash: 183b69e34e1456ee6ce0daf5e2f8df8622b283ec6330d7af44be535b7abbe6a9
Instruction Fuzzy Hash: 84513F706199CD8FDBA1DF68C898BE93BE0FF59341F0410A6E84DCB2A1DB349945DB41

Function 00007FFD9C7F87E6 Relevance: 3.8, Strings: 3, Instructions: 72COMMON

Download Yara Rule

Strings

:, xrefs: 00007FFD9C7F80D3
D, xrefs: 00007FFD9C7F815C
%, xrefs: 00007FFD9C7F87FE

Memory Dump Source

Source File: 00000027.00000002.4007023998.00007FFD9C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c7f0000_DriverSupport.jbxd

Similarity

API ID:
String ID: %$:$D
API String ID: 0-1240886121
Opcode ID: 850dec9dd2b66cceb713986df9a71bec9ae945aab9121e9983db3e11638e2923
Instruction ID: aaed738bf9373018cdd67c2006459058dbffd4138b1038ec3b6406d7d20b9287
Opcode Fuzzy Hash: 850dec9dd2b66cceb713986df9a71bec9ae945aab9121e9983db3e11638e2923
Instruction Fuzzy Hash: 6E31803461898DCFDBA0EF68C898BE937E0FF59382F505165A80DCB261DB74EA41DB44

Function 00007FFD9BE3809B Relevance: 2.9, Strings: 2, Instructions: 354COMMON

Download Yara Rule

Strings

2, xrefs: 00007FFD9BE384EE
H, xrefs: 00007FFD9BE380C2

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID: 2$H
API String ID: 0-1363263720
Opcode ID: 82f9b9ba2d1995bfe369d02ec581520033e0461cf730647b1d81bab084263915
Instruction ID: 728721531a17edee445d4b8d5fccb6f2dd1af8d610d4317bcf1b2915fb9bc3a3
Opcode Fuzzy Hash: 82f9b9ba2d1995bfe369d02ec581520033e0461cf730647b1d81bab084263915
Instruction Fuzzy Hash: B3C1B47161A7CD4FEBA6DF688CA56E83BE0EF5A310F0501AAD848CB1A3DA385D45C711

Function 00007FFD9C7F8010 Relevance: 2.6, Strings: 2, Instructions: 109COMMON

Download Yara Rule

Strings

:, xrefs: 00007FFD9C7F80D3
D, xrefs: 00007FFD9C7F815C

Memory Dump Source

Source File: 00000027.00000002.4007023998.00007FFD9C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c7f0000_DriverSupport.jbxd

Similarity

API ID:
String ID: :$D
API String ID: 0-1457839483
Opcode ID: 7fdbf98b8331b06f7c710536fc444152de315ae736ecdcb9f5b3394e1308de10
Instruction ID: f65c5c9e8b6f981cd2e042d01bdce30467f89d59ae18ecd1aa8a852dbcbafcdb
Opcode Fuzzy Hash: 7fdbf98b8331b06f7c710536fc444152de315ae736ecdcb9f5b3394e1308de10
Instruction Fuzzy Hash: AD411B306199CD8FDBA1EF28C898BE93BE0FF59341F0400A6E84DCB2A1DB349945DB40

Function 00007FFD9C9397CF Relevance: 2.5, Strings: 2, Instructions: 31COMMON

Download Yara Rule

Strings

7, xrefs: 00007FFD9C938058
8, xrefs: 00007FFD9C9397DB

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID: 7$8
API String ID: 0-126841663
Opcode ID: ce01d09a585961f77d1f8c81f2795907ea61f65067dbcfd14670d03be6d217d4
Instruction ID: 565afb522c447d879ae6139a5d4210004493e6b825f3829fe103337407ac2592
Opcode Fuzzy Hash: ce01d09a585961f77d1f8c81f2795907ea61f65067dbcfd14670d03be6d217d4
Instruction Fuzzy Hash: 97F0A9205192DA8ECBB2CFA188202FD3BF06F56382F04406AEC8DC7281EB7CDA44D710

Function 00007FFD9BFFB2A9 Relevance: 2.5, Strings: 2, Instructions: 27COMMON

Download Yara Rule

Strings

\, xrefs: 00007FFD9BFFB2B5
+, xrefs: 00007FFD9BFFA68B

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID: +$\
API String ID: 0-1483508842
Opcode ID: 6da747db7d744b532433dba194efabb7190b9aea0a18b8dae6c990131bf543d1
Instruction ID: cc8891a44c8ef33194e5ff80d1857dbcf2f55378b2cdc92314eff7b2964ecaf1
Opcode Fuzzy Hash: 6da747db7d744b532433dba194efabb7190b9aea0a18b8dae6c990131bf543d1
Instruction Fuzzy Hash: 04F034206292DE8EDB309FA18850AFE3FA0AF15341F412266FC88D7291E238D6409B56

Function 00007FFD9BFE4A39 Relevance: 2.2, Strings: 1, Instructions: 917COMMON

Download Yara Rule

Strings

Bf, xrefs: 00007FFD9BFE521A

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID: Bf
API String ID: 0-659028757
Opcode ID: 27612cbab983f465aab2545669ca1aba5f96fa43f0d3589f0d5d6a25c326af06
Instruction ID: 73d950c05332f0404d14f719ce309398cb412465ad74602bb6a5cf5fc4e467aa
Opcode Fuzzy Hash: 27612cbab983f465aab2545669ca1aba5f96fa43f0d3589f0d5d6a25c326af06
Instruction Fuzzy Hash: CB52052070EB8D0FE796EB2844656797BE1EF5A340F5901BED48DC72E7DE28AD048352

Function 00007FFD9C9BB149 Relevance: 1.9, Strings: 1, Instructions: 692COMMON

Download Yara Rule

Strings

9, xrefs: 00007FFD9C9BB2B9

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: ceddcfe145cdec5949c0f5ec9ca92656e45f261055946f0c9d5c75c7134ace7c
Instruction ID: 5534043df1d714059225a38ee7494c9d53accdcdff66d7e5bb2f00ea916bd71a
Opcode Fuzzy Hash: ceddcfe145cdec5949c0f5ec9ca92656e45f261055946f0c9d5c75c7134ace7c
Instruction Fuzzy Hash: 9F22F62070DB8A5FE756EB284464A797BE1EF5A380F5901BED48EC72D7DD28EC048352

Function 00007FFD9BCF0987 Relevance: 1.6, Strings: 1, Instructions: 343COMMON

Download Yara Rule

Strings

-, xrefs: 00007FFD9BCF0A27

Memory Dump Source

Source File: 00000027.00000002.3952047540.00007FFD9BCF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bcf0000_DriverSupport.jbxd

Similarity

API ID:
String ID: -
API String ID: 0-2547889144
Opcode ID: dbfde744d8833d771d634834d692796e5dd8e14f3a3b6d2ba69ca6ba113eb9f0
Instruction ID: becfb02db8ba8aa8ca3f9bfe4debb02bc35d5bf70e8060fbf17c6629c7c6a411
Opcode Fuzzy Hash: dbfde744d8833d771d634834d692796e5dd8e14f3a3b6d2ba69ca6ba113eb9f0
Instruction Fuzzy Hash: 90D1D37060D7C88FD7B6DB28C454B9ABBE1FF9A300F45486AE0CDC7262DA749944CB12

Function 00007FFD9C0705A1 Relevance: 1.4, Strings: 1, Instructions: 195COMMON

Download Yara Rule

Strings

{s_H, xrefs: 00007FFD9C070710

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID: {s_H
API String ID: 0-2397677233
Opcode ID: 7770a1293c90e989a214a7408513d4445a6e24896298ac93642aedc0ab84fbf5
Instruction ID: 349bb3bc5f6fcc2943b6aa5a4d3f6d25d01657c76d69c0a420a34044d6908433
Opcode Fuzzy Hash: 7770a1293c90e989a214a7408513d4445a6e24896298ac93642aedc0ab84fbf5
Instruction Fuzzy Hash: B8618970A19A8A8FEB54CF68C8A46F93BF0FF09349F51526AE81DD3291D738D440DB45

Function 00007FFD9BE37E35 Relevance: 1.4, Strings: 1, Instructions: 185COMMON

Download Yara Rule

Strings

C, xrefs: 00007FFD9BE38939

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID: C
API String ID: 0-1037565863
Opcode ID: 9c5780d6dc4807e830912f6f92fc41bcc4ffeb129c59c509e9f68438718efad8
Instruction ID: b0cf2dd12ebb5110a34e855465b3803cdf3dba3448473a84d038ca4c47eebf86
Opcode Fuzzy Hash: 9c5780d6dc4807e830912f6f92fc41bcc4ffeb129c59c509e9f68438718efad8
Instruction Fuzzy Hash: DC715E6060A7CD4FDBA2DF6888A87D93FA1EF07340F4541EAD88DCF2A2CA345A45C711

Function 00007FFD9BFF1D2E Relevance: 1.4, Instructions: 1396COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9dc0dced180a638e80b188583067156ebe0c0299784ecbb86209c297de2901d
Instruction ID: b3252b0f692302875da28881e55c8e737a1cae3957448030e828a2410fa8cca4
Opcode Fuzzy Hash: d9dc0dced180a638e80b188583067156ebe0c0299784ecbb86209c297de2901d
Instruction Fuzzy Hash: 4092801071DB8D0FDB8AAB6C486666C77E2EF9D310B5A01BEE44DC72D7CD28AD058352

Function 00007FFD9BE34DBD Relevance: 1.4, Strings: 1, Instructions: 138COMMON

Download Yara Rule

Strings

ln, xrefs: 00007FFD9BE34E52

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID: ln
API String ID: 0-580614667
Opcode ID: c159bad17fd1c92337f66c63c17fce17f0d4ad286d1d35751b2c015522b1ee11
Instruction ID: ecc66648570f58c8e47b4c5735cc1dc443b47da393fd8bb3b5991169a53a8328
Opcode Fuzzy Hash: c159bad17fd1c92337f66c63c17fce17f0d4ad286d1d35751b2c015522b1ee11
Instruction Fuzzy Hash: 6F41AB6054EB858AE321CB7580107BBBBE0FF85701F60496EE4D9C62A2DB78C544CB03

Function 00007FFD9C9B9B20 Relevance: 1.4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

Strings

@,, xrefs: 00007FFD9C9B9B67

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID: @,
API String ID: 0-2205692185
Opcode ID: d46c8dd486377b7b315ec5a835593a358f26f5587875a3c38407157024470ffd
Instruction ID: 385fb19be10f167b8643cb44736d14033710893b4f0d44a2410df4429aa9e5f7
Opcode Fuzzy Hash: d46c8dd486377b7b315ec5a835593a358f26f5587875a3c38407157024470ffd
Instruction Fuzzy Hash: B8417C2052DB86AFE750DB28849067ABBF0FF99396F44192EF089D31A1E668D584C707

Function 00007FFD9BFE853B Relevance: 1.4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

Strings

Yv, xrefs: 00007FFD9BFE85C9

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID: Yv
API String ID: 0-2479235307
Opcode ID: 4790e233215972e5534d0e7573d005c59ff2d45292f2683cdd1d40d01e3162b0
Instruction ID: 7730144d06a589f33af74e7cd9672eed84ec2ddeae501f00f9d3ba861f1f7d38
Opcode Fuzzy Hash: 4790e233215972e5534d0e7573d005c59ff2d45292f2683cdd1d40d01e3162b0
Instruction Fuzzy Hash: D5418C2051E7898FD351DF24846067ABBE0FF9A305F051AAEE0C9E31A1E728D645CB0A

Function 00007FFD9BFF6D60 Relevance: 1.4, Strings: 1, Instructions: 110COMMON

Download Yara Rule

Strings

XC, xrefs: 00007FFD9BFF6DCE

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID: XC
API String ID: 0-3698251145
Opcode ID: 9fe3145a8fd284608d48850f11f4433ee2a7ebb46302b65e4458304ce8437225
Instruction ID: 925912dc0b20ae82fc923fae634a790c235cc395294521bcb78735d77e5edf57
Opcode Fuzzy Hash: 9fe3145a8fd284608d48850f11f4433ee2a7ebb46302b65e4458304ce8437225
Instruction Fuzzy Hash: EE31802160EBC99FD3118F20C46067ABBE0BF46305F451AAEE0C9D71A2DB3DD645C70A

Function 00007FFD9BFFC3CE Relevance: 1.4, Strings: 1, Instructions: 108COMMON

Download Yara Rule

Strings

5>, xrefs: 00007FFD9BFFC3E6

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID: 5>
API String ID: 0-579456482
Opcode ID: a07175eebe3fb8e6fe43c33829ac99bee73cd444edcc0ee218d3bdd51dbc88f8
Instruction ID: 5f9b3776469ae10c9028b0132c767a0449290e8bb7d0b2846866c5b87282792a
Opcode Fuzzy Hash: a07175eebe3fb8e6fe43c33829ac99bee73cd444edcc0ee218d3bdd51dbc88f8
Instruction Fuzzy Hash: 37416B20A1E7998EE364DF24C054BBAB6E0FF95301F90693EE4CAC31A1DB389544CB06

Function 00007FFD9C7F82F5 Relevance: 1.4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

B, xrefs: 00007FFD9C7F86BF

Memory Dump Source

Source File: 00000027.00000002.4007023998.00007FFD9C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c7f0000_DriverSupport.jbxd

Similarity

API ID:
String ID: B
API String ID: 0-1255198513
Opcode ID: 79019966a825821329d0e4954c664ff1f471a4353be7ccc16f9f80bb7e3d7187
Instruction ID: d8c304a9647a14f204937ff3233b96fb8e4f9b013e561b1ec02b7cc18015c40d
Opcode Fuzzy Hash: 79019966a825821329d0e4954c664ff1f471a4353be7ccc16f9f80bb7e3d7187
Instruction Fuzzy Hash: AF41D730A1568E8EDB64EF64C894BFA37E0FF15381F50513AE84DCB1A1DB389685DB44

Function 00007FFD9C9390FE Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

0, xrefs: 00007FFD9C93910B

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: a82a40c956e52b7a4c67690b0b9227467dffe3ee8d2b4e5fa2ca9591e52a2a85
Instruction ID: c1c1d15e3f09f709a5ef1e7a141b06f7d0cf9838db62c305289b34f6f5ffc9c5
Opcode Fuzzy Hash: a82a40c956e52b7a4c67690b0b9227467dffe3ee8d2b4e5fa2ca9591e52a2a85
Instruction Fuzzy Hash: 4E418F74614A8D8FEBB5EF68C894BEC37E5FF59381F014165A80DCB251DB74AA808B40

Function 00007FFD9C1D9B4A Relevance: 1.3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

Strings

<, xrefs: 00007FFD9C1D9C86

Memory Dump Source

Source File: 00000027.00000002.3974895443.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c1d0000_DriverSupport.jbxd

Similarity

API ID:
String ID: <
API String ID: 0-4251816714
Opcode ID: 4dfd27298c794d6ff5b409dfb4ecb597f5b475b228512d85fd6ab4412c559a2a
Instruction ID: ba4d524ea8061230428c221bd5472b21a289a8b936e8ce47653fdbf157497618
Opcode Fuzzy Hash: 4dfd27298c794d6ff5b409dfb4ecb597f5b475b228512d85fd6ab4412c559a2a
Instruction Fuzzy Hash: 2741A5715159CDCEEBB5DF68CC54BE83BA1AF99342F540065E85ECF2A2DA345B80CB10

Function 00007FFD9C1D119A Relevance: 1.3, Strings: 1, Instructions: 91COMMON

Download Yara Rule

Strings

M, xrefs: 00007FFD9C1D12B1

Memory Dump Source

Source File: 00000027.00000002.3974895443.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c1d0000_DriverSupport.jbxd

Similarity

API ID:
String ID: M
API String ID: 0-3664761504
Opcode ID: bf593b947640236c3c88f291aef84df6da1cd81bed056250d4282cd33c567a13
Instruction ID: 2ef249f8863081541fa564f6cefe0673c4e1e6e3dc8620a66baf0500ffffab9b
Opcode Fuzzy Hash: bf593b947640236c3c88f291aef84df6da1cd81bed056250d4282cd33c567a13
Instruction Fuzzy Hash: 0F31FD31A25AC98FEBB6EF68CCA5BE837A4FF55740F500165E84CDB292DE746A408701

Function 00007FFD9C07BCA4 Relevance: 1.3, Strings: 1, Instructions: 69COMMON

Download Yara Rule

Strings

l, xrefs: 00007FFD9C07BCA7

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID: l
API String ID: 0-1949682393
Opcode ID: ab9fb2b0cc08f4009969dc1608e2b714d29963331c0333d4496f2823b8a5c39a
Instruction ID: ce450ec31ab279397217ff4833ece300d38ab584a2a74b3956ad140df0bbdd15
Opcode Fuzzy Hash: ab9fb2b0cc08f4009969dc1608e2b714d29963331c0333d4496f2823b8a5c39a
Instruction Fuzzy Hash: F221192061869E8AEB24DF64C850BFE37E0FF05341F50406AEC99C71A2DB7CE585DB55

Function 00007FFD9BE37822 Relevance: 1.3, Strings: 1, Instructions: 66COMMON

Download Yara Rule

Strings

G, xrefs: 00007FFD9BE37E1F

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID: G
API String ID: 0-985283518
Opcode ID: 681889058786d10eb8c511b516830638f382e97cb727c25f412699cc23bcebc5
Instruction ID: 7e58acfce1960be2375a69611e34a3a5541d83234ccda83bfcd674e8af0f76a1
Opcode Fuzzy Hash: 681889058786d10eb8c511b516830638f382e97cb727c25f412699cc23bcebc5
Instruction Fuzzy Hash: 8121FD70A1A6898FDB70DF64C855AE937F0EF09301F81126AEC5DDB291EB3896418B54

Function 00007FFD9C9B5208 Relevance: 1.3, Strings: 1, Instructions: 64COMMON

Download Yara Rule

Strings

9, xrefs: 00007FFD9C9B52A2

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: 175da44f0347a6bb06bd1e7ac3b8b740068d2ecdea4c5d4649a0ccddcc7db5ad
Instruction ID: 0c82ae147c53c2b9fb066ce03ab91f88eff24410095c21b2619ab296d71dd7de
Opcode Fuzzy Hash: 175da44f0347a6bb06bd1e7ac3b8b740068d2ecdea4c5d4649a0ccddcc7db5ad
Instruction Fuzzy Hash: 2F21467051DB85AEE3A0CF54C09876ABBF0FF89345F50592EF09986260E7B9D444CB06

Function 00007FFD9BE37D59 Relevance: 1.3, Strings: 1, Instructions: 60COMMON

Download Yara Rule

Strings

G, xrefs: 00007FFD9BE37E1F

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID: G
API String ID: 0-985283518
Opcode ID: db560449145aacca0e02f9510098d6a867f3e72304f6c072f9c68e403700366a
Instruction ID: 5b144703d447b7adfed6be5725ceb5c5b4c5a16a816267a66100739c61444ae3
Opcode Fuzzy Hash: db560449145aacca0e02f9510098d6a867f3e72304f6c072f9c68e403700366a
Instruction Fuzzy Hash: 75213D7091A6898FDB71EF24C855AE937F0FF4A300F41426AEC5CDB2A2DB34A645CB54

Function 00007FFD9C7FC600 Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

L, xrefs: 00007FFD9C7FC6A1

Memory Dump Source

Source File: 00000027.00000002.4007023998.00007FFD9C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c7f0000_DriverSupport.jbxd

Similarity

API ID:
String ID: L
API String ID: 0-2909332022
Opcode ID: 6896a0ed486d2c2c004a2499825f14f63892f401002c02aa3c516ce604b6295b
Instruction ID: 1ca5bf2db8046bf804fb5efbf93e72c7301352d36dc3994039a3a77b29aa4933
Opcode Fuzzy Hash: 6896a0ed486d2c2c004a2499825f14f63892f401002c02aa3c516ce604b6295b
Instruction Fuzzy Hash: D121D37061968D8FDBA1EF28C899BED3BE0FF19741F144166E84DCB162DA349584CB41

Function 00007FFD9BFFB055 Relevance: 1.3, Strings: 1, Instructions: 57COMMON

Download Yara Rule

Strings

(, xrefs: 00007FFD9BFFB062

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 4fdbd389562ff0e2194605812dac0433f659559c4d8fa9cd99f7e15b79655575
Instruction ID: 1b882e3c64cbbf807b044ceb09b6d9b07954e787ac38bb48e23272940625082d
Opcode Fuzzy Hash: 4fdbd389562ff0e2194605812dac0433f659559c4d8fa9cd99f7e15b79655575
Instruction Fuzzy Hash: 781119206196CD8EEBB5DF64C8A47FD3BA0FF15340F411166E84DDB2A2DA749A40CB14

Function 00007FFD9BE39067 Relevance: 1.3, Strings: 1, Instructions: 46COMMON

Download Yara Rule

Strings

0, xrefs: 00007FFD9BE39073

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 29a2b81b7a7737689052b7ce95cf2206c115f6d8045369bdea59408335789bb9
Instruction ID: bec8040faa6b4bf868d11667ca9089fca6e51bc01b4d4346b6945bc31052a472
Opcode Fuzzy Hash: 29a2b81b7a7737689052b7ce95cf2206c115f6d8045369bdea59408335789bb9
Instruction Fuzzy Hash: 3D01769260B38E4FD7A04FB08861BFE37E49F03244F1620A6FC49C71A2D62CC4458314

Function 00007FFD9C9B586E Relevance: 1.3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

Strings

c, xrefs: 00007FFD9C9B586E

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID: c
API String ID: 0-112844655
Opcode ID: cda5ae9cbd7e76e7a683dda9218c8cad3b454791d38f2d10c40bd351ade73e34
Instruction ID: a317f47b15e0a45b4e1c42dff7532c4438dd271979d7af031bb94214e9f86820
Opcode Fuzzy Hash: cda5ae9cbd7e76e7a683dda9218c8cad3b454791d38f2d10c40bd351ade73e34
Instruction Fuzzy Hash: E111B77450CB85AED3A1DB18C494BAAB7F0EF99342F50186DF4CDC7261D7B49880CB06

Function 00007FFD9C1D191E Relevance: 1.3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

Strings

b, xrefs: 00007FFD9C1D199E

Memory Dump Source

Source File: 00000027.00000002.3974895443.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c1d0000_DriverSupport.jbxd

Similarity

API ID:
String ID: b
API String ID: 0-1908338681
Opcode ID: edd9c8c65f09db1880f29b4e2d8df8ad3a3aca3175f64a8e5e4fdc02303041e1
Instruction ID: bcd65aee4512f08bc913bde163f113460d2f593e3e55719b4b5565efb07e4e7e
Opcode Fuzzy Hash: edd9c8c65f09db1880f29b4e2d8df8ad3a3aca3175f64a8e5e4fdc02303041e1
Instruction Fuzzy Hash: A011F77050A6C98FDBB1DF288854BE93BE0AF56304F150196D84CCF292D6749A85CF15

Function 00007FFD9BE3538D Relevance: 1.3, Strings: 1, Instructions: 39COMMON

Download Yara Rule

Strings

(, xrefs: 00007FFD9BE352C8

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID: (
API String ID: 0-3887548279
Opcode ID: 1f3a3457dd9ff9de8e6c2e39726c76c0abc6f03e7adbea59456875e2a7a2a29f
Instruction ID: 9fb4496489c048abab13956eabe4d0e78475bf1fc9abf35ba5034194b41756a6
Opcode Fuzzy Hash: 1f3a3457dd9ff9de8e6c2e39726c76c0abc6f03e7adbea59456875e2a7a2a29f
Instruction Fuzzy Hash: E801282050764ECEEB20DF60C894AF937E4FF29355F061A6AE84AE3260D678D984CB44

Function 00007FFD9C9BA2B9 Relevance: 1.3, Strings: 1, Instructions: 37COMMON

Download Yara Rule

Strings

9, xrefs: 00007FFD9C9BA2F3

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: 063222b3c84377b9a57bd331bbcc6cb97583ae580fbc86922699be8edc4b608e
Instruction ID: 7a7b2c2ef3ce31190e331a80e0c1dbaff457f036f38de84b63f6b3cd5e094d08
Opcode Fuzzy Hash: 063222b3c84377b9a57bd331bbcc6cb97583ae580fbc86922699be8edc4b608e
Instruction Fuzzy Hash: 7EF05C52A0E6C92FE72677B81C5E7953FA0CF46250F0A40EAD4488B5E3FC6E8A45C342

Function 00007FFD9C63B7A8 Relevance: 1.3, Strings: 1, Instructions: 35COMMON

Download Yara Rule

Strings

0, xrefs: 00007FFD9C63B809

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: e33293ef9b1195612cee9ea530922f8db68079e73fa9bcd6fd4781c8626c364a
Instruction ID: c01ab6d546d70e0ce6f21e472532a6c66d2cb9753e1805ba44f64e0b4fed471c
Opcode Fuzzy Hash: e33293ef9b1195612cee9ea530922f8db68079e73fa9bcd6fd4781c8626c364a
Instruction Fuzzy Hash: 6201E47061C7858FE7B6DB18C495BAAB7E1FF98740F40096EE08CC2192DB3068408B02

Function 00007FFD9C1D0F7E Relevance: 1.3, Strings: 1, Instructions: 34COMMON

Download Yara Rule

Strings

%, xrefs: 00007FFD9C1D0F8A

Memory Dump Source

Source File: 00000027.00000002.3974895443.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c1d0000_DriverSupport.jbxd

Similarity

API ID:
String ID: %
API String ID: 0-2567322570
Opcode ID: 875d8749d86bb3fe5dd69522c772d9a431d7e1d152d7d8932ba1b801e00595d2
Instruction ID: 971ffd0e9d6674e9d54497981ed7efa25fc8dcb75f66a86a77eb0d82c6d1ee8c
Opcode Fuzzy Hash: 875d8749d86bb3fe5dd69522c772d9a431d7e1d152d7d8932ba1b801e00595d2
Instruction Fuzzy Hash: B9016930A14ADA8EDB70CF20CC447F973B0AF46342F505062DC8CEF251EA3496808B09

Function 00007FFD9C9BA0C0 Relevance: 1.3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

Strings

9, xrefs: 00007FFD9C9BA0F3

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: 648e7e9c97ebaebce2f7b5fd2d6a4325af512b71f0bfc24a2c6c6b8d550c939f
Instruction ID: c61c2cb118777bfab6947a761c7df91f589a933f0717cb1d06dc1ab6c912af62
Opcode Fuzzy Hash: 648e7e9c97ebaebce2f7b5fd2d6a4325af512b71f0bfc24a2c6c6b8d550c939f
Instruction Fuzzy Hash: 94F0EC52A0A7892FEB1577B818597553F90DF57294F1A00F9D448C72A3FC5E4945C301

Function 00007FFD9C30D1F8 Relevance: 1.3, Strings: 1, Instructions: 32COMMON

Download Yara Rule

Strings

*, xrefs: 00007FFD9C30D23C

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID: *
API String ID: 0-163128923
Opcode ID: a7def605bf3e2cc1076745049f484800ce795b971b3d36637c425d576e226622
Instruction ID: 967157eeb633bd35b7d2dd6fa9029e30f84511dc19bb354d5abfb9be58dfd5a8
Opcode Fuzzy Hash: a7def605bf3e2cc1076745049f484800ce795b971b3d36637c425d576e226622
Instruction Fuzzy Hash: 90013C6091558ECEEB70DF24C854BF936E0FF1A341F500065E80DC7191DB349A80D7A5

Function 00007FFD9C1D0505 Relevance: 1.3, Strings: 1, Instructions: 30COMMON

Download Yara Rule

Strings

", xrefs: 00007FFD9C1D054A

Memory Dump Source

Source File: 00000027.00000002.3974895443.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c1d0000_DriverSupport.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: d693eb1a153f786ff1d86ff397e40196a5582bb8189ed34099872e54bf1fec19
Instruction ID: 20505e3104376d79f3ce7f08d1b1bdddac5e71a706de7c27de5d0bd34f20467b
Opcode Fuzzy Hash: d693eb1a153f786ff1d86ff397e40196a5582bb8189ed34099872e54bf1fec19
Instruction Fuzzy Hash: 31F09A7041CAC88FEB60CF208C987EA3BA0EF16300F0012A6CC89DB2A2D6309905DB40

Function 00007FFD9C938014 Relevance: 1.3, Strings: 1, Instructions: 28COMMON

Download Yara Rule

Strings

7, xrefs: 00007FFD9C938058

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID: 7
API String ID: 0-1790921346
Opcode ID: 37f06e71763fdb69df158b0bc4b2ead7f5f38658e71628fb677a19ba6b5e029d
Instruction ID: c16b9db4c359ee0122789b4d3d418c3d86b0a369d5e5ee1a379e1b0b03a71f1b
Opcode Fuzzy Hash: 37f06e71763fdb69df158b0bc4b2ead7f5f38658e71628fb677a19ba6b5e029d
Instruction Fuzzy Hash: 5CF03A6041A3DA5EDB678F6588216EA3FE45F47241F05449AEC8D8B192CA789644C711

Function 00007FFD9C1D6C92 Relevance: 1.3, Strings: 1, Instructions: 26COMMON

Download Yara Rule

Strings

Z, xrefs: 00007FFD9C1D6CC7

Memory Dump Source

Source File: 00000027.00000002.3974895443.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c1d0000_DriverSupport.jbxd

Similarity

API ID:
String ID: Z
API String ID: 0-1505515367
Opcode ID: a26efc81895df7a7ab29a6f71b3fbc65e22c8d630cb6b0beca7103f4276f98ec
Instruction ID: 729ca5afb21e64320ca8ee4b6e1a68c2241260a3455756405cddece88cd6a39b
Opcode Fuzzy Hash: a26efc81895df7a7ab29a6f71b3fbc65e22c8d630cb6b0beca7103f4276f98ec
Instruction Fuzzy Hash: 80F0A934A08A8A8EDB308F088C846FE33A0FF59342F200136884D9B240EB356501E719

Function 00007FFD9BE37C20 Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

I, xrefs: 00007FFD9BE37C2C

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID: I
API String ID: 0-3707901625
Opcode ID: 65c465aec4bb27830e853a0c46ae8fe7ffb5579477177b96616d339fbfaa91cd
Instruction ID: 6090b21fea303cf0dbf44a93dab775edcf1d1ec626d3e4af2ad951b53c741fa4
Opcode Fuzzy Hash: 65c465aec4bb27830e853a0c46ae8fe7ffb5579477177b96616d339fbfaa91cd
Instruction Fuzzy Hash: CDF0302061B2D99DDF258F758460AFD3EE06F1A345F45506AFC9DDA181E73CC2809B1A

Function 00007FFD9C07F0D0 Relevance: 1.3, Strings: 1, Instructions: 21COMMON

Download Yara Rule

Strings

9, xrefs: 00007FFD9C07F0E3

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: 112199c7a36396edc5873ed52c8b9ea477fcd8e2ab5fb6129cfae74702679036
Instruction ID: c9e2be38c0678eee8ade8157fdf2233b29809d36f8cb7e9a0cf1628241335718
Opcode Fuzzy Hash: 112199c7a36396edc5873ed52c8b9ea477fcd8e2ab5fb6129cfae74702679036
Instruction Fuzzy Hash: 8EE08C42B4AA890EEB65B6B808597546DC0AF46184F6904B9988CC72A7F89D8944C302

Function 00007FFD9C7F7BA1 Relevance: 1.3, Strings: 1, Instructions: 21COMMON

Download Yara Rule

Strings

5, xrefs: 00007FFD9C7F8AC9

Memory Dump Source

Source File: 00000027.00000002.4007023998.00007FFD9C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c7f0000_DriverSupport.jbxd

Similarity

API ID:
String ID: 5
API String ID: 0-2226203566
Opcode ID: 1d8b09fbb50aaf590b53f68148479117c6faed799ffd70fdf6b459adf1a8aa56
Instruction ID: b64c1c7876728ebd214a66e6156c4c7ffc20743515f634cad533fce4eed0d8ac
Opcode Fuzzy Hash: 1d8b09fbb50aaf590b53f68148479117c6faed799ffd70fdf6b459adf1a8aa56
Instruction Fuzzy Hash: BDF05274608A8EDFDB61DF58C894AEA3BE0FF19382F105065A80DCB250E774D545DB80

Function 00007FFD9BFEA6EA Relevance: 1.3, Strings: 1, Instructions: 21COMMON

Download Yara Rule

Strings

9, xrefs: 00007FFD9BFEA703

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: 7b0048493e0acded4655b64171b1ddbe6228cf9bfb519907a4a443ef8a1a8d10
Instruction ID: 96fc70591ce83d940abf35be38ede25a7a129009ab85a18d3944cf563c425382
Opcode Fuzzy Hash: 7b0048493e0acded4655b64171b1ddbe6228cf9bfb519907a4a443ef8a1a8d10
Instruction Fuzzy Hash: 68E02042F0A58D0EDB25FABC58997643981DF06145F1600FDD44CC71A3FC5E9940C301

Function 00007FFD9C9BBDFA Relevance: 1.3, Strings: 1, Instructions: 21COMMON

Download Yara Rule

Strings

9, xrefs: 00007FFD9C9BBE13

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: 19e8b047e43e183a6a69c9311e0d61103dd84277405c8676066c3d09b5ebf38d
Instruction ID: cb0e9cd3239155b5fb9f094875f96fd2d767008ed489be4b89f532c9bce190a6
Opcode Fuzzy Hash: 19e8b047e43e183a6a69c9311e0d61103dd84277405c8676066c3d09b5ebf38d
Instruction Fuzzy Hash: D1E02602B0A5CD0EFB75B6BC086925439D1DF56180F5900B9D44CC72E3FC5D9944C301

Function 00007FFD9C9BCD60 Relevance: 1.3, Strings: 1, Instructions: 21COMMON

Download Yara Rule

Strings

9, xrefs: 00007FFD9C9BCD73

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID: 9
API String ID: 0-2366072709
Opcode ID: b7d5a12793c42ba2b82ac04dcb170c02bc6b3274588359e02581db8d17338cd9
Instruction ID: aa438933303ab5bfde2edd101fe7bfdeaf0483de2d353384fd45256daff33c7c
Opcode Fuzzy Hash: b7d5a12793c42ba2b82ac04dcb170c02bc6b3274588359e02581db8d17338cd9
Instruction Fuzzy Hash: 64E08C42B4AA8D1EEB66B6B808596546EC09F46144F6900B9D888C72E7E86D9944C302

Function 00007FFD9C50B129 Relevance: 1.3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

R, xrefs: 00007FFD9C50B14A

Memory Dump Source

Source File: 00000027.00000002.3991515210.00007FFD9C500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c500000_DriverSupport.jbxd

Similarity

API ID:
String ID: R
API String ID: 0-1466425173
Opcode ID: fdf66731f40ab552ae511cd13202253935eaf631175e06d73ca9c24e6fd49ee1
Instruction ID: e69482e568bce7fbdd7a7b0232e44a3cd4d6117a059ecda902ff14a11da4293c
Opcode Fuzzy Hash: fdf66731f40ab552ae511cd13202253935eaf631175e06d73ca9c24e6fd49ee1
Instruction Fuzzy Hash: 4FE0C920A242DA9ADB758F5188506FD36F0BF15345F40102AEC8DD6195D739D9409B11

Function 00007FFD9BFFA662 Relevance: 1.3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

+, xrefs: 00007FFD9BFFA68B

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID: +
API String ID: 0-2126386893
Opcode ID: f59cdc8e895aaf496dff2d8f66711eb2ebdccedee68b27e79d0d66eb1ec8ea4d
Instruction ID: cbd34e6cc3e3057ad36b3c60fd50b1e459bc540773069d8c2c31d656807715fc
Opcode Fuzzy Hash: f59cdc8e895aaf496dff2d8f66711eb2ebdccedee68b27e79d0d66eb1ec8ea4d
Instruction Fuzzy Hash: 76E0921000A2C95FD7229FB488449BE3FE05F12340F0905EBE8948B193E2289219D716

Function 00007FFD9C8A2A0F Relevance: 1.1, Instructions: 1083COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4010691575.00007FFD9C8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c8a0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1662a88be083017d6418656e54c46c98e1e2aafb88b347ec13ff352dee8bef34
Instruction ID: 7306165e199609c9b10f341a591e451701f7ad68d3ec350858185f944558eb93
Opcode Fuzzy Hash: 1662a88be083017d6418656e54c46c98e1e2aafb88b347ec13ff352dee8bef34
Instruction Fuzzy Hash: A8721A24708D4B5FEBA4EB78C0A9B7977E1FF69345F4001B8D04EC7AA2DE28E8548751

Function 00007FFD9BFE5A34 Relevance: 1.0, Instructions: 961COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ec713b28bf0a1a36184771ce7b870866ac3930bf08008891e9be62b6b6f543a
Instruction ID: ceae1c8e76f026233bcf7f5b32e53ebd1ad775d3929f35251f790e2c12dec92d
Opcode Fuzzy Hash: 0ec713b28bf0a1a36184771ce7b870866ac3930bf08008891e9be62b6b6f543a
Instruction Fuzzy Hash: 93521610B1EB8D0FDB96AB2844716797BE1EF4A340B5901BED48DC72E7DD28ED058352

Function 00007FFD9C07C9F9 Relevance: .8, Instructions: 820COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ca9dcd35638f5513d008c7220d7c0f3a6dbb3324a494bf93d51ddddc70656d6
Instruction ID: 22eb3ed6e6e595cd634b7ae837c02a2fc8f312a18623d191f8ac07c1e7fe6a15
Opcode Fuzzy Hash: 4ca9dcd35638f5513d008c7220d7c0f3a6dbb3324a494bf93d51ddddc70656d6
Instruction Fuzzy Hash: 3C42F81070DB8A4FE796EB2848656797BE1EF5A340F5901BEE48DC72D7DE28EC048352

Function 00007FFD9C304CEB Relevance: .7, Instructions: 675COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a405277283c87c0fedffc75a0c1af64d10ff328fa4f07dd646daaf3b50b13dc
Instruction ID: 06d54afb1a1150cedc4e3c769fb8959dfba31be759954afc014e9befdc00287a
Opcode Fuzzy Hash: 5a405277283c87c0fedffc75a0c1af64d10ff328fa4f07dd646daaf3b50b13dc
Instruction Fuzzy Hash: 07429730A1898E9FDFA0EF68C895FE977E0FF19341F555165E80DC72A2DA34A981CB40

Function 00007FFD9C304FBE Relevance: .6, Instructions: 610COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cb17d6de2208edec09c3d37935c7c88f36fb344efad7c044e48fc3bd54acb2e
Instruction ID: c561ddbd148e385f3da24e862be21a158a77a2d058145888b2d6fc4b8b17ae76
Opcode Fuzzy Hash: 0cb17d6de2208edec09c3d37935c7c88f36fb344efad7c044e48fc3bd54acb2e
Instruction Fuzzy Hash: B932A63061898E9FDFA0EF28C894FE977E1FB19345F555165E80DCB2A2DA34E981CB40

Function 00007FFD9C0801D9 Relevance: .5, Instructions: 521COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a142d55ffd686edff74e7ebe04fd67c5e7fb7316709dd7f81d498e0646ebf4b5
Instruction ID: 5bcd35c4655406b5c6700739a1662b94cda221f17c19db4af75d0c2784ebeb76
Opcode Fuzzy Hash: a142d55ffd686edff74e7ebe04fd67c5e7fb7316709dd7f81d498e0646ebf4b5
Instruction Fuzzy Hash: EF028F3070CA4A4FDBA4EB68C4A4B7937E1FF59344F5541B9E44ECB2A6DE29EC148701

Function 00007FFD9C071DFD Relevance: .5, Instructions: 500COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 863c9c07cd2e0228256f888f06e02ed83c4ecb5e058435be745f7889adf4b289
Instruction ID: d749e167b6d274a30e070d23f974030baf00402ae17890a431112444322f809b
Opcode Fuzzy Hash: 863c9c07cd2e0228256f888f06e02ed83c4ecb5e058435be745f7889adf4b289
Instruction Fuzzy Hash: C4124E31A1DB899FE3B5EB68C8A5799B7E1FF99340F00057DD48CC32A7DA3468458742

Function 00007FFD9C07991E Relevance: .5, Instructions: 487COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 381c5db672b28b82938c8aa375e17a0e66bbc2b199b8dff76d877137fe8ad967
Instruction ID: 23e37fa5959777b6100b49e8a8be0acb6f2f0c38b56b8def8f05b5de3608e5d8
Opcode Fuzzy Hash: 381c5db672b28b82938c8aa375e17a0e66bbc2b199b8dff76d877137fe8ad967
Instruction Fuzzy Hash: 0BE1D310B1DB894FD78AAB6C446563D7BE1EF99310F1A05AFE48DC72D3DE28AC048352

Function 00007FFD9C07F979 Relevance: .4, Instructions: 376COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a267d6d5a4f31b68a7670393ded77a33b61865145d471702b7e6ceeae28d398f
Instruction ID: 225ba1e0edd02b2b551695e602acc36cb87a47f4b92f630db34fcf074c0c92f2
Opcode Fuzzy Hash: a267d6d5a4f31b68a7670393ded77a33b61865145d471702b7e6ceeae28d398f
Instruction Fuzzy Hash: D4B1703470CA4A5FDB98EB2888A8AB537E1FF59345F1501B9E44ECB1A7DE28EC05D701

Function 00007FFD9C078C2E Relevance: .4, Instructions: 364COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7773f61d108eff2e7b7bfe2614072975c2f4385d6bafb0357d015133cf3e9ccb
Instruction ID: 61c331bc164c5524e8036aee43de62e448b950b6c34130796cfc7522223ccac9
Opcode Fuzzy Hash: 7773f61d108eff2e7b7bfe2614072975c2f4385d6bafb0357d015133cf3e9ccb
Instruction Fuzzy Hash: BFB1271070DB894FD79A9B2848656797BE1EF9A350F1506BFE48DD72D3DF28AC048342

Function 00007FFD9C070BE1 Relevance: .4, Instructions: 356COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42bb343215025849e02146c16a5f68bafdc1f8f7e9f0eb4454bfdff6b7f8526c
Instruction ID: 378ea0692fb583fa7314cc7b096883015d18165064c24b2f8adecf4a2600235b
Opcode Fuzzy Hash: 42bb343215025849e02146c16a5f68bafdc1f8f7e9f0eb4454bfdff6b7f8526c
Instruction Fuzzy Hash: C1E1F170A1898D8FEBA1DF28C855BE87BE1FF59344F5541A5D84CCB2A2DB349A80CB50

Function 00007FFD9C0707AE Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 492d11e1e1263ddde4e80f213dda31828994f1240c4f385cf165a621397d8da6
Instruction ID: 4556845d5061ddbf2ad5777def579e71aaefce1ce537e289aabb9315dc8b3365
Opcode Fuzzy Hash: 492d11e1e1263ddde4e80f213dda31828994f1240c4f385cf165a621397d8da6
Instruction Fuzzy Hash: 99E1E070A1898D8FEBA5EF28C855BD87BE1FF59300F5541A5D84CCB2A6DB346A80CB50

Function 00007FFD9BE3894E Relevance: .3, Instructions: 329COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84becd2955361a5474b591e145dd6060c21feddd16e444ca478e39c14bef9dcd
Instruction ID: 3133b7d8fcef3c5fb9415d7b9d24e29d8160a9a6ac7e191a87afff9cbfeaa14c
Opcode Fuzzy Hash: 84becd2955361a5474b591e145dd6060c21feddd16e444ca478e39c14bef9dcd
Instruction Fuzzy Hash: 6EC1B77161A7CD4FEBA6DF688CA56E83BE1EF5A310F0500BAD848CB1A3DA385D45C711

Function 00007FFD9C310682 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f63690110c2f1763ba08db2df1ff20affeb11cf8bb85292b2e118d649f2dbe41
Instruction ID: 6bd00c2ad365ef6ab3394fa2d7c1e133c5dcec1b81bff5fd01f3ad9f1981408c
Opcode Fuzzy Hash: f63690110c2f1763ba08db2df1ff20affeb11cf8bb85292b2e118d649f2dbe41
Instruction Fuzzy Hash: EAA15A70518A8E9FEB60EF28C894BE93BE0FF19345F51416AE84DD7251DB38E884CB44

Function 00007FFD9C07AB3D Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb07bb43ca4741f6a9f7b4d9d568eb5c49acc3a80792a729fbd2b186f2312c37
Instruction ID: 95175bc28afe7d8e66c42dd0863d2e64067bb13caca37df1e1ccbbf2410ba885
Opcode Fuzzy Hash: eb07bb43ca4741f6a9f7b4d9d568eb5c49acc3a80792a729fbd2b186f2312c37
Instruction Fuzzy Hash: 85A11E3061DB858FD764DB68C895BAABBE1FF99344F50096DE08DC31A2DB34A944CB43

Function 00007FFD9C306085 Relevance: .3, Instructions: 252COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd40640e72adb92e9933fcbf4e6250322661ee4fb1492e7a1810809df286ed39
Instruction ID: 07ef3e7139b889ccf04cc2282b95e9cb8efa181fc834a08dec986183d175ee48
Opcode Fuzzy Hash: cd40640e72adb92e9933fcbf4e6250322661ee4fb1492e7a1810809df286ed39
Instruction Fuzzy Hash: C6B1D4B051D7898FE3B5DF18C459BDABBE0FB99304F50486ED48CC62A2DB789484CB42

Function 00007FFD9B9D9F5A Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3941689418.00007FFD9B9D2000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B9D2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9b9d2000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcdeb6389f6a08f7b56d9f5bb00f6aac0a7de34d0208acb78f0c4467cb94cb0f
Instruction ID: 7bdd2731e8c4bccfa80f928ac4a45a4f72f842da24f85bcd0337f94cdb9bbe58
Opcode Fuzzy Hash: dcdeb6389f6a08f7b56d9f5bb00f6aac0a7de34d0208acb78f0c4467cb94cb0f
Instruction Fuzzy Hash: 2F512762A1EB895FE7669B7D48296513FE0EF92210F1A06EBE088C70B3D618AD44C351

Function 00007FFD9C303C8D Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aefdc0f1949a2bb52dfd7f66cb5675dfa8bae0c8fedc1aeaab3e56d86088a75d
Instruction ID: 1ade4363dd7af2e94f8a67e84e0b1a31a7bbcea073b0d51e2ede3bcbb7a05c03
Opcode Fuzzy Hash: aefdc0f1949a2bb52dfd7f66cb5675dfa8bae0c8fedc1aeaab3e56d86088a75d
Instruction Fuzzy Hash: 19A1A6B0455A8D8FDBB9DF18C8987E93BE0FB18345F10426ED84DEA761CBB94244CB40

Function 00007FFD9C78A919 Relevance: .2, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4004322952.00007FFD9C780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c780000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57e0996dd420515d53905e58e9cacdc7d939c0463636b641ff475b9680ea5f38
Instruction ID: f6117c47fedd116c7f1b758ef497de0b109c77012d2b3f5b622777d87b1acb45
Opcode Fuzzy Hash: 57e0996dd420515d53905e58e9cacdc7d939c0463636b641ff475b9680ea5f38
Instruction Fuzzy Hash: 5F71807051DB869FE3A0DB68C4A566ABBE0FF99351F54096EF0C9C32A2D638E541C703

Function 00007FFD9C309578 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b81376732b97179604809e690b5548ef030f0ea251980c655a049b6d9171592f
Instruction ID: 28400527e60df6426580cbecb761e58d5852b1348d89feb968bd4ac23c349b50
Opcode Fuzzy Hash: b81376732b97179604809e690b5548ef030f0ea251980c655a049b6d9171592f
Instruction Fuzzy Hash: BD919E7051CB898FE3B5DF18C499BDABBE0FB99304F50496ED48CC2291DBB89584CB42

Function 00007FFD9C071AFB Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ffb357127609671745c2565b7e8bfba0cfa9a6fe944fa4c432ebeee0d040cc1
Instruction ID: a130fa328beb8c9a2bea9267bd597d15aa35bb21c612cad7a1f9a74a01e01bb7
Opcode Fuzzy Hash: 1ffb357127609671745c2565b7e8bfba0cfa9a6fe944fa4c432ebeee0d040cc1
Instruction Fuzzy Hash: 8B810971A19A8D8FEBB5DF68CC95BE837E1FF19340F104166D84CCB2A2DB3469418B01

Function 00007FFD9C9B8ED2 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a690e30e3a84f173eb34e81f192a34dbd29275d4724aa8d491384319c582eb96
Instruction ID: cc59647ba3e60628ae64f9182230245d412f5d957d7939d155c931733a8c37fe
Opcode Fuzzy Hash: a690e30e3a84f173eb34e81f192a34dbd29275d4724aa8d491384319c582eb96
Instruction Fuzzy Hash: 5191CB7051CB898EE7B5EB58C498BEAB7E1FF99301F50096DD48DC31A1DB359980CB02

Function 00007FFD9BE36CD9 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73de7f97bc222d8d1d33c16782f7da9a09b3eaf4f88f304573250fb1c508bb57
Instruction ID: 5947a40b12dbf86467fff402e0e956aef8788318f031d015b220975ce1d19f63
Opcode Fuzzy Hash: 73de7f97bc222d8d1d33c16782f7da9a09b3eaf4f88f304573250fb1c508bb57
Instruction Fuzzy Hash: 9371AD2051DBC88FD764DB28C85176ABBE0FF96300F1549AEE4D9C3262D678E885CB53

Function 00007FFD9C9B9598 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e8d89bb9ef19596e3a173f1e82ab3f9d4ef4a35c032b9333d3c5b46a6d26986
Instruction ID: 1df0f7a556bd40b7a84fe7dd8a3e18f09f6129102f474381a7d0c5cd2254987f
Opcode Fuzzy Hash: 0e8d89bb9ef19596e3a173f1e82ab3f9d4ef4a35c032b9333d3c5b46a6d26986
Instruction Fuzzy Hash: 4571737061868D9FEB61DF68C895BE83BF0FF19341F5141AAE84DC72A2CB35A944CB41

Function 00007FFD9C789E92 Relevance: .2, Instructions: 195COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4004322952.00007FFD9C780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c780000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d28e791a85423648e46120deaba1aa251409baee1beaca7d36c55238f6907daa
Instruction ID: 784a553fe81c24db1eadd07df19691db21c3c64534c5a79fb20f05377ba692ea
Opcode Fuzzy Hash: d28e791a85423648e46120deaba1aa251409baee1beaca7d36c55238f6907daa
Instruction Fuzzy Hash: C5719271A19ACD4FEBB5DF688864BE83BE1FF19340F0541A6D84DCB2A2DA389944C711

Function 00007FFD9BFE791D Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14e5b3034c3d521a7aa6f79393efe61df29b7c1e12a3d03287c9aa10f583d000
Instruction ID: ad795505f0764fb92fcec475b8cc7c91ee450148e32c8fa3bf836adf6efafd8d
Opcode Fuzzy Hash: 14e5b3034c3d521a7aa6f79393efe61df29b7c1e12a3d03287c9aa10f583d000
Instruction Fuzzy Hash: B8618F70519B8D8FDBA0DF58C898BE87BE0FF19344F50416AE84CC72A2D778A544CB41

Function 00007FFD9C07B7BD Relevance: .2, Instructions: 176COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 903610e71b2e2750f989b976f3631cd5e7ef15e55b8a4cd2d9608da73dfbcf3e
Instruction ID: 297a22f16cfb3b101952baba123cdae2cd03b110c402911fae23614278ac7be0
Opcode Fuzzy Hash: 903610e71b2e2750f989b976f3631cd5e7ef15e55b8a4cd2d9608da73dfbcf3e
Instruction Fuzzy Hash: 2A513A3061DB859FD790DB288494B6ABBF0FF99341F44596AF089C72A2D738E444CB02

Function 00007FFD9BFFDE1F Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a979f3cd4e3bc8061921803a51e3c1f47ecafffe4e137e417535d8cd93336f4
Instruction ID: f8e8600eb85ba8f2eb6dd051c58b622fb7b04be3942cb632d4eb2b8feed23b98
Opcode Fuzzy Hash: 7a979f3cd4e3bc8061921803a51e3c1f47ecafffe4e137e417535d8cd93336f4
Instruction Fuzzy Hash: A261623060A58E8FDB75EF68C894BE937A1FF55301F01457AE84DCB1A2DE39AA45CB40

Function 00007FFD9C7F5DE0 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4007023998.00007FFD9C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c7f0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73b1b225dcf7a14e2d8662dd2c68fa08b66b224293accef2396a2ec36a8a2065
Instruction ID: b6b34fdb22a3d1f9a85ecb790b7f0317e4360fceac9484a2a01d570c02d43440
Opcode Fuzzy Hash: 73b1b225dcf7a14e2d8662dd2c68fa08b66b224293accef2396a2ec36a8a2065
Instruction Fuzzy Hash: 38519E3061D7858FE3A1DB28C49467ABBF0FF96341F5409AEE4C9C72A2DA38D544CB42

Function 00007FFD9BFF913E Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e5c93e4a1d574316ed2d3f864a98c3e430351ba970de398414aaa4ca1ab5995
Instruction ID: 0cc495ce04ecd8b2b38b75d4f51f1325f250d1a8d6d2b0be9a84d6f49e02ec7a
Opcode Fuzzy Hash: 8e5c93e4a1d574316ed2d3f864a98c3e430351ba970de398414aaa4ca1ab5995
Instruction Fuzzy Hash: 4861D870614A8D8FEBA5EF28CC95BE937E1FF19300F5041A5E85DC7296DB34A990CB01

Function 00007FFD9BCF03B4 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3952047540.00007FFD9BCF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bcf0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b42bfbeab687514c85ef35ecd74c61a799474b56455a1e9d2efd8d830da3d06e
Instruction ID: 3ed81a741910915ac038697572f5c43a06e0ed849ae7761c34e1fec0da81cb35
Opcode Fuzzy Hash: b42bfbeab687514c85ef35ecd74c61a799474b56455a1e9d2efd8d830da3d06e
Instruction Fuzzy Hash: 70517E70A1AA4D9FDB50DF68C895ABD3BE0FF14741F4150BAF849C31A1D678E580CB85

Function 00007FFD9C935CE0 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03933ce864ac4dde696b3f900f25b1735de15d1f975bf3f58762206b69369d3b
Instruction ID: 477377c3bc25fa50c7405b282cc6d0965e9dd74494f507d0c96cb2406cc5804e
Opcode Fuzzy Hash: 03933ce864ac4dde696b3f900f25b1735de15d1f975bf3f58762206b69369d3b
Instruction Fuzzy Hash: BC61ED7060DB899FE7A0DB68C494FAEB7E1FF99301F514969E08DC3261CB749885CB12

Function 00007FFD9C78A077 Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4004322952.00007FFD9C780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c780000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85fa1b3385b7f44e7c118465e11d745d1f033639de8b69085af19ccdc7f6c443
Instruction ID: 1e630e7efab39a445cf9cd6838e982b08190359976e69a55fec04f78023a3aba
Opcode Fuzzy Hash: 85fa1b3385b7f44e7c118465e11d745d1f033639de8b69085af19ccdc7f6c443
Instruction Fuzzy Hash: 3E618F3060E7CA4FDB76DF6888617E83BF1AF06350F0541ABD849CB2A2DA389949C751

Function 00007FFD9C78372A Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4004322952.00007FFD9C780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c780000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d04e38adcf22be62f37a820729d4dcd37643d558e18b8d1ff63f0e0abe582cc2
Instruction ID: 71e027963fdc7b691fb4b93bd4295b10ab71812784c2d656e2b3a810a64873a5
Opcode Fuzzy Hash: d04e38adcf22be62f37a820729d4dcd37643d558e18b8d1ff63f0e0abe582cc2
Instruction Fuzzy Hash: 1E717870A14A8D8FDBB5EF28C894BE937E5FF19301F501569E90DDB292DB34AA40CB40

Function 00007FFD9C935D2E Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1aa96eb1ffe2d1bb7429c103540dedd7871dbf8d3d7f9faf23a2b8cfa508bf29
Instruction ID: 9df280025bc5854d7c213428b26f601181af03f61f30ead491299f2f37c691bd
Opcode Fuzzy Hash: 1aa96eb1ffe2d1bb7429c103540dedd7871dbf8d3d7f9faf23a2b8cfa508bf29
Instruction Fuzzy Hash: B661AF7060D7889FE7A1DB68C494FAEB7E1FF99300F514569E08DC7261CB749885CB12

Function 00007FFD9C07E809 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3c0b33b60b7cb6e9bf2eaf1ab63d0fe00f24e32accfa4aafe5f78c7b10aa355
Instruction ID: 75d6b7ab3d56489b900ea00e409140f513ed3a60b87f29860499fb38f8d1f97b
Opcode Fuzzy Hash: f3c0b33b60b7cb6e9bf2eaf1ab63d0fe00f24e32accfa4aafe5f78c7b10aa355
Instruction Fuzzy Hash: 5A51703070DA4A8FDB94EB6884A4B687BE1FF59344F1501F9E45DCB2A3CE24E8048742

Function 00007FFD9BFE9E29 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bdfe0362148aab7ec575d101f61fd121ae234cf249cfdf5196844962fe1359c0
Instruction ID: e8b218d869875ab44a870d7d4451bf2f56c3796af63b9f1884ed7ce7d44fa747
Opcode Fuzzy Hash: bdfe0362148aab7ec575d101f61fd121ae234cf249cfdf5196844962fe1359c0
Instruction Fuzzy Hash: A451AA7070CA498FDB50EF6884A8BB837E1FF58304F1542F9E44DCB2A7CA29E9048752

Function 00007FFD9C07EDD6 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 472c0f3fac3cb31093aefbf147266c7e1fa5e9a362aeb87fc5aaabea9e3dd57d
Instruction ID: a86d59105131d927bf926a4977117e1e6a71bdcd604a3ce70e2f2bcd154fc2eb
Opcode Fuzzy Hash: 472c0f3fac3cb31093aefbf147266c7e1fa5e9a362aeb87fc5aaabea9e3dd57d
Instruction Fuzzy Hash: 415164747199094FDB98EB2C84A8A7837E2FF99340F5405B9E45EC72A7CE24EC04C701

Function 00007FFD9C935888 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 372941092a7405da3494b5c23883e4b293dafc0d3822a5bf85cbaf656ad85fcb
Instruction ID: 68a71983cf724c75ab26dfbba243159534b15cb7ca1c682301b119f03a2bd1ed
Opcode Fuzzy Hash: 372941092a7405da3494b5c23883e4b293dafc0d3822a5bf85cbaf656ad85fcb
Instruction Fuzzy Hash: C351BD3461D7898FD7B4DB18C494BAAB7E1FFA9341F50496DE08DC3251DB74A884CB12

Function 00007FFD9C782BF7 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4004322952.00007FFD9C780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c780000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51d884d5d4b4d1895de2b3caccfa04b393d1ae40f4204627dfb2d9ada98f269f
Instruction ID: 6b7a68b346f540fa27238a81818d25f1c5f0bd2abfa1f403136a10fdb9d8bc95
Opcode Fuzzy Hash: 51d884d5d4b4d1895de2b3caccfa04b393d1ae40f4204627dfb2d9ada98f269f
Instruction Fuzzy Hash: 76617674A14A8D8FDBB5EF28C894BE937E5FF18301F505529E90DDB292DB34AA40CB44

Function 00007FFD9C508695 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3991515210.00007FFD9C500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c500000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7049f815332b11e1c1901fe63f8b741c4771d191349be25cca5801a27eb63711
Instruction ID: b84adfd5a666dabf3baeb183bc672fe1fb9f87b84b30b574a392ab1eb4746ee1
Opcode Fuzzy Hash: 7049f815332b11e1c1901fe63f8b741c4771d191349be25cca5801a27eb63711
Instruction Fuzzy Hash: CA518F6160AAC98FEBB2DF68DC65FD83BA0FF5A340F0540A9D44CCB2A7DA346945C711

Function 00007FFD9C5086FF Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3991515210.00007FFD9C500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c500000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a79172b18544bf7bdac5650ff2b8db65815aeed761c51edd3c6c0f005f909635
Instruction ID: 2120b602dd49d79e7a9bd3af0c26fdd85f3f5edd5c2c698b3565bfc6284c2521
Opcode Fuzzy Hash: a79172b18544bf7bdac5650ff2b8db65815aeed761c51edd3c6c0f005f909635
Instruction Fuzzy Hash: 6451816160AAC98FEBB1DF68DCA5FD837A0FF5A340F0440A9D44CCB2A7CA346845C751

Function 00007FFD9BFE7D0B Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c1e6f756839d84b311b1db78cb08396ec012ee59c8d72a3f62569888fa44baa
Instruction ID: 8d53051d463d58b070582ce4cdd8f8774edd1e302d7e7f90fc67929d5ec38e00
Opcode Fuzzy Hash: 5c1e6f756839d84b311b1db78cb08396ec012ee59c8d72a3f62569888fa44baa
Instruction Fuzzy Hash: C8514F70608A8D8FDFA1EF18C898FE937E1FF69301F154065A84DCB261DA34AA85CB41

Function 00007FFD9C9BC564 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35ab6787701ff2d7bad1a2ea3f9989e3eaae8f3f064055aa94b350452c153d4f
Instruction ID: accc79cbebb252bb26bb4cb4a292fc8f3f55c42057f213e1c491d20585f4c477
Opcode Fuzzy Hash: 35ab6787701ff2d7bad1a2ea3f9989e3eaae8f3f064055aa94b350452c153d4f
Instruction Fuzzy Hash: 7851AE2051D786AFD350DF68C8A0A6ABBF0FF8A355F4459AEF0C8D31A2D678D584C706

Function 00007FFD9C08989E Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e61b51a1e977f5b78955c6140cf00e651394bf80700e84db640540a0a2df723
Instruction ID: e0e10acf42affbe1d26594b15522134444b60a18455696be0a7a10acc58a81e2
Opcode Fuzzy Hash: 5e61b51a1e977f5b78955c6140cf00e651394bf80700e84db640540a0a2df723
Instruction Fuzzy Hash: EC51883042868EABEB60EF64C854BED3BE0FF15345F80616AFC49C6291E779D084CB55

Function 00007FFD9BCF294E Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3952047540.00007FFD9BCF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bcf0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 564823203f6b2dc4db2b8f312e991197de822d1ff220ceeeb270acf385630084
Instruction ID: 5578adc70bfa9030c3772c82b00a1f4551d2e41436e9702a0c48cca525d7988d
Opcode Fuzzy Hash: 564823203f6b2dc4db2b8f312e991197de822d1ff220ceeeb270acf385630084
Instruction Fuzzy Hash: 8D51473061D7899FD7A0DF68C494A6ABBE0FF96301F9118AEF489C7261D778D544CB02

Function 00007FFD9BFE324F Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1318f740ece3ba21fbfa90571218d1219d67ee4a4e60c6f04261713a9d6b910b
Instruction ID: f4bfb3c1821312c2e4ef95880d7ab8f33ef7b2419231f07dae13ba08e0af30fd
Opcode Fuzzy Hash: 1318f740ece3ba21fbfa90571218d1219d67ee4a4e60c6f04261713a9d6b910b
Instruction Fuzzy Hash: 4F518E70619A8D9FEB90EF18C458BA97BE0FF58340F514569F84DC3261DB78E984CB41

Function 00007FFD9C9358F8 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 444ddcece6b0bd57572ba77e88ad5fc460b6707a5b0e038bf6f03bbcecbe686b
Instruction ID: 5e55c0540c36358a6102b7240514474a5b87acedb1f0dfb54bc2140ddcb6abc0
Opcode Fuzzy Hash: 444ddcece6b0bd57572ba77e88ad5fc460b6707a5b0e038bf6f03bbcecbe686b
Instruction Fuzzy Hash: 8B51AD3461DB888FD7B5EB18C494BAAB7E1FFA9301F41496DD08DC3251DB74A885CB02

Function 00007FFD9C08439F Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4953ff0242412253fe0f2106bef1b2047804240847aa78a1522d47075342407a
Instruction ID: b2b872927b86d6daf234d6bd7bc7fd89c8705a4756002f6a7989210f0ef6f97a
Opcode Fuzzy Hash: 4953ff0242412253fe0f2106bef1b2047804240847aa78a1522d47075342407a
Instruction Fuzzy Hash: 8B51D83061A6CE8FDBB6EF68C8A5BE83BA1FF19300F514075D84DCB1A6DB746A418741

Function 00007FFD9C1D6C67 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3974895443.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c1d0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fefd6c042e8813f8ffaf11b5c9fe88b3ab7ba9d0b2096b6905167637904a4ea4
Instruction ID: 477bd3bf7484037a9f38c1d7afd10a39569066275d0ceba7478fc9d75c99ddad
Opcode Fuzzy Hash: fefd6c042e8813f8ffaf11b5c9fe88b3ab7ba9d0b2096b6905167637904a4ea4
Instruction Fuzzy Hash: F151F6306096CE8EEBB5DF28C854BF837A1AF5A341F804065D88DCB696CF745A81DB11

Function 00007FFD9C9B1150 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc7dbd2f6e2a61dc1167a985894b6bef5455e613fb7d69ac03f9733ede173b6e
Instruction ID: 276eae90738af6a7c997a69ec5f33df9c9cbff1556225c4a36695de3e8a42871
Opcode Fuzzy Hash: cc7dbd2f6e2a61dc1167a985894b6bef5455e613fb7d69ac03f9733ede173b6e
Instruction Fuzzy Hash: EA41782051CBC6AFD361DB64846067ABBF0FF9A34AF401A6EE4C9D31A2DB389544C706

Function 00007FFD9C301DF9 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e23587b78fd4d4c0f76b5e495591272dc83653db8483f9ca73468b788c760cfa
Instruction ID: 782238e7cb1c3a9d21715af98c956fdbc1822ae4c24d7a5e8c2372c77dbe6645
Opcode Fuzzy Hash: e23587b78fd4d4c0f76b5e495591272dc83653db8483f9ca73468b788c760cfa
Instruction Fuzzy Hash: B841892151D7828FD361EB24C454A7ABBF0FF5A385F040AAEE0C9D31A2D778D984CB06

Function 00007FFD9C504DDF Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3991515210.00007FFD9C500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c500000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 458ad73f384dad2c34717bd2d0bdf04f8581c537a610c37a0586dd7cef478d87
Instruction ID: 84045636502c2b4d02f4c527bdf9ede24f0e64befda449abeee9fd5634dd24a5
Opcode Fuzzy Hash: 458ad73f384dad2c34717bd2d0bdf04f8581c537a610c37a0586dd7cef478d87
Instruction Fuzzy Hash: BF41AC2040D7868FD3A2DB64845467ABBF0FF4A395F4419AEE4C9D31A1D728D984CB17

Function 00007FFD9C784E8A Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4004322952.00007FFD9C780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c780000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50440fb7990517d1bf84e82212944eab60b4d9129bbfaddb6e9e78fbbd809551
Instruction ID: 1679eaf344bf07cf5ef0110d71ebaae84db26f9f8fcfdd13dba4a8fb3af3a2cb
Opcode Fuzzy Hash: 50440fb7990517d1bf84e82212944eab60b4d9129bbfaddb6e9e78fbbd809551
Instruction Fuzzy Hash: DA51BA3051C7858FD7B4EB59C494AAAB7E0FFA8341F10492EE48DC21A1EF74A485DB42

Function 00007FFD9BFE801C Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e4a1ae8ea629de2c1ae69bb29fe0286c65ed532c0c7c284308ff3d83fe06e5d
Instruction ID: 80c5712ec7c12c789eab6452126451c13d3da8f655a657cbe139513014d3ccf7
Opcode Fuzzy Hash: 2e4a1ae8ea629de2c1ae69bb29fe0286c65ed532c0c7c284308ff3d83fe06e5d
Instruction Fuzzy Hash: FC515D70608A8D8FDFA1EF18C898BE937E1FF69301F554065A80DCB261DB34A985CB41

Function 00007FFD9C786616 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4004322952.00007FFD9C780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c780000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26ee588105e56b023ac03ff5618ea989d9c20290e0ecfdf539952e660cdd2abb
Instruction ID: 5e7691f949628b4ce5cbbb2892e5632dfc2e8ba0336fc7d8125afd459d323493
Opcode Fuzzy Hash: 26ee588105e56b023ac03ff5618ea989d9c20290e0ecfdf539952e660cdd2abb
Instruction Fuzzy Hash: B1419C2060D7C69FD7218B6084A067ABBF0FF4A346F401ABEE0C9D71A1EA7CD544C70A

Function 00007FFD9C9BAE2E Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9796cc5f081d0914c6b714ccec8d87abfcbae049894fdc4d18c48f2a055baf2
Instruction ID: b8c9b5b60cc078c841b3e8c540b301bb5159681d09f1bed787113701f1e1ddff
Opcode Fuzzy Hash: c9796cc5f081d0914c6b714ccec8d87abfcbae049894fdc4d18c48f2a055baf2
Instruction Fuzzy Hash: 1041AC7051D7819FE351DB24846067ABBF0FF9A356F440AAEF4C8D31A2DA38D584CB16

Function 00007FFD9C1D6CE6 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3974895443.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c1d0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8aac6821f2183860b662c11091cf4093e5863cb3ff09e62bdc1bd01accae9558
Instruction ID: 4b3d5f54d8cdd095811ccb12fe8c21bba58a7452b315d964ad00ee22e01fc394
Opcode Fuzzy Hash: 8aac6821f2183860b662c11091cf4093e5863cb3ff09e62bdc1bd01accae9558
Instruction Fuzzy Hash: 4551B6706196CE8EEBB5DF28C854BE877A1AF5A340F800065D88DCB696CF745A41DB11

Function 00007FFD9BCF7742 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3952047540.00007FFD9BCF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bcf0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e7b24727a66fdc3d4c4d20cd574277d79dbf7aa4690cae9f372a3f6da6a62eb
Instruction ID: bb1bf04a1bb7d5bb26f7a5fe63c360f298319497831cc1cf252ccdfbc4119629
Opcode Fuzzy Hash: 4e7b24727a66fdc3d4c4d20cd574277d79dbf7aa4690cae9f372a3f6da6a62eb
Instruction Fuzzy Hash: 9F41CD3061E7888FE341DB2484A463A7BE0FF99355F5509AEE4C9E32A1E638D681C707

Function 00007FFD9BFE867A Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a5d87f82f6b993474f6f9384802241ded2aee83fd0bf196be2b416704148eeb
Instruction ID: dd8b3320005532195650a2db2f6362a370bd80fb98cc80d895074378250b4122
Opcode Fuzzy Hash: 1a5d87f82f6b993474f6f9384802241ded2aee83fd0bf196be2b416704148eeb
Instruction Fuzzy Hash: FF416A2051EB898FD351EF24845497ABBE0FF8A305F551A6EE4C9E32A1E738D644CB06

Function 00007FFD9C786504 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4004322952.00007FFD9C780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c780000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 070ecde7485ea793a76dd7b021fae1dcdd833b0341026dfa037ab5384e6cc058
Instruction ID: 0a332ec696090edd48ce4ba79a56bad0ce8bcda4c65c20b7bd8c098409fd4725
Opcode Fuzzy Hash: 070ecde7485ea793a76dd7b021fae1dcdd833b0341026dfa037ab5384e6cc058
Instruction Fuzzy Hash: C941AC6191D786AEE7308B6084A167AB7F0FF59346F4409BEE0CDD32A1E63CE644C706

Function 00007FFD9BFE7B0B Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 122058add08202ed379335638bfd88ee48078e216041f6b65d62648cb52c3665
Instruction ID: fc4e3c34375b0c2eb7bc017366b6b1079678d92a216e5c6655e3528210a956e6
Opcode Fuzzy Hash: 122058add08202ed379335638bfd88ee48078e216041f6b65d62648cb52c3665
Instruction Fuzzy Hash: B141AD7050958C8FDFA1EF68C898BE93BE0FF29341F054166E84DCB261DB34AA45CB01

Function 00007FFD9C7F1EE5 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4007023998.00007FFD9C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c7f0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fbb49b8f12ff4dd28b3bc0757049880d403d210eb2908b2019d04df8ed29bcb
Instruction ID: 7a35fc57b8d77bdb4c666e92177104de197abb861fb93a67e0384c96ba101742
Opcode Fuzzy Hash: 9fbb49b8f12ff4dd28b3bc0757049880d403d210eb2908b2019d04df8ed29bcb
Instruction Fuzzy Hash: 9541782051E7C69FE3529B2484A0A3ABBF0FF96341F9429AEF4C5C71A2D728D445C753

Function 00007FFD9C086DFD Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33b0ed8d938fd6e60c6d67fd68247c6fa8e350fce49af6e282e08df40c8f7ffb
Instruction ID: 8ddfb71175a7341ea931865292cae56ad493baf9096558ee4f04bd3ba98e6782
Opcode Fuzzy Hash: 33b0ed8d938fd6e60c6d67fd68247c6fa8e350fce49af6e282e08df40c8f7ffb
Instruction Fuzzy Hash: C841782052E7C59FD3618B64C4A0A3A7BF0BF46341F5168AEF4C9C72A2D7399444C716

Function 00007FFD9C8A76F1 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4010691575.00007FFD9C8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c8a0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d119b37993a6af9e8dd2cfa81b23fd696b89d9c3b3e90304de4e9d656a6e0285
Instruction ID: 72a8458e66cdc42b5742df9f347fd62b23c826e70de0f2135d5f776b72c28ef0
Opcode Fuzzy Hash: d119b37993a6af9e8dd2cfa81b23fd696b89d9c3b3e90304de4e9d656a6e0285
Instruction Fuzzy Hash: CE419C2041D7828ED3159B61842067BBBF0EF4B349F045AAEE0CAD31A2E62CD545DB1B

Function 00007FFD9BCF8384 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3952047540.00007FFD9BCF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bcf0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a35f878455300e6a9df16a1f857d6a933bb2750caa940914f2446d1c4643ff3c
Instruction ID: 5276dc9437181e227168cf17c8ed1f2e79c7855431ab87c36cd339e4c5151dbb
Opcode Fuzzy Hash: a35f878455300e6a9df16a1f857d6a933bb2750caa940914f2446d1c4643ff3c
Instruction Fuzzy Hash: 26414A3060D7898FD311DB24C45466ABBF0FF8A345F4509AEE4C9E72A1D738D645CB06

Function 00007FFD9C939BD2 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66076c23dcdfb0eac3b601aa8952cf059c0741459691e899a116fc0debcce6df
Instruction ID: 8be2260c6e3a683925ce06fe198be8235504bc35befc04487f5a75878d57728a
Opcode Fuzzy Hash: 66076c23dcdfb0eac3b601aa8952cf059c0741459691e899a116fc0debcce6df
Instruction Fuzzy Hash: DF41BE2141D786AED310DB24C4906BBBBF0FF89359F45196EF489971A2E778C584CB0A

Function 00007FFD9C784C20 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4004322952.00007FFD9C780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c780000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eb1ec3bdcb4079af37189974af980d932bde92ca5849168b52ee41dad7715b6
Instruction ID: 919b34aa6f418747b614ba23c7651afe04a2be72c99cc17685b81c78661c2495
Opcode Fuzzy Hash: 0eb1ec3bdcb4079af37189974af980d932bde92ca5849168b52ee41dad7715b6
Instruction Fuzzy Hash: 10419C3151CB498FD7B5EB19C495BEAB7E0FFA8340F104A2EA48DC21A1DF35A585CB42

Function 00007FFD9C7F1DAD Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4007023998.00007FFD9C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c7f0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d43ceb0194270c27a61da1d471fb83e5640363938a64bb49f45cdfbf1df36d2
Instruction ID: db5df5e21f3e095cd69a5bfbf040cefafbe1032324fc15b2d821ec764c7c8b8f
Opcode Fuzzy Hash: 2d43ceb0194270c27a61da1d471fb83e5640363938a64bb49f45cdfbf1df36d2
Instruction Fuzzy Hash: A3418D2050D7C58FD3119B2484A067ABBF0FF4A346F440AAEE4C9E71A2D37CD644C706

Function 00007FFD9C9B0CA5 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48b7299989e6a285c2d01e64fcdddaf9aafb4ba9d6a6409e28ea5cebc545930b
Instruction ID: da5c88b14e0d0b7d1e619dc8dc052738421124134793507b9adeaf4bf3004ebc
Opcode Fuzzy Hash: 48b7299989e6a285c2d01e64fcdddaf9aafb4ba9d6a6409e28ea5cebc545930b
Instruction Fuzzy Hash: C231AD6055D786AFD3108F60845067ABBF0FF8A346F402A6EE4C9E31A1E3BCD544C70A

Function 00007FFD9C93830A Relevance: .1, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7327a5cae2a7df827802c9a8b15e971192720ad26325aee483ff43bb13c87831
Instruction ID: eb1904e55191c80461fff84d1e83750f35ae355595ce75a9f760dde404a8eae6
Opcode Fuzzy Hash: 7327a5cae2a7df827802c9a8b15e971192720ad26325aee483ff43bb13c87831
Instruction Fuzzy Hash: 1241A3A1609ACD4FE7B1DF68C8507E83BE1FF1A345F4500A6D84CCB1A2DA346945C715

Function 00007FFD9BCF9D93 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3952047540.00007FFD9BCF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bcf0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f520983e54e7b0e7e99498d979933f6af0d0d299a7d4e4d9452a5b1c42184049
Instruction ID: 0c5d534bdfdcb9e388d858b3ce36ebef16f7bc2b3569c71aeebff7430046fe3d
Opcode Fuzzy Hash: f520983e54e7b0e7e99498d979933f6af0d0d299a7d4e4d9452a5b1c42184049
Instruction Fuzzy Hash: BA41DD7061978D8FEBB5EF28C895BE93BA0FF19300F550066D84CCB152DB74AA81C711

Function 00007FFD9C634286 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa523b28f156e14d81f5b42ca73f9bd10d0a1e7f4fbe527891b79514a7d11d89
Instruction ID: b14ad54071d474e6dee6e6e07f81e68a2be0ce74ef6de7006ad2aa0c7b436c1d
Opcode Fuzzy Hash: aa523b28f156e14d81f5b42ca73f9bd10d0a1e7f4fbe527891b79514a7d11d89
Instruction Fuzzy Hash: 2031B12151E7829EE712CB24849067ABFF0FF4A355F4419AEE0C9E71B1D638D484C71B

Function 00007FFD9C08A492 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caaac32d46aa7583a934a5a58f9b2eb843018b121959163bc01801d72fb1d183
Instruction ID: cfe8f2a053fafb824be5e0f65275b6c70e5d498d9d747bc803b9275287362387
Opcode Fuzzy Hash: caaac32d46aa7583a934a5a58f9b2eb843018b121959163bc01801d72fb1d183
Instruction Fuzzy Hash: 1131F33050DB458EE760DF28C084BBABBE0FF99351F54696EE48DD3261DB34D5858B06

Function 00007FFD9BFF8E13 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e411fa4ace2b122f271ac258354fbc2c81f9d4f9a9c8bd0dcaec85c2b97b8fe
Instruction ID: 9252e320c08ff4bb32bc31f02dc1403f34c7f62ed099b88eae20059edabf0654
Opcode Fuzzy Hash: 4e411fa4ace2b122f271ac258354fbc2c81f9d4f9a9c8bd0dcaec85c2b97b8fe
Instruction Fuzzy Hash: BE318D6051E7C98FD312DF60846063A7FF0BF4A309F461AAAE4C9E71A2E77C9644C716

Function 00007FFD9C50984B Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3991515210.00007FFD9C500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c500000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00df344dab97101ee20376b02134a010479e33d3dc6b322acb44f466867da356
Instruction ID: c6f180f5699892434821ebcaa8cb8608bea3a3a418114e81c310a1f301d24902
Opcode Fuzzy Hash: 00df344dab97101ee20376b02134a010479e33d3dc6b322acb44f466867da356
Instruction Fuzzy Hash: 54315B2050EBC68FD352CB60845067A7BF0FF4A345F441AAEE4C9E71A9E36CD545C70A

Function 00007FFD9BFE32E8 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c631dcac11b40a037d54e16882fb3063f6d8d0470f21d89a0c135d1776ca45d9
Instruction ID: d413f9e31eccabb67f2255ad8a97fffc23fd2e72616d5ef2933a32a75e272f66
Opcode Fuzzy Hash: c631dcac11b40a037d54e16882fb3063f6d8d0470f21d89a0c135d1776ca45d9
Instruction Fuzzy Hash: DB314D70519A8DAFEB51DF24C859BE93BE0FF15340F51416AF84DC72A1DB38A6848B41

Function 00007FFD9C78C73A Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4004322952.00007FFD9C780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c780000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19e8300cdcf24fd3ef59dcdde12c3066d1aeceb7c1657d3212e8bea86221c632
Instruction ID: abf9c4d2f6fd3f501a812a4489fd93cf9e959044b3d0e694f3cd219d66690b34
Opcode Fuzzy Hash: 19e8300cdcf24fd3ef59dcdde12c3066d1aeceb7c1657d3212e8bea86221c632
Instruction Fuzzy Hash: B631AD3050D7868EE7619BB4849466ABBF0FF56345F50197EF0CAC72A2DB7C9444C712

Function 00007FFD9C631657 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f8189f12f7d9a8a7cc9466e8941f9e863bce724178e96255f30c2b968ff1a2d
Instruction ID: 0d8dee016cf87c82a3c8327651e2f68d5b536628b1a648bdeb70c9635719eea1
Opcode Fuzzy Hash: 9f8189f12f7d9a8a7cc9466e8941f9e863bce724178e96255f30c2b968ff1a2d
Instruction Fuzzy Hash: AB31B02051D7868BD3128F60845457AB7F0FF8A349F441AAEE4C9E31A1E76CD644C70B

Function 00007FFD9C082F01 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 003463bd93e838724db34c41728c8039e1383f1d69351e606c71d7b10d5cd104
Instruction ID: 7e8df1d00859a90042f572062543f15ecdcabc2ea7e6b94e7f5f271ede0da04f
Opcode Fuzzy Hash: 003463bd93e838724db34c41728c8039e1383f1d69351e606c71d7b10d5cd104
Instruction Fuzzy Hash: 03318B7050964A9EEB20DF24C450BE93AF0FF09388F51A17AF80DD3292E7399884CB85

Function 00007FFD9C30E9EB Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be1750e9a667bef44edab377981bfdc041e3428a3fa0698b62c20371394ac1d7
Instruction ID: bd85388f633c20de61191d8cf28c45af545b9a389e3f34027296478a8b9e4d94
Opcode Fuzzy Hash: be1750e9a667bef44edab377981bfdc041e3428a3fa0698b62c20371394ac1d7
Instruction Fuzzy Hash: F031E971A19A8D9FDBB0EF18D895BE837E1FF69351F00416AE84DCB251DB30A981CB41

Function 00007FFD9C8AA834 Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4010691575.00007FFD9C8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c8a0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e723ed67a5dbaefecb45ddc7a95c2b95bc5d474b1212129b2d7f8ebcc77bc8a5
Instruction ID: a88cfee1865e7d9a2de561cd8f0ad1f7378b1bba541417940bc2760925d4480f
Opcode Fuzzy Hash: e723ed67a5dbaefecb45ddc7a95c2b95bc5d474b1212129b2d7f8ebcc77bc8a5
Instruction Fuzzy Hash: 20318D7050E7859EE361DB24C4947AEBBF0EF96344F44196EF0C9872A2D7389488CB17

Function 00007FFD9BFE7BEA Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46c3baac6f80cb59897d0075c0be05e9c57f65cc02f9c1b8641218b849687227
Instruction ID: b32eb513ecc3f4a57fd24ce38686f4803850ce21827eb996f1d58b466184962a
Opcode Fuzzy Hash: 46c3baac6f80cb59897d0075c0be05e9c57f65cc02f9c1b8641218b849687227
Instruction Fuzzy Hash: B5312A30618A8C9FDFA5EF18C888FE937E1FF69301F454165A80DCB261DB30AA858B41

Function 00007FFD9C9381DF Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67b342484306de4f5cf6b105ccab21d8383955f9b69014af48f4318f5115d901
Instruction ID: c41294d680d10232633f3f9ad9c630f159194d37e46fe71e1395f21a4d47b0cc
Opcode Fuzzy Hash: 67b342484306de4f5cf6b105ccab21d8383955f9b69014af48f4318f5115d901
Instruction Fuzzy Hash: 8F41A274618ACD8FEBB5EF18C894BEC37E1FF59341F1501A5A80DCB261CB74AA818B50

Function 00007FFD9C8A0BD8 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4010691575.00007FFD9C8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c8a0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1477ff9d74f1438dc099bf70aea93ae174d230d7337e4b0269c89bea609f47c
Instruction ID: 035f43737c592430a169ef46632b19a8e9f1e6967eec1140dc2bdb364a1829cd
Opcode Fuzzy Hash: d1477ff9d74f1438dc099bf70aea93ae174d230d7337e4b0269c89bea609f47c
Instruction Fuzzy Hash: 74317A6052C786AED3109B20845067ABAF0FF89345F811A6EE4CEE21A1E77CD544C71A

Function 00007FFD9C7FA26B Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4007023998.00007FFD9C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c7f0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f84c24bf43f13eb7740c85ba8c5dbf08cd58fd30ac7fafcb910b1892ea310fd8
Instruction ID: 3ecb4581dc0451c81e8731b5edd4bc0c6c5812d130dbf6c4e88b46e0796f22bd
Opcode Fuzzy Hash: f84c24bf43f13eb7740c85ba8c5dbf08cd58fd30ac7fafcb910b1892ea310fd8
Instruction Fuzzy Hash: DC314B2061DB9A8BD710DB208494A7AB6F0FF89359F405A2EF4C9E3190E77CD644CB5A

Function 00007FFD9C78686A Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4004322952.00007FFD9C780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c780000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f8feae94c30f73eb39796122421361fc3b5cda202cd6c9230cc95b7140cabc6
Instruction ID: f1716ce7b674fc8ea7a9ada8251cb7b43dad4629529419e314b445bf37b78380
Opcode Fuzzy Hash: 1f8feae94c30f73eb39796122421361fc3b5cda202cd6c9230cc95b7140cabc6
Instruction Fuzzy Hash: FE31893051CB898FD7B0EF28C494BAAB7E1FF99301F10496EA08DC3261DB749584CB42

Function 00007FFD9C072A11 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 676a8b346ff20b896683917e1ea90d478f95b1c342cf509ba21f7a91de166bfe
Instruction ID: fca31a9f38816c14959fa2d340554d8bd9d740517501f90f698947b0d54932b4
Opcode Fuzzy Hash: 676a8b346ff20b896683917e1ea90d478f95b1c342cf509ba21f7a91de166bfe
Instruction Fuzzy Hash: 3E21813062DBC99FD761DB6888917697BE1FF89240F4505BDE48DC32A3CA29A9409712

Function 00007FFD9C937EC6 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b98430f46e1eb6d95b89b116ba86d68d132a19eef181e8da114e2e3ecec3ec4
Instruction ID: 1dce257ed93277cfac90cc6455663270321d81f06b6e0c0f03e361b7d563a172
Opcode Fuzzy Hash: 9b98430f46e1eb6d95b89b116ba86d68d132a19eef181e8da114e2e3ecec3ec4
Instruction Fuzzy Hash: 86319374614A8C9FEBB5EF28C894BE837E5FF59741F4541A5A80DCB261CB71AA80CB00

Function 00007FFD9BFF944A Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88962ce385252018497d96b0c5894abded7f8ef83c45b24f57e1a256a156cec9
Instruction ID: e4ae10741aacd3c25aaf5c0604f94f7609194488f31028c0722760dc2b308eaa
Opcode Fuzzy Hash: 88962ce385252018497d96b0c5894abded7f8ef83c45b24f57e1a256a156cec9
Instruction Fuzzy Hash: DA316230A1E7498AD310DF65C45867B76E0FF89709F409A7EF48AD3260E738D644CB0A

Function 00007FFD9C5075AD Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3991515210.00007FFD9C500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c500000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62d71e15ef7deec921050c17b87c28b6ab04c9afa59d24de386d89168f142c87
Instruction ID: 221cb78beefc8a4d6e2171aaf4e7060cef32ce4778f0ea7a63c50e36cd2171b5
Opcode Fuzzy Hash: 62d71e15ef7deec921050c17b87c28b6ab04c9afa59d24de386d89168f142c87
Instruction Fuzzy Hash: FE31916050E7829ED352DF60846067ABFF0FF46394F4409AEF0C9D71B2D3289944C716

Function 00007FFD9C8A6301 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4010691575.00007FFD9C8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c8a0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87409af035b618b22e3b8840238aad5fc265170c34ea7da60079de340ef124a4
Instruction ID: 5929a56496960f3c9e0bbd295234cf7a77d2b4ba0782e7428ba6211d6f442e53
Opcode Fuzzy Hash: 87409af035b618b22e3b8840238aad5fc265170c34ea7da60079de340ef124a4
Instruction Fuzzy Hash: A9315A6011D7868ED7109F618050ABBBBF0FF9A399F44096EF4C9D2160E778D684CB1B

Function 00007FFD9C07FC47 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: befca75c3bef2ffc3a10dd630897405687b7ce9595580e72a578a2c3c9691ef0
Instruction ID: 5a211547fbc0189690f420fbeda8b27a218aa8e70169f48772e221866285c09c
Opcode Fuzzy Hash: befca75c3bef2ffc3a10dd630897405687b7ce9595580e72a578a2c3c9691ef0
Instruction Fuzzy Hash: 5521543470C9098FDB94EB68C4E5AB833E1FF58345F5100B9D84ECB166DE65EC049B01

Function 00007FFD9BFF7C94 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad1b0d420a0131d837cf37fce6a897af4d4874989c2efb0f9023409ba8591885
Instruction ID: 86fb6c86816df61f485a3983dc34ddac773a9542d6c254cef2a3c9d97265c2c9
Opcode Fuzzy Hash: ad1b0d420a0131d837cf37fce6a897af4d4874989c2efb0f9023409ba8591885
Instruction Fuzzy Hash: 8F21806064E7898AE3208F61845067EBAF0BF49709F411ABEF0C9E31A1E779DA048716

Function 00007FFD9C087AC5 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd9f623fe91fe4a30a5e0e8c78bcd498ff26db3ddf683ecdc0405e88a6e55cf4
Instruction ID: 9010019342e447cba498eec24d133814aadb78f5cc8a6393c0ad98e0a779574d
Opcode Fuzzy Hash: fd9f623fe91fe4a30a5e0e8c78bcd498ff26db3ddf683ecdc0405e88a6e55cf4
Instruction Fuzzy Hash: 8B3106B051D7858EE361DF68C46476ABBF0FF96345F50486EF489C62A1D3BA9448CB02

Function 00007FFD9C63A607 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c81783e8a57b9723d6b7bc5f0ed1e48213b5519dfbc890705591ddb69027f8d
Instruction ID: 5ce46acd9a192b09207da3d77b067c53cd23fa8ab60537603f8e11b2b92e40cd
Opcode Fuzzy Hash: 0c81783e8a57b9723d6b7bc5f0ed1e48213b5519dfbc890705591ddb69027f8d
Instruction Fuzzy Hash: 1C211D70A0968E8FDFA1DF688854BE93BE0FF2A340F404166E85DC72A2DA3499448B51

Function 00007FFD9C6387E8 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cca699871daef6bf246313fc984a38f11c69f96089ca1100db23e0ed87dc9d88
Instruction ID: 9a8216102cb485cccc2eaab792769bd19e0186e17da7fefcb85c55d130e0d6a5
Opcode Fuzzy Hash: cca699871daef6bf246313fc984a38f11c69f96089ca1100db23e0ed87dc9d88
Instruction Fuzzy Hash: 2021806040E7CA9FD722CF2488653F97FB0AF1B344F1849ABE8D9871A3D6789505C742

Function 00007FFD9C30074B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 330c36732590053f79c000f6c74ab641a72bf18538e60bb2220830d6b29c222f
Instruction ID: 000cf1cc4ecea2da46ff223e0d7d17b6bde850e3528569bf04fc648ace996902
Opcode Fuzzy Hash: 330c36732590053f79c000f6c74ab641a72bf18538e60bb2220830d6b29c222f
Instruction Fuzzy Hash: 43218E3151D785AFE3A0DF64C494B6ABBF0FF94745F90196EF089C2162C7789444CB06

Function 00007FFD9C939365 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1805fea6e456af3d874c6d9136b237f6ab72dd8b5979131939be17393cf191a4
Instruction ID: cd326356e28797490182f10c9648c0b492410d700796ba218c23a582d875e1bb
Opcode Fuzzy Hash: 1805fea6e456af3d874c6d9136b237f6ab72dd8b5979131939be17393cf191a4
Instruction Fuzzy Hash: B021E7A190EBC94FE761CF5C98651A53BE1FF56745F0500A7D848CF1A3DA38690AC302

Function 00007FFD9BCF7BCC Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3952047540.00007FFD9BCF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bcf0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a739ce75617a5b3b594a956c9e3608238dc69dde9ced187007ff7a2d22ec6ed1
Instruction ID: 2a56d5eeed38f1658846cc685ac2869241f5dd5c2fe7f9eb573ce79e364b74aa
Opcode Fuzzy Hash: a739ce75617a5b3b594a956c9e3608238dc69dde9ced187007ff7a2d22ec6ed1
Instruction Fuzzy Hash: B3214D30619A8D8EDFA0EF68C894FA83BE0EF18345F515166E80DC7261DB34E984CB41

Function 00007FFD9C5068F9 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3991515210.00007FFD9C500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c500000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b778ed9a279aa7c8b0db3442c35fbab0d2cfcd794e48b2a8c3fe61a6a5ee9e0
Instruction ID: 048adac3da84d79f17b66a4f41cd5700f6959fc142c833cd04d8abf9c87583ca
Opcode Fuzzy Hash: 6b778ed9a279aa7c8b0db3442c35fbab0d2cfcd794e48b2a8c3fe61a6a5ee9e0
Instruction Fuzzy Hash: AD213E7060968E8FEB51DF64C854AE93BF0FF29341F00056AEC49C7252DB79E944CB51

Function 00007FFD9C6318D2 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad5520bee07141168165925d09c54f1904915189f8a7a16b1846488947d8ce6b
Instruction ID: 9a8ab6f2eaa6ea5ff80b3990ed940406b8eadf6fe43480dc0e2d795a1ae98e37
Opcode Fuzzy Hash: ad5520bee07141168165925d09c54f1904915189f8a7a16b1846488947d8ce6b
Instruction Fuzzy Hash: 5621366060958E8AEF71DF64C850BF937E0FF19341F10806AEC9DD7161DA38AA85CB64

Function 00007FFD9C8A3F4F Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4010691575.00007FFD9C8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c8a0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abb6bf792493aca19b3fa56962b6ae4e44c5f9f8d00d9177366fe088d07cb099
Instruction ID: cc685055e96d40ad4a1673eaa0dba2309bd48d2f5c36d78a5681dc8d857b2705
Opcode Fuzzy Hash: abb6bf792493aca19b3fa56962b6ae4e44c5f9f8d00d9177366fe088d07cb099
Instruction Fuzzy Hash: 1411CB7061CBCA5FD742EB3888A43643BF1FF9A304F0505FAE488CB1A3CA28A905C311

Function 00007FFD9C638B45 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a62c159bb68fc83f3a33f6ebaec1bf3f98b50a869fa31533de9a2e51d7156065
Instruction ID: 88bf7ad2c3463d46651fb5258f882777f060b21c9a979c90452a590e740a3b99
Opcode Fuzzy Hash: a62c159bb68fc83f3a33f6ebaec1bf3f98b50a869fa31533de9a2e51d7156065
Instruction Fuzzy Hash: 54215E7054D7CA8FCB638F6088602E87BF0EF0B310F0601E7D899CA0A2D66C594ADB12

Function 00007FFD9C8AA978 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4010691575.00007FFD9C8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c8a0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7342637639fbee29b0e8be67ec0158f4b79a80168581a0aad27309ef0dcacea
Instruction ID: 3fe0a52491ed7e65266fa4e22cd9630d703b0663652503539a1cf5413b184087
Opcode Fuzzy Hash: f7342637639fbee29b0e8be67ec0158f4b79a80168581a0aad27309ef0dcacea
Instruction Fuzzy Hash: B7213D3060E7869EE7A4DB64C090BBFBBE0FF85341F50586EE0C9C2161DA38D584DB16

Function 00007FFD9C8AE06A Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4010691575.00007FFD9C8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c8a0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 381e036d7aac7d710ee4d175e2f1f426e35bd78f68295d93809c44125f87e2c9
Instruction ID: e9a22ed268e3d37bcb96fadb5110f9ee04e53250e2af994058ccdc0b618d65be
Opcode Fuzzy Hash: 381e036d7aac7d710ee4d175e2f1f426e35bd78f68295d93809c44125f87e2c9
Instruction Fuzzy Hash: E121083061D7869EE350DBA48490A7BFBE0FF89345F90196EF4C9D2261D678D840CB16

Function 00007FFD9C1D0B68 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3974895443.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c1d0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4039647dfc742be77b3d8f4f04d821eb33b24af4ce9a08af9c0e12956abfc022
Instruction ID: 598d9c698524034e92e25a4e8988f384ea43d2404e75e63969755ad6c9d1e879
Opcode Fuzzy Hash: 4039647dfc742be77b3d8f4f04d821eb33b24af4ce9a08af9c0e12956abfc022
Instruction Fuzzy Hash: BF21EA30A18A8D8FDBB5DF68C894BE973E1FF59301F505065E88CDB251DA34AB80CB44

Function 00007FFD9C7F3EF3 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4007023998.00007FFD9C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c7f0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b96f4a1a48666797781942a3dc650467cec6b253cf78bac00251f1605f8ac4df
Instruction ID: b9d1378e99048dffccb7bfec8349563925eedf82e111fff9b6de2dc48a3d365a
Opcode Fuzzy Hash: b96f4a1a48666797781942a3dc650467cec6b253cf78bac00251f1605f8ac4df
Instruction Fuzzy Hash: F111E23051DA458AD750EF25C18097BB3F0FF99746F00196EB48AE3260E638D981CB0A

Function 00007FFD9C3058BD Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0517bba1363e07ac569a7f62bf906ce505b48c117810999c3b7b8acf11a3732
Instruction ID: 274ec8e59c3b995dbab4bcb0eb9e78a6f95df46a6d2fbc93c496d6493f18c4ab
Opcode Fuzzy Hash: e0517bba1363e07ac569a7f62bf906ce505b48c117810999c3b7b8acf11a3732
Instruction Fuzzy Hash: 9121B470A5698E8EEBB4EF28C854BF937B2FF89341F501065D80DDB191DB359A90CB05

Function 00007FFD9C1D0BB5 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3974895443.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c1d0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 087ec951f120bc488e1c3aec9a107b98e33cddb7f5199178871dd82083d2f1ee
Instruction ID: d375d941224a64032cb783379187e0f5adc7949f07bd515cc5fdb8e7a3eb80b5
Opcode Fuzzy Hash: 087ec951f120bc488e1c3aec9a107b98e33cddb7f5199178871dd82083d2f1ee
Instruction Fuzzy Hash: 8A114C3061968D8FDBB5DF28C895BE977E1FF56300F410095E88CCF262CA34AA45CB50

Function 00007FFD9C637661 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8250147fe4b142ab3d0000ab21ad0ae67ada18e953baf992533a841df58f4dbf
Instruction ID: 4dd16fc390ac7014c8dde9e645f25e2b8200c58881d803927ba4eb25388b84d8
Opcode Fuzzy Hash: 8250147fe4b142ab3d0000ab21ad0ae67ada18e953baf992533a841df58f4dbf
Instruction Fuzzy Hash: 8411247062CB859FE3A4DB58C4A57AAB3E1FFD8301F40553DF49CC3261DA34A4458742

Function 00007FFD9BE3687C Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b2890e99f7a9bb0b6e630195feec82f39c6b129a8277186b1358dbe79f0c07c
Instruction ID: 52ac4f8c264970cd51d729669e7c4c58d7fd051d67ba8ebd6a750662c3f43126
Opcode Fuzzy Hash: 0b2890e99f7a9bb0b6e630195feec82f39c6b129a8277186b1358dbe79f0c07c
Instruction Fuzzy Hash: 4811A361A1D68D8FDBA5DF28C861AF83BE0FF19340F4140B9E88CCB296DE34A944C751

Function 00007FFD9C93D59F Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2bec2c78501d4de4acb0375873b963cc4dc8608ce4a7f6a1d7614f981c760a2
Instruction ID: 2caaf2f8e6616ddca58845269344b33f8d32ca4363b6b158476c4a61f1a40595
Opcode Fuzzy Hash: e2bec2c78501d4de4acb0375873b963cc4dc8608ce4a7f6a1d7614f981c760a2
Instruction Fuzzy Hash: F721957051DB859ED3B5DB6884646FAB7F0AFD9342F50592EE4CDC3292DB7498808B02

Function 00007FFD9C9B1AA2 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2e8e098cc067d33f82883a7fdbaa98724cc625aefb606842e51aa89e29f7b58
Instruction ID: 4a5573f588a0faa983ccb252929949a457bf1272216966675a8742fa9347394a
Opcode Fuzzy Hash: b2e8e098cc067d33f82883a7fdbaa98724cc625aefb606842e51aa89e29f7b58
Instruction Fuzzy Hash: C4111C3051D746AAE320DF60C55067BB7F0FF8979AF50197EF48AD3160E638E9808B46

Function 00007FFD9C3012F5 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eee89d3feae9521f87268a36fcdc2dc754c5affc1a66f3ff9b67ff673a43cec4
Instruction ID: 56b2be55c79da2660b726f321a27c86b7112229ed8de6bf8c79fed53724d3112
Opcode Fuzzy Hash: eee89d3feae9521f87268a36fcdc2dc754c5affc1a66f3ff9b67ff673a43cec4
Instruction Fuzzy Hash: 9411333520CA898FD7A4EB58C450FAA77E2FF99304F54056DE08DDB392D638E941C752

Function 00007FFD9C7F12A1 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4007023998.00007FFD9C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c7f0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c312605821d1983690020b4d7f50e6bbf2b55b86cc0f41961f817da65a52d8f2
Instruction ID: 13237cb57cc68a104d0bcdf2627fb6433bbac8cd1f06c288ab6f41427dfcf7d2
Opcode Fuzzy Hash: c312605821d1983690020b4d7f50e6bbf2b55b86cc0f41961f817da65a52d8f2
Instruction Fuzzy Hash: 1611037161DB898FD790EB5CC459B69BBE1FF99340F50046DE099C3261DA74E841CB43

Function 00007FFD9C7F402D Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4007023998.00007FFD9C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c7f0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70aedaadf10e8c284aefdc9ee2b8b1e5ab88bffea13d6299288bc7b9bf06aadf
Instruction ID: 454f765053bc7ae9d988140f83784f472bbe13c25a8e8ed133ccc6205300b25b
Opcode Fuzzy Hash: 70aedaadf10e8c284aefdc9ee2b8b1e5ab88bffea13d6299288bc7b9bf06aadf
Instruction Fuzzy Hash: 2711DF30519A498FD754EF25C084A6AB7F0FF99746F10196EB18AD3260D238D981CB4A

Function 00007FFD9BE3677B Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2889666075db5149fb76524ba89c557bf1fe0f1f133d517f98944beb2db1ec90
Instruction ID: d6945d240baf17121cb72b817fa2c2255583304d7aed73ac00befb8ed8dcb41a
Opcode Fuzzy Hash: 2889666075db5149fb76524ba89c557bf1fe0f1f133d517f98944beb2db1ec90
Instruction Fuzzy Hash: 26116370A1D68D8FDB65DF24C8A5AA87FD0BF15340F5540BAE88CC7196DA34A944C742

Function 00007FFD9C638BBA Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c21fe841fdf08729e758adf9f402237808500a6cd0920689a005b3fe9b550d3
Instruction ID: 28cdd95ccbf0bbccdd1666202d3c92604cc7de23bc5f6e7b81e262e562066462
Opcode Fuzzy Hash: 0c21fe841fdf08729e758adf9f402237808500a6cd0920689a005b3fe9b550d3
Instruction Fuzzy Hash: E5111C3054E7C98FCB638F6488603E47BF0AF07315F4605E6D8C9CB1A2D6AD598AD712

Function 00007FFD9C938AE3 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f661b9956cfa5769c93a647f66e3ae8a2ce033e07fd7865a7da8200020788ef1
Instruction ID: 86bcffe7bb3cb8a1980db2a3b08ebdc4d0166fd119345f1d6016e595d15252cb
Opcode Fuzzy Hash: f661b9956cfa5769c93a647f66e3ae8a2ce033e07fd7865a7da8200020788ef1
Instruction Fuzzy Hash: 7911F3282056CD8EDBA0DF68C890BED3BE1AF99382F040165E84DCB241D779EA94CB40

Function 00007FFD9BCF7BF5 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3952047540.00007FFD9BCF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bcf0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ce4e0163954dd94ab0a043916a664affbb9d2246a32e3c68b79e502ba387163
Instruction ID: 19516ac8bc4d2a3b8827903982008d223b3d50832467e47d7f9562ef42cdd543
Opcode Fuzzy Hash: 0ce4e0163954dd94ab0a043916a664affbb9d2246a32e3c68b79e502ba387163
Instruction Fuzzy Hash: 77112A3061969DCEDB60DFA4C880AFE3BE0FF16342F51546AE88AD7160E638D584CB56

Function 00007FFD9C07BB6F Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b43cb515f1003cabbd2e4663c8ed7b4b9b02095699de640b3145bb0bf0ae7cfd
Instruction ID: dd37ce20364841abc3666f6d336cae188a5b770658d80480ac8c2715419f95ce
Opcode Fuzzy Hash: b43cb515f1003cabbd2e4663c8ed7b4b9b02095699de640b3145bb0bf0ae7cfd
Instruction Fuzzy Hash: 21114F70A0C6CE8FEB65DF6888606BD3BA1AF15240F5000A6F89D871D2CA34A551DB51

Function 00007FFD9C1D056E Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3974895443.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c1d0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85b5adf5e6d5bd9a4e1f14bc02619e3e33ce75b3f0832491ca88b76f401f4551
Instruction ID: 7094f336890bb434992832ccc338f7c392b44edefe51a43a4cac5ac6247df2b4
Opcode Fuzzy Hash: 85b5adf5e6d5bd9a4e1f14bc02619e3e33ce75b3f0832491ca88b76f401f4551
Instruction Fuzzy Hash: 5B2194745096CC8FDFB5DF28C898BE83BA1EF19341F50416AE84DCB2A1DA349A84CB14

Function 00007FFD9C300770 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9ca59d034e73d8ba03568b67ffe40394ac6fb8d6a6e7631ea84eca0ddf69801
Instruction ID: f1775b9576797eda150a924f49672847fdc6e17567cb91718b6aab8bd301d0b3
Opcode Fuzzy Hash: d9ca59d034e73d8ba03568b67ffe40394ac6fb8d6a6e7631ea84eca0ddf69801
Instruction Fuzzy Hash: 85114C7151D746AFE3A0EF14C494B6ABBF0FF94746F90192EF089C2260D7789044CB46

Function 00007FFD9C788497 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4004322952.00007FFD9C780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c780000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69665518a8d612f3780c1b85a89478982ab79c1ab50b14a85649b5d3af875b85
Instruction ID: 19430e802c77c97f590f89f4c224555e0a17d660dd5aebc733f4c19ff6babb86
Opcode Fuzzy Hash: 69665518a8d612f3780c1b85a89478982ab79c1ab50b14a85649b5d3af875b85
Instruction Fuzzy Hash: 1711B23051E646AFD360DB64C094A7AB6F0FF99782F50293EF58AD3261D67894848706

Function 00007FFD9C301489 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac3f908ad45350c0fcccb3cf5035b7042f78270eb69089fdc1751901534fb1fe
Instruction ID: de3b6c2cfa98e13268597ba31f855e8bd8f7956bd79ee3260af2da7128014997
Opcode Fuzzy Hash: ac3f908ad45350c0fcccb3cf5035b7042f78270eb69089fdc1751901534fb1fe
Instruction Fuzzy Hash: E311513420CA898FD7A4E758C050F5AB7E1FF99304F0445ADE08DD7252C638E941CB52

Function 00007FFD9C3059BB Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 050621a922745a49b6a0cbbe698252ec1d16a5a95ee7a383e4509c1922b1aa09
Instruction ID: c3c4a472778692ec6ae7b44652a8edfaefadaefa398ab5a44db76765f2515083
Opcode Fuzzy Hash: 050621a922745a49b6a0cbbe698252ec1d16a5a95ee7a383e4509c1922b1aa09
Instruction Fuzzy Hash: 82110630A5698A8FEBB5DF28C850BF937F2BF5A305F001065D84CDB1A2DB349A40C714

Function 00007FFD9C783BF3 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4004322952.00007FFD9C780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c780000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b69f1e967a01f7aaf888e3398030ca3abc5e5d9893711de5f837917fca1c625
Instruction ID: ca8028bbcc732924cdfce359602a740a2ec54e28bc73363778b473c09e352c83
Opcode Fuzzy Hash: 3b69f1e967a01f7aaf888e3398030ca3abc5e5d9893711de5f837917fca1c625
Instruction Fuzzy Hash: 4F110D3060DA898FDBA1DF18CCA4AE93BF1FF29302F1500A6E44DCB192DA74A944CB51

Function 00007FFD9C073108 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8c8b47a5924be3e8adeb99e837869e93b2af497a090a273e65c3723b45bf8e2
Instruction ID: c605eac6d6f4b5caf0a78b74d14f713b3f7333c24cd27757b5d434129dbb4ec4
Opcode Fuzzy Hash: a8c8b47a5924be3e8adeb99e837869e93b2af497a090a273e65c3723b45bf8e2
Instruction Fuzzy Hash: A101A76270DA494FD795EA2C44AA51477F1FFAD35071A00AAE04EC72A3CE24EC058745

Function 00007FFD9C509C33 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3991515210.00007FFD9C500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c500000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5694281ccbb2a76e8ea598291a2fa7f32f3874afb0fae7916bffac49d1d39035
Instruction ID: eaa0a73e0df8074f5b12b0d449d8ed80d49990e99165d522e22b1c273b7a478e
Opcode Fuzzy Hash: 5694281ccbb2a76e8ea598291a2fa7f32f3874afb0fae7916bffac49d1d39035
Instruction Fuzzy Hash: AD114C3052868E9EDB68EFA5C894AF933F1FF05341F80543AE84DC7169DA39A444CB14

Function 00007FFD9C93D5C3 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 457e17b6a8813c67439a88dd4b79912592134161ee8dd3d888854523a6fa8c3a
Instruction ID: 37466fab84cbc75cbb9b3e5525ffa201eeaccde51a085ac63089aa3ea1574bcf
Opcode Fuzzy Hash: 457e17b6a8813c67439a88dd4b79912592134161ee8dd3d888854523a6fa8c3a
Instruction Fuzzy Hash: 8711C83050DBC98ED3B5EB68C4657EAB7E0AFDD341F50496ED4CDC7292DA34A8808B42

Function 00007FFD9C633EDD Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84f5d2971431a94feb8dfae3987ef508d6086449ad70853fdbd1d603e1b4625a
Instruction ID: 572799029d29684d946cc5e5d305ee7056f1c8277e8da88ea20556d698b10bc8
Opcode Fuzzy Hash: 84f5d2971431a94feb8dfae3987ef508d6086449ad70853fdbd1d603e1b4625a
Instruction Fuzzy Hash: 0BF02BA1E9EA862FD751DA249C626A47BB0EF46240F8554BDF089C72E3D51898014302

Function 00007FFD9C30C938 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa1828fd7427d060c756eb354ee4220b778ed97bf48e592a619cac8001f79dd6
Instruction ID: 69dffa178dfe2e2e76ec770cc994d918f06c3b810c62ca51b47630f687695173
Opcode Fuzzy Hash: aa1828fd7427d060c756eb354ee4220b778ed97bf48e592a619cac8001f79dd6
Instruction Fuzzy Hash: 1301C93160CB858FD6A0EF6CC094A6ABBE0FB99741F00491DE08DC3261CA70E8818B46

Function 00007FFD9C30D0ED Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4481ffc3087cbe20f0155c6bde976565cbc9ea2f2de96c73cf97c02ed9d4f54c
Instruction ID: a8409729aa2b52d735fb517d244a28236de817f4d9d7c5f9d8fb8da4c53025ad
Opcode Fuzzy Hash: 4481ffc3087cbe20f0155c6bde976565cbc9ea2f2de96c73cf97c02ed9d4f54c
Instruction Fuzzy Hash: B41130706196CD8EDBB5DF24C860BEA3BE1AF0A300F5440AADC5DCB2A2DB345A44C752

Function 00007FFD9C63A6B9 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 985b9169e07f7f6202089f5510e9a2f17e6566119739a4c6c0d6c737a9687317
Instruction ID: 89f3644559c3a72030e52804048384610b56829cdad0d2805763cdfecb9762b1
Opcode Fuzzy Hash: 985b9169e07f7f6202089f5510e9a2f17e6566119739a4c6c0d6c737a9687317
Instruction Fuzzy Hash: B4111E7050A68D8FDB91EF28C859FE93BE0FF29341F4001A6E81DC71A2DB3895848B95

Function 00007FFD9BE36701 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5abd07fda958edaa0b27e094f8628050b5dfed3e432016092b8e5a33b6d0fa3
Instruction ID: 37a70bdb433f83f447f3add11aff445a8859f8074da2decfff6a18cd7c2e8712
Opcode Fuzzy Hash: e5abd07fda958edaa0b27e094f8628050b5dfed3e432016092b8e5a33b6d0fa3
Instruction Fuzzy Hash: 20115270A2D68D9FDBA0DF24C8A1BA83BE0FF19340F518075E84CC7296DA34A984D785

Function 00007FFD9C7F0278 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4007023998.00007FFD9C7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C7F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c7f0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35ba5346509e282b8b29678dd06346e0df7bf72c0952d899eb5972a56dc6b7ba
Instruction ID: 7faa2f75823a7f0b18afcb74026c6654ae44b5a6cf146262fb1126c690c637d5
Opcode Fuzzy Hash: 35ba5346509e282b8b29678dd06346e0df7bf72c0952d899eb5972a56dc6b7ba
Instruction Fuzzy Hash: E3F0F461B0DB854FE790E76C88A122977E1FFD9340F84457AE0CCC32E2D918A8008382

Function 00007FFD9C631B9A Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99ca4435091325be65dd5022799d7c4aed06830def6bcab84817465aabbce646
Instruction ID: 9d4ac6d02ef1c9eb53be84de7000b136b5efad6af305c57f0fb355878a5d17ad
Opcode Fuzzy Hash: 99ca4435091325be65dd5022799d7c4aed06830def6bcab84817465aabbce646
Instruction Fuzzy Hash: 6C115B6054F3DA4FDB539BB048746EA7FB09F03251F0500EBD885CB0A3DA6C5989C726

Function 00007FFD9C1D7107 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3974895443.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c1d0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86f18236f49cf5f8af4bc43ad5c11980161ac21836d66f25f1894b8b908b5751
Instruction ID: 35633b482ec6d4878b78d0ab57705ee28594aa9d5c56242adc76a82c5dea3027
Opcode Fuzzy Hash: 86f18236f49cf5f8af4bc43ad5c11980161ac21836d66f25f1894b8b908b5751
Instruction Fuzzy Hash: 54114C309196CE8EEB75CF248C647FD3BA0AF56341F4040A6E88DCF292DA785B84C751

Function 00007FFD9C63195C Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25aef8f22dcf34fe181ea97b0ce323ec6cff71ef2049a0fd3b84696a7a89e63e
Instruction ID: a4dba323a912fd23b88c6a8a16fa9ba6ebe18c61254b0b1cb5ec305bfda228fb
Opcode Fuzzy Hash: 25aef8f22dcf34fe181ea97b0ce323ec6cff71ef2049a0fd3b84696a7a89e63e
Instruction Fuzzy Hash: 3E1161606092CE8DEBB5DF7588507FE3BE19F06341F408066EC5DD7191DB389A44CB24

Function 00007FFD9C631D61 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2223804a8d932ad013ae97e2b22868db53a52cfd4b9e03c27e4dbf010f7afaf9
Instruction ID: 39f5774d734d3037dbbb479ea737f28e122fae31af4a30f6a933f62919908cd6
Opcode Fuzzy Hash: 2223804a8d932ad013ae97e2b22868db53a52cfd4b9e03c27e4dbf010f7afaf9
Instruction Fuzzy Hash: DE11E82051958E8FDFB1DF68C850BE937E0FF19301F508066E89DDB1A1DA389A45DB64

Function 00007FFD9BE3998F Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99f70030eea65209072dc04299805246ad7ec01bc7387a8c126a8a6f2fcf83c0
Instruction ID: 067dfbf6b90a91418299b5a5b68e9365cd711b1613e11e7dbc2d6273fd520282
Opcode Fuzzy Hash: 99f70030eea65209072dc04299805246ad7ec01bc7387a8c126a8a6f2fcf83c0
Instruction Fuzzy Hash: 8A0100A06097CD9FDBA2DF28C850BE93BE0EF17301F451096E94DCB262DB389940C725

Function 00007FFD9C1D5916 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3974895443.00007FFD9C1D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C1D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c1d0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b32eee3583e134aa6de4295fca70b4ce4d9f2d85db960adc2dcd9e5c308e7254
Instruction ID: cefb246b1d34ce01c912f8b10e5008fd3c9b59f83e7e6a5b4608244813d1c816
Opcode Fuzzy Hash: b32eee3583e134aa6de4295fca70b4ce4d9f2d85db960adc2dcd9e5c308e7254
Instruction Fuzzy Hash: 7C118A705145CD9EEBB0DFA8CC54BE87BA1EF59301F500066D84CDB2A2DF746A80DB64

Function 00007FFD9C631C21 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fb83123697e5ca04f75d412bf6bd2ef10cd7bcb38ea9433c66ea3c317f9e4b6
Instruction ID: fe4af4c7e6d4b5b26cdc457a67c713f6dce59110eb66c6711d593b54a0c1ff84
Opcode Fuzzy Hash: 1fb83123697e5ca04f75d412bf6bd2ef10cd7bcb38ea9433c66ea3c317f9e4b6
Instruction Fuzzy Hash: DD11392051958E8EEFB1DF68C850BFD37E0BF19341F108026EC9DD71A1CA38A684DB60

Function 00007FFD9C8AAB8C Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4010691575.00007FFD9C8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c8a0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbd17a0208b535f2cb5cd92877775a23b8378f6cd7e0a525ab7764c34b0ec310
Instruction ID: ce505ff3e623508165f1b102f831925990d40c162a3bf12ecaf2286bea8bf8d4
Opcode Fuzzy Hash: bbd17a0208b535f2cb5cd92877775a23b8378f6cd7e0a525ab7764c34b0ec310
Instruction Fuzzy Hash: A611272050D396AED3A0DF2480847BFBAE1AF98385F90682EF4CDC2250DA389585DB12

Function 00007FFD9C78A10F Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4004322952.00007FFD9C780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c780000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3e3b267fc2f69e67241b47c09673af449bda1cad7246ca82ede5d23d2e20050
Instruction ID: e5be4daac58589516350857b075db8e0522d4ed6d0f506d9a52acc5d56bf55e4
Opcode Fuzzy Hash: d3e3b267fc2f69e67241b47c09673af449bda1cad7246ca82ede5d23d2e20050
Instruction Fuzzy Hash: 2A111B34618ACC8FDB65DF28C891BE83BE1EF19345F118156E84DCB252DA349684CB91

Function 00007FFD9C9B2174 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6031cb7291b0a8518c8c2e4a4a68c365d097bff16e8eb9aea34c0679ad9f6544
Instruction ID: 4046948374f624da5807cc195baadc90cec77bc751f855bdd4bb23ae0c0de073
Opcode Fuzzy Hash: 6031cb7291b0a8518c8c2e4a4a68c365d097bff16e8eb9aea34c0679ad9f6544
Instruction Fuzzy Hash: 6A011B60A1DBC6AFD760DB14C465B2AB7E1FF98341F40193EE09DC32A6DB38A8408747

Function 00007FFD9C7832F3 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4004322952.00007FFD9C780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c780000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a432af665ba255ab0e7669b06d81d760a34ec98a4d88292b3a82576654b980c5
Instruction ID: d65a6988aa8671e3cce2e17cbdfa82f1e17852e4c3acf026f1f7d29200264731
Opcode Fuzzy Hash: a432af665ba255ab0e7669b06d81d760a34ec98a4d88292b3a82576654b980c5
Instruction Fuzzy Hash: 3D119970919A8C8FEBB5DF24C894BE93BE4FF18306F14116AE80DCB162EB359641CB50

Function 00007FFD9BFF1CD7 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3a0b6ded51c4780bd4c607ca488711e0c4c68bde62dfeb0e930a96979ab6f2e
Instruction ID: 812bb2e39a7cc8ea2ccbff111de24717fc631b4a1449d566660249209b3adcf7
Opcode Fuzzy Hash: c3a0b6ded51c4780bd4c607ca488711e0c4c68bde62dfeb0e930a96979ab6f2e
Instruction Fuzzy Hash: 96F0241130FB8D0FD3119BA848B93697FD0DF4A202F4505BED449CB2A6C95A5A48C342

Function 00007FFD9C305814 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7093590152d26c099cc1b4202529fca193ed53788b23a8a827b9dcb95a8ab912
Instruction ID: 2c992ad4ac547d29e25d04cb66fb9508fe95b25c1f25cac2d963f747575e9377
Opcode Fuzzy Hash: 7093590152d26c099cc1b4202529fca193ed53788b23a8a827b9dcb95a8ab912
Instruction Fuzzy Hash: 7701C430A1598E8FEBB5DF28C850BE977E2FF9A300F5000A5D84DDB2A2DB349A54C704

Function 00007FFD9BE3921B Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2ca68f8778d2de1042ba8934c9837ef832078640536202cadc6f7f93d66639a
Instruction ID: 0a8a18772bb0554b6f998b10529ad9c39bf7c62ab2a39875c911d7a361e9b2d5
Opcode Fuzzy Hash: d2ca68f8778d2de1042ba8934c9837ef832078640536202cadc6f7f93d66639a
Instruction Fuzzy Hash: 3501846050E6CD8FDB91DFA4C894A553BE4BF17340F4905DAD849CF1A2E624E948C751

Function 00007FFD9C07BDA0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f58c698072eb6cd6a0adedddb1047c2c449c760b2328fc438533d374b3f00c4d
Instruction ID: 2e3704c9fc7e65f09f7d6f360424862f3cf27acab86e7d2a973a2e499a802355
Opcode Fuzzy Hash: f58c698072eb6cd6a0adedddb1047c2c449c760b2328fc438533d374b3f00c4d
Instruction Fuzzy Hash: 5901E270608A4ADEDB24EF24C844BEA37E0FF18345F10456AE84DC7290EB78A9919B94

Function 00007FFD9C310CD3 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d55b3fd73f962c98f3b9f853d573e2d23b939859b8aa4bcef5d00af2283e8ae
Instruction ID: 193df76c9f76556a5490babde4aa257c02f8a9be7de71530cdd0874361a08459
Opcode Fuzzy Hash: 8d55b3fd73f962c98f3b9f853d573e2d23b939859b8aa4bcef5d00af2283e8ae
Instruction Fuzzy Hash: B3017C7001E68A9FD722AF708854AE83BA0FF1A391F4501BED88ADB061E7789584CB04

Function 00007FFD9C8AAAFC Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4010691575.00007FFD9C8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c8a0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54ed1cb20f758bae87308909784d7301ee04de08eb9deb36028a731e11e39311
Instruction ID: b08124badaee50f39ff0cbc2d8304b850ccb3f706b07ebd65a40f93a0f6fe138
Opcode Fuzzy Hash: 54ed1cb20f758bae87308909784d7301ee04de08eb9deb36028a731e11e39311
Instruction Fuzzy Hash: 6301526051E7C55EE3A5DB348460BAFBFE0BF85240F5448AEE0CDC71A2CA389445DB12

Function 00007FFD9C304280 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5032621b19b79cb4658e896ac477a0595159dcf5642e6130b5b0b864a9932452
Instruction ID: 796c6b2c76ba1d26a6f16818f52bbcdd8237a02fd35295135f31cf993e7f056f
Opcode Fuzzy Hash: 5032621b19b79cb4658e896ac477a0595159dcf5642e6130b5b0b864a9932452
Instruction Fuzzy Hash: 4D011230A5558E8FDB30EF68C890BF933E0FF09305F50506AE809D7162DB38AA858B14

Function 00007FFD9C63023C Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b93688cb430c4dbf97d9327fdbba95a8a6a89f16be8a13a331f424d3ede4f11d
Instruction ID: 851e47b2b5c86477b612bf3a66946da434107c9c13927ad1ed40564fa5cffec8
Opcode Fuzzy Hash: b93688cb430c4dbf97d9327fdbba95a8a6a89f16be8a13a331f424d3ede4f11d
Instruction Fuzzy Hash: 05F0E77061898D8FDFA5DF1CC8947A83BE0FF18341F504065E95DC7661CB31E8448B40

Function 00007FFD9C9B2EB1 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ded5bf4108c86fefba8b927a1cf30a01ad171755eb3a78b86df2d0230b7d0318
Instruction ID: 739a2ac83c2bebb24aa179e3f40ed661089441b840205b1965a45169f39a8e79
Opcode Fuzzy Hash: ded5bf4108c86fefba8b927a1cf30a01ad171755eb3a78b86df2d0230b7d0318
Instruction Fuzzy Hash: 6A01E23091CB85AFD760DB14C050B3AB7F1BF9A341F50192AE089D32A0D738E840CB16

Function 00007FFD9C07BC24 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25499a0bb0b652d5b7d7efa6ed91e5b0727a36247ff5fd28e01c9023fd4bcbd9
Instruction ID: cfe9ea09e6b9959a4e61fd18e280eb148c9a320e245508944313a48c4276224e
Opcode Fuzzy Hash: 25499a0bb0b652d5b7d7efa6ed91e5b0727a36247ff5fd28e01c9023fd4bcbd9
Instruction Fuzzy Hash: 4701A9305187DD8FEB55DF28C891AAD3BE1BF1A341F5400A6FC59C72A2C634A951CB61

Function 00007FFD9C30580F Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2c791bf7ae748689c943e34ceb25cda03eab7bb117dcd20f1f8edfe2c0961f0
Instruction ID: 18e115a43f78d3fbae826fa93e370311f115ddfb1155218bf99ae6b1bddd342f
Opcode Fuzzy Hash: d2c791bf7ae748689c943e34ceb25cda03eab7bb117dcd20f1f8edfe2c0961f0
Instruction Fuzzy Hash: 40011A209096CE8FDBB5EF288C50BF93BA1AF59301F5040A6D88DCB292CE355A84C711

Function 00007FFD9C6381AA Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbe4ee8d9e1929d038feea72a50571832be5bcc13849bdec473fdd4d300a2192
Instruction ID: 43b0e6d2d313a500965c7b1921a8036aea318655f8af1803fc599bc65c6a1fef
Opcode Fuzzy Hash: dbe4ee8d9e1929d038feea72a50571832be5bcc13849bdec473fdd4d300a2192
Instruction Fuzzy Hash: B3011660A2569B8FEB59DF24C8907F933E1FF08300F504065F859C32A2CB78E840CB11

Function 00007FFD9C638BE9 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b28d14efd2a57ac50c9110b045b1818a06a084cacc5bdce1fd22168e37520276
Instruction ID: f1949f3df4ec0acfa6a98f1298a6859f26792533a486d48b6ecd610d0b8fcbd9
Opcode Fuzzy Hash: b28d14efd2a57ac50c9110b045b1818a06a084cacc5bdce1fd22168e37520276
Instruction Fuzzy Hash: ECF0903091568D8FDB61DF54D8103F9B3B0FF4A309F421266E88CDB1A1D7799A85D702

Function 00007FFD9C8AEC8B Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4010691575.00007FFD9C8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c8a0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2aca976ebf88b571d575a046cca2802efd695118ec903ce1013241f44e6a8511
Instruction ID: 1d50102cc0b09c11a520418f6642b93f66312942a20992c55c4c8390136c3213
Opcode Fuzzy Hash: 2aca976ebf88b571d575a046cca2802efd695118ec903ce1013241f44e6a8511
Instruction Fuzzy Hash: 2B01EC30518A8EDEDB10DFA4C8546E93BE0FF19395F42593AE849D2150D77CD194CB54

Function 00007FFD9C07BB23 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6156c31171668194605d33302d19189baa887934b752add93519f8ef15188f8f
Instruction ID: 6610468d34abe3baed8d08d488bb7575dbf9f82e6bfc67a57310c067d34d1d70
Opcode Fuzzy Hash: 6156c31171668194605d33302d19189baa887934b752add93519f8ef15188f8f
Instruction Fuzzy Hash: D501A93061868D8FEB55DF68C851AAD3BE1BF15341F500066FC5DC72A2CA34A941CB51

Function 00007FFD9C509BC7 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3991515210.00007FFD9C500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c500000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b218bc712cc00992ab94d45d928b03dc3002010c920657585b2dbae21838a9b
Instruction ID: 646d9b60c189fe6619bd6c12df8d1c3546552b3ec9b91a408d13ed54f52c3ff7
Opcode Fuzzy Hash: 3b218bc712cc00992ab94d45d928b03dc3002010c920657585b2dbae21838a9b
Instruction Fuzzy Hash: E0016D3011458E9EEB28EFA0C8A4BE933B1FF45341F40443AE84DC7169DA39A444CF00

Function 00007FFD9BE39FFC Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6512c49bbc30a11433cf8b8c7d7ca97d51695bc4226a59e5cf9abd61dcebbd41
Instruction ID: 1a23e0288ebef5dc71122532b8f6d6473b54f01102b7ae18ab292f7c8a117817
Opcode Fuzzy Hash: 6512c49bbc30a11433cf8b8c7d7ca97d51695bc4226a59e5cf9abd61dcebbd41
Instruction Fuzzy Hash: 3601BB70A19A888FDBA5DF18C850BAA37F1FF5A301F415195A84DDB2A2D6349940CB15

Function 00007FFD9C78410E Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4004322952.00007FFD9C780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c780000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f52ab0365e0e82ed17bfce9e40a70fecbca73a6783ecaaa49cb91e2e10985b04
Instruction ID: 37320a135710f01471d9f4f9912854654e74844a947c5a39b8a75bb000ffe8bc
Opcode Fuzzy Hash: f52ab0365e0e82ed17bfce9e40a70fecbca73a6783ecaaa49cb91e2e10985b04
Instruction Fuzzy Hash: FF01447061898D8FDFA0EF18CC95FE937E1FB69342F501465A94DCB292DB74AA808B41

Function 00007FFD9C78831C Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4004322952.00007FFD9C780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c780000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aee587a4d9ec4d9acbdfafe47f2c4f4ed232e93cb68a9a5ff3fa24531fb1448e
Instruction ID: 97b97f8195ac9165c18ccb874cc469f90dbb59fc24ad27aeb72e4fa178d24d4a
Opcode Fuzzy Hash: aee587a4d9ec4d9acbdfafe47f2c4f4ed232e93cb68a9a5ff3fa24531fb1448e
Instruction Fuzzy Hash: 6101E42055E746AAD3609F90C494A7FB6F0FF95382F50293EF586D3560D678E4808706

Function 00007FFD9BE3A089 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34d7791f751c141819cb675e60c1e02bef3bfdbe623c64b77dcc04bb5f62d00b
Instruction ID: e986116136688f8e622a2709a8df75ede12ae142c8d51a199d28ceaa5e18da24
Opcode Fuzzy Hash: 34d7791f751c141819cb675e60c1e02bef3bfdbe623c64b77dcc04bb5f62d00b
Instruction Fuzzy Hash: 38011D70619A8C8FDBA5DF18CC50BAA37E1FF1A301F41219AE84DDB2A1D7349940CB11

Function 00007FFD9C304214 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47cbff56c4ab55bd5ee650d95bfa195fe122f23d814ff77ee7e20ac9c353eb2e
Instruction ID: fafe036777a9983119420272bf5c7fb37a5e5dd35ccabf65eba9606735c7f4a9
Opcode Fuzzy Hash: 47cbff56c4ab55bd5ee650d95bfa195fe122f23d814ff77ee7e20ac9c353eb2e
Instruction Fuzzy Hash: 4F01167054958BCADB31EF50CC50AFA37A0FF1534AF00053AC9499A542EB3893888B54

Function 00007FFD9C50762C Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3991515210.00007FFD9C500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c500000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 102fdaf578ffc84b2dfd74d1a6d82ef65b8d90ca43dab99947b4931633bc5d9a
Instruction ID: 3669cecd59be120d864f30a374d85ab433c34ad858a83da0e43dccc4b8ff5845
Opcode Fuzzy Hash: 102fdaf578ffc84b2dfd74d1a6d82ef65b8d90ca43dab99947b4931633bc5d9a
Instruction Fuzzy Hash: 3B01083061D7469AD3A1EBA4C464A7A77E0FF99385F80193EF48AD2161D738A5848B06

Function 00007FFD9C93D68C Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 607f015546464492993277e4afdd808491d6d3cc9eab9997eca2d08a3b618f2d
Instruction ID: 26f111d5a724752edac42ee5dbfdee1f5c10de64a566150726bac8045673325c
Opcode Fuzzy Hash: 607f015546464492993277e4afdd808491d6d3cc9eab9997eca2d08a3b618f2d
Instruction Fuzzy Hash: 9401C43052C792DEE361DB6480A47BAB7F0BF9A346F041869E4D9C7290D3799844DB17

Function 00007FFD9C9B574D Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e01a3e713531fd1e6ff919980872e2fa0e3d8cb5d3e0dc342efdfe3f513726f
Instruction ID: cbb7ec591d082fd68bbcffd693b3d0ff43488092518209ddc040410500c16018
Opcode Fuzzy Hash: 9e01a3e713531fd1e6ff919980872e2fa0e3d8cb5d3e0dc342efdfe3f513726f
Instruction Fuzzy Hash: EB01967460CB849ED7A1DB18C494BEAB7E0FFA9301F515869A4CDC7261C7B4A880CB06

Function 00007FFD9C086957 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39c808afef1420c2abeceac8b482b04775bf1ed2d4d70381035de77294805176
Instruction ID: bc28ce73f3cd6171e99c6ab74317f87aecf0757d9f0427d2637cab3385a9d418
Opcode Fuzzy Hash: 39c808afef1420c2abeceac8b482b04775bf1ed2d4d70381035de77294805176
Instruction Fuzzy Hash: 1D014B2051D7469AD3209F60805057ABAF4EF89355F51197EF4CDD21A0E778D6849706

Function 00007FFD9C30592F Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0393d599cf6b39f2d7937debea5e487b430992991d2ef480f5406dcc7929d5ad
Instruction ID: 944075f6d636bbff867cb431d7927254e98c63b8d6e5e7c40901dfa2c0412767
Opcode Fuzzy Hash: 0393d599cf6b39f2d7937debea5e487b430992991d2ef480f5406dcc7929d5ad
Instruction Fuzzy Hash: 53011A3050A6C98FDBB5EF248854BF93BB1BF59301F0400AAD88DCF162CE351A94C711

Function 00007FFD9C6375DB Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61494ac3a6cded90dc61446661b0774559841e29aa1268fefeabd3b2cf40ff50
Instruction ID: 8c5103dfb989f4146f7b22349ac2e08220d1eefe7fb1667fcf6b7004eea16b2f
Opcode Fuzzy Hash: 61494ac3a6cded90dc61446661b0774559841e29aa1268fefeabd3b2cf40ff50
Instruction Fuzzy Hash: F401E83061C7859ED3B1DB25C4A07BABAF1BF98341F40586EF49DC3261EB389540CB12

Function 00007FFD9C0798D6 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95ffb1d0b5362e8a6db01d23269e7bb7bc215be8895598a11a2fdf5edeb5c57a
Instruction ID: fa7f7dc56ffe27539c4ed0e7839479aea99a09f519f3146299013fa136fe446a
Opcode Fuzzy Hash: 95ffb1d0b5362e8a6db01d23269e7bb7bc215be8895598a11a2fdf5edeb5c57a
Instruction Fuzzy Hash: 9DE0222171AB4F0BE7A457DC18E037A77C1DB88342F44047AE40EC6292CF6D88458242

Function 00007FFD9C0704E7 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3111b0815c00fad46ea50db330407aa941cdfef10dcb6066340c9fcc4733c6b6
Instruction ID: a8cf40620bc57617ef48d5b34aa33a172d7904cbdd6aa0bda8de674c5465e0aa
Opcode Fuzzy Hash: 3111b0815c00fad46ea50db330407aa941cdfef10dcb6066340c9fcc4733c6b6
Instruction Fuzzy Hash: 43F062B0559A0F9EEB19EF60C4545F937B0EF15385F50453AE81AC3161D67CD4908F90

Function 00007FFD9C089B4D Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 372ba0271dde5f7866a8ec3fcd139609dfaa475e705b8c52bde9319dc451eca9
Instruction ID: ccabbf9be9a74a352998072332ed7a3efd31d1159858fdb3b89235f4a8a874ed
Opcode Fuzzy Hash: 372ba0271dde5f7866a8ec3fcd139609dfaa475e705b8c52bde9319dc451eca9
Instruction Fuzzy Hash: BD01EC7061968D8FDBA1EF28C895BE937F0FF15301F41816AE85DC7262DB3895858B05

Function 00007FFD9C304230 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12e0b9c58ec75fc4e194ba911e3d3e9f54be3775c53a749cd201f969de9de3cf
Instruction ID: e986cde288872276798b67ff0f560892468a72a427f4e4a20c1866c807234d77
Opcode Fuzzy Hash: 12e0b9c58ec75fc4e194ba911e3d3e9f54be3775c53a749cd201f969de9de3cf
Instruction Fuzzy Hash: 0001467164958BCADB30EF90CC54BF937B4FF15346F10443ECA4A9A542DB38A3898B29

Function 00007FFD9BE3693D Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92c1cc88143377aaf5bf3443112374d513d024405096d679abcf2d699b1fde86
Instruction ID: b30b977e93dfcede447130ba704a2ab632b2d1befcbd929b09d3af272e915ae3
Opcode Fuzzy Hash: 92c1cc88143377aaf5bf3443112374d513d024405096d679abcf2d699b1fde86
Instruction Fuzzy Hash: EEF0E22051A58C9FDBA4CF29C854EB837E0FF2A345F416266F84DE7260D734D980DB14

Function 00007FFD9C93E947 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83ddc784c6441579d8bb26658d733c2591ffffb2e49dac9ee800cbc9834f4b5b
Instruction ID: b9e5591d9b25b2eee8b0ea89e7e58708c2aed1e9d6f0dd2f03ecc0edeb3250cc
Opcode Fuzzy Hash: 83ddc784c6441579d8bb26658d733c2591ffffb2e49dac9ee800cbc9834f4b5b
Instruction Fuzzy Hash: 71F090B28293C15ED3769BA144512FABBE0AF6A341F04087DE8CA82151E27C9A46CB53

Function 00007FFD9C5071E9 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3991515210.00007FFD9C500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C500000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c500000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13be3980cdfe63d4c2ea693075dfa857ff87f1957efe87c63233619e6308ad7b
Instruction ID: 2acc52a5a8c3c52a6c9c650436a1d9fd25fe2aa1e2b97c457312a4a29974ccd0
Opcode Fuzzy Hash: 13be3980cdfe63d4c2ea693075dfa857ff87f1957efe87c63233619e6308ad7b
Instruction Fuzzy Hash: 3BF04920A1D7868AE7B0EB60C860BBBB7E1BF95341F00493DD49DC3195EE386544D707

Function 00007FFD9C8AC7A4 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4010691575.00007FFD9C8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c8a0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47ad44e7246b9041d8085fcf03064f53e77b422311513f436714efae620f7bee
Instruction ID: 69e2f0fe836f4dc8acf9c73410a082b577b2d0b967bb08e1e5357992db8592c3
Opcode Fuzzy Hash: 47ad44e7246b9041d8085fcf03064f53e77b422311513f436714efae620f7bee
Instruction Fuzzy Hash: A3F0BD3055D746AED790EF64C494AAAB7F0FF99345F80683EF489D2120D779E484CB06

Function 00007FFD9BFF9876 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9442c554e8724c0c48f2fc32e1c28e72e83845aee4b1dcc749e31abb6cb3137f
Instruction ID: 426e68a18ee8ab28fd35dbf6eac6065b3ef0e75253bdae35b907127d5b30c6de
Opcode Fuzzy Hash: 9442c554e8724c0c48f2fc32e1c28e72e83845aee4b1dcc749e31abb6cb3137f
Instruction Fuzzy Hash: E7F0192061E3C98ED760CF658058A3FBBE4BF99305F405A2EF4C8D2261D728D640CB17

Function 00007FFD9C9399FE Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b9a86c7bc823e0984362f6f4a9ea2d02180262c82e6266ae0dcd3a37195b808
Instruction ID: 4fcf485b1eeb8267b490fef8b41d39b67fc29cf75bdcc690b02c6dc80c530d13
Opcode Fuzzy Hash: 1b9a86c7bc823e0984362f6f4a9ea2d02180262c82e6266ae0dcd3a37195b808
Instruction Fuzzy Hash: 3CF03A246156DA8EDB20CFA8C8A0ABD33E1FF59382F011065E849D7251E778E844D714

Function 00007FFD9C9B2E3D Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24111946494e2afb2959cfb6cbce2f4e33fb154d53a3fac63979053921a571dd
Instruction ID: 5a0e4c8e0b80164563277f3d2d4e457fd36c1c875ec23686fcd034747a9ace21
Opcode Fuzzy Hash: 24111946494e2afb2959cfb6cbce2f4e33fb154d53a3fac63979053921a571dd
Instruction Fuzzy Hash: 28F01770918B859FE350DB24C05476AB7F1FF99351F50592AE089D32A1DB34D841CB56

Function 00007FFD9BCF25B7 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3952047540.00007FFD9BCF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bcf0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf3240c3d95348b5628263508b2a693fe331d6630287786c18e91b31bff60182
Instruction ID: 9a70b86f0a82ca58f62769d728b4f1efe8c1c2876b021e627dcd4563ebc3c9eb
Opcode Fuzzy Hash: cf3240c3d95348b5628263508b2a693fe331d6630287786c18e91b31bff60182
Instruction Fuzzy Hash: 6FF0E22060D7898FC260DBA5C054A3FBBE0FF89345F4509A9B48DD3260DAB8DA408B16

Function 00007FFD9BCF7190 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3952047540.00007FFD9BCF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BCF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bcf0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 687a2b8245a2e404f598c9642b24398bf91621ec6939fe0505dc989367a2e63e
Instruction ID: 0eac9f3debc1e1822e94c8813aa7f415783ebd2db1c3dbfa6717ab8ef381acad
Opcode Fuzzy Hash: 687a2b8245a2e404f598c9642b24398bf91621ec6939fe0505dc989367a2e63e
Instruction Fuzzy Hash: 74F05E6060A5CD8FDB21DFB8D865AED3FD0FF09384B1A05EBD84EEB162C62456448701

Function 00007FFD9C93F4EB Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 530c90df4ae8e045036fd043675bb89a222967afe8d602dbdb82db5c19177310
Instruction ID: 204616ea176acc58ff04607f95b0306f9c636e9fa0467a0e46314814f59d1daa
Opcode Fuzzy Hash: 530c90df4ae8e045036fd043675bb89a222967afe8d602dbdb82db5c19177310
Instruction Fuzzy Hash: EDF0F61051D3C2AED3268BA5851027BBBE07F89642F4098ADF4C9C2191D7BCD604D712

Function 00007FFD9C312130 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70987f1b7d7367dd156c2b0ded086b5aca9c5f8bca1636ae986df2f4998015fb
Instruction ID: a2f3d45ea478438b01dfde6f05817e6a70fdd927af2d8633da0d860e486718dd
Opcode Fuzzy Hash: 70987f1b7d7367dd156c2b0ded086b5aca9c5f8bca1636ae986df2f4998015fb
Instruction Fuzzy Hash: CBF03070A0854E8FDB64EF24C4519FD7BF0FF26380F21112AF809C3152DA25D8418740

Function 00007FFD9C311D2B Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8324870aca6a65e6e606221847c378ce8ffc7c48dac30cfd846785a7d459b31d
Instruction ID: fff4bada3d1e04fbd3f47a614c9a0ae344d76265332809d5234f7705b5f76fa2
Opcode Fuzzy Hash: 8324870aca6a65e6e606221847c378ce8ffc7c48dac30cfd846785a7d459b31d
Instruction Fuzzy Hash: 36F0797451CB988F8654EB29C09492ABBF1FBAA706F00099DF5CAD3261C625E941DB06

Function 00007FFD9C8AF0D7 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4010691575.00007FFD9C8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C8A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c8a0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ac7af6422ce2fffa074eec2ecc62ad4334a384057d49e454216b66460af7fe5
Instruction ID: 4fa2989c5424fe86f097793a60dbed98ca9bdcdac8d61675cc7b762fc4a73f32
Opcode Fuzzy Hash: 8ac7af6422ce2fffa074eec2ecc62ad4334a384057d49e454216b66460af7fe5
Instruction Fuzzy Hash: 7AF0B2346086CE8ECB71DF25C854BFD3BA0AF1A381F048466EC9DCB252CA349644CB22

Function 00007FFD9C7877CA Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4004322952.00007FFD9C780000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C780000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c780000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e17c83d53904beb639612e14b77472100f377ecf3cf75bac8ce4c522844448f
Instruction ID: bd9bc9a4b589bcaa67e44419f05b397bb5f57ea01e97a5fe8cd45c2998fff61a
Opcode Fuzzy Hash: 1e17c83d53904beb639612e14b77472100f377ecf3cf75bac8ce4c522844448f
Instruction Fuzzy Hash: 40F0923061DB498ED660EB68C0A477EB7E1AF9A341F41192DE4CDD32A1DA74A980CB07

Function 00007FFD9C9B614C Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 194b6473a59911a63afaf8238152e93600e9952587d049790fda5eb5f0162cf0
Instruction ID: 7827cbce2f53e79d439a98ad8f4fa4c89b4c668967fab202d82a1d422c15d18c
Opcode Fuzzy Hash: 194b6473a59911a63afaf8238152e93600e9952587d049790fda5eb5f0162cf0
Instruction Fuzzy Hash: 98F01434508B889FD7A0EB18C48CBAAB7E0FF99302F415969A49DC7221D77494448B06

Function 00007FFD9BE36223 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 263ffcc21ae5f11e3a84526251da7acdf244dcefd3870da1e07f43201ad06e94
Instruction ID: 3620b9e29aee94ecebab8c309a157a0360668e9992d5c7d92b080618da92595c
Opcode Fuzzy Hash: 263ffcc21ae5f11e3a84526251da7acdf244dcefd3870da1e07f43201ad06e94
Instruction Fuzzy Hash: AFE06D2091A10D88DB208F3680506FE36E4AF1A289F07A137EC5CF3150E638C6009A5C

Function 00007FFD9BE36A15 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99fae9c8d8e0e3ef0a11e14bdad5f5f14b52f75d540ebcbefa0da4fc948a2e1b
Instruction ID: e4608212ab4dddf1c4abdd4af27674de210f32b2b0dbb3f5ce00137fd56ecdaf
Opcode Fuzzy Hash: 99fae9c8d8e0e3ef0a11e14bdad5f5f14b52f75d540ebcbefa0da4fc948a2e1b
Instruction Fuzzy Hash: B3E0C23050958C8FDBA4DF28C854FA877E0FF2A305F422255E80DD7261D731D980CB14

Function 00007FFD9BFFE203 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dabf04694ca215df4b9fbaf72906017e0299684145f7aec3af5fb492c4bf1e4
Instruction ID: 029bc2df64bbd6f7d76c65a33d3db0362ca8c8c539707568e230a131557a6131
Opcode Fuzzy Hash: 6dabf04694ca215df4b9fbaf72906017e0299684145f7aec3af5fb492c4bf1e4
Instruction Fuzzy Hash: 3AF01D2460A6CD89DB60CF648890AFE3BE0AF19305F0102A6EC8CD7191DB39DA009719

Function 00007FFD9C07988A Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83e661fe859df815136c348b87e65acd6234e822545434c534fc9eb3f4123886
Instruction ID: 70f3adf7d29d8f1b137632926d7f6cbfe41608771f6e4c87f097c8fd5f6e4760
Opcode Fuzzy Hash: 83e661fe859df815136c348b87e65acd6234e822545434c534fc9eb3f4123886
Instruction Fuzzy Hash: 2CE0C202B4E78D4FDB47921CAC604687BA1DF9326174E01E3D488CB1D3DD4E99459323

Function 00007FFD9BFF1C9A Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a778b2ed571295b5e3a565de04d4bf2758f96091e2a7bfd4866369407b7d322f
Instruction ID: 8054699ab28693f9ca1971c24947190715f5bf833de4dc8cf50ae9600e6ee4ee
Opcode Fuzzy Hash: a778b2ed571295b5e3a565de04d4bf2758f96091e2a7bfd4866369407b7d322f
Instruction Fuzzy Hash: FCE0C212B0E78C4FDB43565CA8604A8BF61CF5336174E02E3D488CB1A3C88A9A459323

Function 00007FFD9C083617 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3968685749.00007FFD9C070000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C070000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c070000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84640e0e4a6f9b17e4aa787dab446e290ffeb7f0053aaf0c6cb273ad0e4a26fc
Instruction ID: dbecdb78238a8c0561428aee67816e66e946f90dbf45349a1548dad093d8ddf6
Opcode Fuzzy Hash: 84640e0e4a6f9b17e4aa787dab446e290ffeb7f0053aaf0c6cb273ad0e4a26fc
Instruction Fuzzy Hash: 41E09A3011529C8EDB74CF24C8A47FC3BE0AF1C348F461129EC4DD7292CA3A9A80CB14

Function 00007FFD9BFF989A Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd16b02b7c3e55e84625acc6bbbd912ab86cab15a713448fe1b11696533ab728
Instruction ID: eae2682917721923bb656095e2dc85fac1f2544284974024de2b3df558507db2
Opcode Fuzzy Hash: bd16b02b7c3e55e84625acc6bbbd912ab86cab15a713448fe1b11696533ab728
Instruction Fuzzy Hash: B1E0152051D7C88FC750DF69805863EBBE0BFA8301F000A2EF4C8D2262CA28D640CB13

Function 00007FFD9BFFE712 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abe58bc2cc8fe2e757b3e682b961369cca04ba4e6247550ba6b19e0ceac10270
Instruction ID: fa6a6564344f47241146a9c970c031b3b686e9beef9cfd465e41935baae73c89
Opcode Fuzzy Hash: abe58bc2cc8fe2e757b3e682b961369cca04ba4e6247550ba6b19e0ceac10270
Instruction Fuzzy Hash: 5AF0302004F3C99FC7528FB488A58EE3FE05F0B215B0A05DBD8D89B1A3E66C8659D716

Function 00007FFD9C6345C3 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e67d6b8195c5000787760504ccc15a6d85cfe6b684b30b89fce12d264a52b3e3
Instruction ID: 6dd3e45af6b52fda6f2717d19afa3b1af35641d7b74e01c598414aaf12a539f3
Opcode Fuzzy Hash: e67d6b8195c5000787760504ccc15a6d85cfe6b684b30b89fce12d264a52b3e3
Instruction Fuzzy Hash: 19E0ED1090D35289D7218F55805023FFAE0AF89795F54692DB4E9A21A0DBB89584CB2A

Function 00007FFD9C93997C Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43900b903ae7dc88c4a0826a6604a5e13196fdc42d1b8e67e3a1741c7f1eed6d
Instruction ID: 48318b602cb72585bd9c6a5322ca8d1dcf0b911d47b2c9e2341b094c1c587eb7
Opcode Fuzzy Hash: 43900b903ae7dc88c4a0826a6604a5e13196fdc42d1b8e67e3a1741c7f1eed6d
Instruction Fuzzy Hash: 6CE092386156898FDB60DF58C8A4AFC33E2FF99381F051065A80DD7251DBB9A9948B14

Function 00007FFD9C9B28F5 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43f5a65434486fc8249acca35c433d2cfa4540b543d54dc1903425b187aecbd8
Instruction ID: 9e54271a36178ce222dfbc60a2be3d3978768235924da1dc6a1f2a5ebcf731b4
Opcode Fuzzy Hash: 43f5a65434486fc8249acca35c433d2cfa4540b543d54dc1903425b187aecbd8
Instruction Fuzzy Hash: 6AE0C210909A8B9FC721CF6098605BA77F0EF0B381B1220A6E858E31A3C63CD805CB18

Function 00007FFD9BE37F61 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19d4b2782f48b9b308b8f17050645fcf5f5e17b909c628291d95a0aa8ada619e
Instruction ID: d98c24955a0b45f1f2390e222ae2e0d96e8e4400733bbdd23d442464c1a33f09
Opcode Fuzzy Hash: 19d4b2782f48b9b308b8f17050645fcf5f5e17b909c628291d95a0aa8ada619e
Instruction Fuzzy Hash: 28E01A2061B2C95DDB368F7588606FD3EA05F1B241F4A10AAECD9DA193D6388684DB26

Function 00007FFD9C93D352 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4013818156.00007FFD9C930000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c930000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffd10dd8aacbfb9a59a2fa44793a02d0a2c3e109122bbe530c1ca7e50fabbe3a
Instruction ID: 5a7d1b937f91b5587d54cd44f70fcc787235c30f23998619f7dd35120e4cf025
Opcode Fuzzy Hash: ffd10dd8aacbfb9a59a2fa44793a02d0a2c3e109122bbe530c1ca7e50fabbe3a
Instruction Fuzzy Hash: A3E0B63011CB80DFC361DB68C498BAAB7F0BF9E302F041859E08DD7250C374A8048B16

Function 00007FFD9C9B2A48 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f50cc03f67afea8612d2bceb88680c11b95c92c0e0c54d2603cd7d683c7c9e16
Instruction ID: c583a2abb27eed1aa262f12deccfed0a54dc4327a3583cb91750f97127ee6979
Opcode Fuzzy Hash: f50cc03f67afea8612d2bceb88680c11b95c92c0e0c54d2603cd7d683c7c9e16
Instruction Fuzzy Hash: C6E08C2080968A8FC715DF20C8205BA7BB0AF0A341B012092E848E70A3C638D800CB19

Function 00007FFD9C9B2273 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.4016220915.00007FFD9C9B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C9B0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c9b0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60fe0b936576cbcf96cf159257a5e699e93b5076b158329cb79b51fcbc30591e
Instruction ID: dbb2968c525707453b97820cbc20032f33eaf5532718ed01dee977d4c49d3163
Opcode Fuzzy Hash: 60fe0b936576cbcf96cf159257a5e699e93b5076b158329cb79b51fcbc30591e
Instruction Fuzzy Hash: D6E0EC5051E7856EC360CB20845557BBBE0AF86351F80286EB0C6C31A1E6285845C717

Function 00007FFD9C30471A Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3980554689.00007FFD9C300000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C300000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c300000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b621f2d9ae7b2e9cea36c09aad27b02ef24b42d3a374712ec53fb4fb37e58288
Instruction ID: 929e02f741a25cf2426db4c482e7ee93dab1d17607a24d7734236afd0cb6b8d5
Opcode Fuzzy Hash: b621f2d9ae7b2e9cea36c09aad27b02ef24b42d3a374712ec53fb4fb37e58288
Instruction Fuzzy Hash: 3BE0677054958F8EDB74DF6888157FA36E1FF18349F00017AD94DCA141DB3856419715

Function 00007FFD9C635D9C Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3997113438.00007FFD9C630000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9C630000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9c630000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f53320f3b1dae4186a1fe60a2b6954451e724aa3fc6285f5112d64b8e2abb2bc
Instruction ID: 5bf52de0f76b1a00542260279202be48893f000c16cd32e8fa9dedf573327f5a
Opcode Fuzzy Hash: f53320f3b1dae4186a1fe60a2b6954451e724aa3fc6285f5112d64b8e2abb2bc
Instruction Fuzzy Hash: F5D0172040E3D28CC3228B61401007FBEF06F9B689F081EAFF5D9A2262D229C644D72B

Function 00007FFD9BE3596C Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3957768564.00007FFD9BE30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BE30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9be30000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09a17dbf9eaad4d81a8945f1410317ba5af6855af21081466842448b6e24de68
Instruction ID: fa99d7905fb80ba8be7eac3fb626d6dd0281b01857aa6ed67658216f58bf7fbb
Opcode Fuzzy Hash: 09a17dbf9eaad4d81a8945f1410317ba5af6855af21081466842448b6e24de68
Instruction Fuzzy Hash: 61D0220181B10F40D3109FB000968FD30E49F0A314F433630F84DB30B2CA28C2408128

Function 00007FFD9BFE7B04 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b23a435d9c5c7e9146cec8fd1a758fcea903722fce8b084dd2aabb04b8b08ba4
Instruction ID: 81008360ac8e890881fc8a10eb0886ba4a37521a030774628ff082afb8b50dd3
Opcode Fuzzy Hash: b23a435d9c5c7e9146cec8fd1a758fcea903722fce8b084dd2aabb04b8b08ba4
Instruction Fuzzy Hash: 43D0E93061984DDFDB95EF48C858AB837A1FF58305B164270E44DD7164DA35E9409B40

Function 00007FFD9BFE4816 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 146e46772cc073a1c5c8d69c8c197dd1bdc56e3aeca9430d0da9b904e3823ab6
Instruction ID: bdc1ecd0231d67adfdbe05ad1b106fffb068c3e5c7ccc6104ed47bbcc6eb391d
Opcode Fuzzy Hash: 146e46772cc073a1c5c8d69c8c197dd1bdc56e3aeca9430d0da9b904e3823ab6
Instruction Fuzzy Hash: B7C08C20B1CA0D8BE930D6A0C05183A77C0ABE0200F21113AE01E821B0C919A6C28A02

Function 00007FFD9BFE482A Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000027.00000002.3965615627.00007FFD9BFE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BFE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_39_2_7ffd9bfe0000_DriverSupport.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e8024846026d4100c3d2753c4cc7a8e0255f14e33bcade8581d2874fb953f99
Instruction ID: ce9e53cb591faa103711b02d4e4a291b22e9a5db5a09e13e6b0b6984bda9046e
Opcode Fuzzy Hash: 8e8024846026d4100c3d2753c4cc7a8e0255f14e33bcade8581d2874fb953f99
Instruction Fuzzy Hash: 77C08C20B1C90D8BE930D6A0C05283A77C0BBE0200F22113AE01E821B0C919A6828A42

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify or add LSASS drivers to obtain persistence on compromised systems. The Windows security subsystem is a set of components that manage and enforce the security policy for a computer or domain. The Local Security Authority (LSA) is the main component responsible for local security policy and user authentication. The LSA includes multiple dynamic link libraries (DLLs) associated with various other security functions, all of which run in the context of the LSA Subsystem Service (LSASS) lsass.exe process.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Driver: Driver Load, File: File Creation, File: File Modification, Module: Module Load
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files (x86)\Driver Support\Agent.CPU.exe

C:\Program Files (x86)\Driver Support\Agent.CPU.exe.config

C:\Program Files (x86)\Driver Support\Agent.Common.XmlSerializers.dll

C:\Program Files (x86)\Driver Support\Agent.Common.dll

C:\Program Files (x86)\Driver Support\Agent.Communication.XmlSerializers.dll

C:\Program Files (x86)\Driver Support\Agent.Communication.dll

C:\Program Files (x86)\Driver Support\Agent.ExceptionLogging.XmlSerializers.dll

C:\Program Files (x86)\Driver Support\Agent.ExceptionLogging.dll

C:\Program Files (x86)\Driver Support\Common.dll

C:\Program Files (x86)\Driver Support\DriverSupport.Updater.exe

C:\Program Files (x86)\Driver Support\DriverSupport.Updater.exe.config

C:\Program Files (x86)\Driver Support\DriverSupport.chm

Windows Analysis Report
SecuriteInfo.com.Program.Unwanted.1283.21599.30651.exe

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre