Home » Virus List
PUP.Generic
Risk Level 1
 
File Size : 3690680 KB
File Type : Portable Executable file Win32 EXE
File Name

maxdriverupdater-widget.exe

MD5

d1a6192c5b24faab03b3748204090148

SHA1

aad878ff4da69fa6564376b2f4731ddc3ca4dd40

SHA256

14fde72c98b7289c0a79b2257b8d570d64e6735001493ea092

General information:

* File name: C:\Users\vmware\Desktop\report\maxdriverupdater-widget..exe

Changes to registry :

* Modifies value "(Default)=C:\Windows\system32\jscript.dll" in key HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CC5BBEC3-DB4A-4BED-828D-08D78EE3E1ED}\InprocServer32
binary data=43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006A007300630072006900700074002E0064006C006C000000
old value "(Default)=C:\Windows\System32\jscript.dll"
binary data=43003A005C00570069006E0064006F00770073005C00530079007300740065006D00330032005C006A007300630072006900700074002E0064006C006C000000
* Modifies value "(Default)=C:\Windows\system32\jscript.dll" in key HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F414C260-6AC0-11CF-B6D1-00AA00BBBB58}\InprocServer32
binary data=43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006A007300630072006900700074002E0064006C006C000000
old value "(Default)=C:\Windows\System32\jscript.dll"
binary data=43003A005C00570069006E0064006F00770073005C00530079007300740065006D00330032005C006A007300630072006900700074002E0064006C006C000000
* Modifies value "(Default)=C:\Windows\system32\jscript.dll" in key HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F414C261-6AC0-11CF-B6D1-00AA00BBBB58}\InprocServer32
binary data=43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006A007300630072006900700074002E0064006C006C000000
old value "(Default)=C:\Windows\System32\jscript.dll"
binary data=43003A005C00570069006E0064006F00770073005C00530079007300740065006D00330032005C006A007300630072006900700074002E0064006C006C000000
* Modifies value "(Default)=C:\Windows\system32\jscript.dll" in key HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F414C262-6AC0-11CF-B6D1-00AA00BBBB58}\InprocServer32
binary data=43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C006A007300630072006900700074002E0064006C006C000000
old value "(Default)=C:\Windows\System32\jscript.dll"
binary data=43003A005C00570069006E0064006F00770073005C00530079007300740065006D00330032005C006A007300630072006900700074002E0064006C006C000000
* Creates value "(Default)=JScript Language Authoring" in key HKEY_LOCAL_MACHINE\software\Classes\JavaScript1.2 AuthorJavaScript1.3 Author
binary data=4A0053006300720069007000740020004C0061006E0067007500610067006500200041007500740068006F00720069006E0067000000
* Creates value "(Default)={f414c261-6ac0-11cf-b6d1-00aa00bbbb58}" in key HKEY_LOCAL_MACHINE\software\Classes\JavaScript1.2 AuthorJavaScript1.3 Author\CLSID
binary data=7B00660034003100340063003200360031002D0036006100630030002D0031003100630066002D0062003600640031002D003000300061006100300030006200620062006200350038007D000000
* Creates Registry key HKEY_LOCAL_MACHINE\software\Classes\JavaScript1.2 AuthorJavaScript1.3 Author\OLEScript
* Creates value "TELNO=(888) 723-3816" in key HKEY_LOCAL_MACHINE\software\csdimedia\maxdu
binary data=2800380038003800290020003700320033002D0033003800310036000000
* Creates value "nAppendParamsFromReg=00000001" in key HKEY_LOCAL_MACHINE\software\csdimedia\maxdu
* Creates value "IsTelNoEnabled=00000001" in key HKEY_LOCAL_MACHINE\software\csdimedia\maxdu
* Creates value "BUILD_FOR=csdimedia" in key HKEY_LOCAL_MACHINE\software\csdimedia\maxdu
binary data=63007300640069006D0065006400690061000000
* Creates value "affiliateid=39018" in key HKEY_LOCAL_MACHINE\software\csdimedia\maxdu
binary data=330039003000310038000000
* Creates value "utm_source=39018&affiliate=39018" in key HKEY_LOCAL_MACHINE\software\csdimedia\maxdu
binary data=33003900300031003800260061006600660069006C0069006100740065003D00330039003000310038000000
* Creates value "utm_campaign=39018" in key HKEY_LOCAL_MACHINE\software\csdimedia\maxdu
binary data=330039003000310038000000
* Creates value "utm_medium=39018" in key HKEY_LOCAL_MACHINE\software\csdimedia\maxdu
binary data=330039003000310038000000
* Creates value "BuyNowURL=https://www.cleverbridge.com/1277/purl-k9toolsre?cart=161405&x-at=csdi1" in key HKEY_LOCAL_MACHINE\software\csdimedia\maxdu
binary data=680074007400700073003A002F002F007700770077002E0063006C0065007600650072006200720069006400670065002E0063006F006D002F0031003200370037002F007000750072006C002D006B00390074006F006F006C007300720065003F0063006100720074003D00310036003100340030003500260078002D00610074003D00630073006400690031000000
* Creates value "RenewNowURL=https://www.cleverbridge.com/1277/purl-k9toolsre?cart=161405&x-at=csdi1" in key HKEY_LOCAL_MACHINE\software\csdimedia\maxdu
binary data=680074007400700073003A002F002F007700770077002E0063006C0065007600650072006200720069006400670065002E0063006F006D002F0031003200370037002F007000750072006C002D006B00390074006F006F006C007300720065003F0063006100720074003D00310036003100340030003500260078002D00610074003D00630073006400690031000000
* Creates value "MaxFixLimit=00000032" in key HKEY_LOCAL_MACHINE\software\csdimedia\maxdu
* Creates value "InstalledPath=C:\Program Files\Max Driver Updater" in key HKEY_LOCAL_MACHINE\software\csdimedia\maxdu
binary data=43003A005C00500072006F006700720061006D002000460069006C00650073005C004D00610078002000440072006900760065007200200055007000640061007400650072000000
* Creates value "AppVersion=2.7.1086.16649" in key HKEY_LOCAL_MACHINE\software\csdimedia\maxdu
binary data=32002E0037002E0031003000380036002E003100360036003400390000
* Modifies value "experiment_labels=CrVar1=3300164|Thu, 12 May 2017 12:41:43 GMT" in key HKEY_LOCAL_MACHINE\software\Google\Update\ClientStateMedium\{8A69D345-D564-463c-AFF1-A69D9E530F96}
binary data=4300720056006100720031003D0033003300300030003100360034007C005400680075002C0020003100320020004D0061007900200032003000310037002000310032003A00340031003A0034003300200047004D0054000000
old value "experiment_labels=CrVar1=3300164|Thu, 12 May 2017 12:11:46 GMT"
binary data=4300720056006100720031003D0033003300300030003100360034007C005400680075002C0020003100320020004D0061007900200032003000310037002000310032003A00310031003A0034003600200047004D0054000000
* Creates value "S-1-5-21-3876664759-1550432450-4008606742-1000=9CB3F1C53A912E00" in key HKEY_LOCAL_MACHINE\software\Google\Update\ClientStateMedium\{8A69D345-D564-463c-AFF1-A69D9E530F96}\LastWasDefault
* Modifies value "Name=maxdu.exe" in key HKEY_LOCAL_MACHINE\software\microsoft\DirectDraw\MostRecentApplication
binary data=6D0061007800640075002E006500780065000000
old value "Name=iexplore.exe"
binary data=69006500780070006C006F00720065002E006500780065000000
* Modifies value "ID=559A5D31" in key HKEY_LOCAL_MACHINE\software\microsoft\DirectDraw\MostRecentApplication
old value "ID=4A5BC69E"
* Creates value "FileTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\maxdu_RASAPI32
* Creates value "ConsoleTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\maxdu_RASAPI32
* Creates value "MaxFileSize=00100000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\maxdu_RASAPI32
* Creates value "FileDirectory=%windir%\tracing" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\maxdu_RASAPI32
binary data=2500770069006E0064006900720025005C00740072006100630069006E0067000000
* Creates value "FileTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\maxdu_RASMANCS
* Creates value "ConsoleTracingMask=FFFF0000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\maxdu_RASMANCS
* Creates value "MaxFileSize=00100000" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\maxdu_RASMANCS
* Creates value "FileDirectory=%windir%\tracing" in key HKEY_LOCAL_MACHINE\software\microsoft\Tracing\maxdu_RASMANCS
binary data=2500770069006E0064006900720025005C00740072006100630069006E0067000000
* Creates value "NukeOnDelete=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "UseGlobalSettings=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\BitBucket
* Creates value "Inno Setup: Setup Version=5.5.1 (u)" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
binary data=35002E0035002E00310020002800750029000000
* Creates value "Inno Setup: App Path=C:\Program Files\Max Driver Updater" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
binary data=43003A005C00500072006F006700720061006D002000460069006C00650073005C004D00610078002000440072006900760065007200200055007000640061007400650072000000
* Creates value "InstallLocation=C:\Program Files\Max Driver Updater\" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
binary data=43003A005C00500072006F006700720061006D002000460069006C00650073005C004D00610078002000440072006900760065007200200055007000640061007400650072005C000000
* Creates value "Inno Setup: Icon Group=Max Driver Updater" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
binary data=4D00610078002000440072006900760065007200200055007000640061007400650072000000
* Creates value "Inno Setup: User=vmware" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
binary data=76006D0077006100720065000000
* Creates value "Inno Setup: Language=en" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
binary data=65006E000000
* Creates value "DisplayName=Max Driver Updater" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
binary data=4D00610078002000440072006900760065007200200055007000640061007400650072000000
* Creates value "DisplayIcon=C:\Program Files\Max Driver Updater\maxdu.exe" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
binary data=43003A005C00500072006F006700720061006D002000460069006C00650073005C004D00610078002000440072006900760065007200200055007000640061007400650072005C006D0061007800640075002E006500780065000000
* Creates value "UninstallString="C:\Program Files\Max Driver Updater\unins000.exe" /silent" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
binary data=220043003A005C00500072006F006700720061006D002000460069006C00650073005C004D00610078002000440072006900760065007200200055007000640061007400650072005C0075006E0069006E0073003000300030002E00650078006500220020002F00730069006C0065006E0074000000
* Creates value "QuietUninstallString="C:\Program Files\Max Driver Updater\unins000.exe" /SILENT" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
binary data=220043003A005C00500072006F006700720061006D002000460069006C00650073005C004D00610078002000440072006900760065007200200055007000640061007400650072005C0075006E0069006E0073003000300030002E00650078006500220020002F00530049004C0045004E0054000000
* Creates value "DisplayVersion=2.7.1086.16649" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
binary data=32002E0037002E0031003000380036002E00310036003600340039000000
* Creates value "Publisher=csmedia.com" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
binary data=630073006D0065006400690061002E0063006F006D000000
* Creates value "URLInfoAbout=http://www.maxdriverupdater.com/maxdu/" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
binary data=68007400740070003A002F002F007700770077002E006D006100780064007200690076006500720075007000640061007400650072002E0063006F006D002F006D0061007800640075002F000000
* Creates value "HelpLink=http://www.maxdriverupdater.com/maxdu/" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
binary data=68007400740070003A002F002F007700770077002E006D006100780064007200690076006500720075007000640061007400650072002E0063006F006D002F006D0061007800640075002F000000
* Creates value "NoModify=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
* Creates value "NoRepair=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
* Creates value "InstallDate=320030003100360030003500310032000000" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
* Creates value "MajorVersion=00000002" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
* Creates value "MinorVersion=00000007" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
* Creates value "EstimatedSize=00003D54" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Max Driver Updater_is1
* Creates value "DontShowUI=00000001" in key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting
* Creates Registry key HKEY_LOCAL_MACHINE\software\microsoft\Windows\Windows Error Reporting\LocalDumps
* Creates value "setupapi.app.log=00001000" in key HKEY_LOCAL_MACHINE\System\Setup\SetupapiLogStatus
* Creates value "StartAutoTutorial=00000001" in key HKEY_CURRENT_USER\software\csdimedia\maxdu
* Creates value "InstalledPath=C:\Program Files\Max Driver Updater" in key HKEY_CURRENT_USER\software\csdimedia\maxdu
binary data=43003A005C00500072006F006700720061006D002000460069006C00650073005C004D00610078002000440072006900760065007200200055007000640061007400650072000000
* Creates value "Download Path=C:\Users\vmware\AppData\Roaming\csdimedia\Max Driver Updater\Download\" in key HKEY_CURRENT_USER\software\csdimedia\maxdu
binary data=43003A005C00550073006500720073005C0076006D0077006100720065005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C0063007300640069006D0065006400690061005C004D00610078002000440072006900760065007200200055007000640061007400650072005C0044006F0077006E006C006F00610064005C0000
* Creates value "Backup Path=C:\Users\vmware\AppData\Roaming\csdimedia\Max Driver Updater\Backup\" in key HKEY_CURRENT_USER\software\csdimedia\maxdu
binary data=43003A005C00550073006500720073005C0076006D0077006100720065005C0041007000700044006100740061005C0052006F0061006D0069006E0067005C0063007300640069006D0065006400690061005C004D00610078002000440072006900760065007200200055007000640061007400650072005C004200610063006B00750070005C0000
* Creates value "FirstRun=00000001" in key HKEY_CURRENT_USER\software\csdimedia\maxdu
* Creates value "LangCode=en" in key HKEY_CURRENT_USER\software\csdimedia\maxdu\LANG
binary data=65006E000000
* Modifies value "lastrun=13107530498710697" in key HKEY_CURRENT_USER\software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
binary data=310033003100300037003500330030003400390038003700310030003600390037000000
old value "lastrun=13107528701375007"
binary data=310033003100300037003500320038003700300031003300370035003000300037000000
* Modifies value "Name=chrome.exe" in key HKEY_CURRENT_USER\software\Microsoft\Direct3D\MostRecentApplication
binary data=6300680072006F006D0065002E006500780065000000
old value "Name=Explorer.EXE"
binary data=4500780070006C006F007200650072002E004500580045000000
* Modifies value "NukeOnDelete=00000001" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{1a36211b-1230-11e6-a3ec-806e6f6e6963}
old value empty
* Modifies value "SavedLegacySettings=4600000019000000090000000000000000000000000000000400000000000000704F157FC4AAD101000000000000000000000000020000001700000000000000FE800000000000005C05060FE5E5E4920B0000007000650072002C00530065006300750072006900740079003D0049006D0070006500720073006F006E006100740069006F006E002000440079006E0061006D00690063002000460061006C00730065005D00000012000012AD7B0000B092120040E00C0002000000C0A803820000000000000000609A3900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000" in key HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
old value "SavedLegacySettings=4600000018000000090000000000000000000000000000000400000000000000704F157FC4AAD101000000000000000000000000020000001700000000000000FE800000000000005C05060FE5E5E4920B0000007000650072002C00530065006300750072006900740079003D0049006D0070006500720073006F006E006100740069006F006E002000440079006E0061006D00690063002000460061006C00730065005D00000012000012AD7B0000B092120040E00C0002000000C0A803820000000000000000609A3900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates Registry key HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\NetTrace\Session
* Creates value "p2pcollab.dll,-8042=Peer to Peer Trust" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32
binary data=5000650065007200200074006F00200050006500650072002000540072007500730074000000
* Creates value "qagentrt.dll,-10=System Health Authentication" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32
binary data=530079007300740065006D0020004800650061006C00740068002000410075007400680065006E007400690063006100740069006F006E000000
* Creates value "dnsapi.dll,-103=Domain Name System (DNS) Server Trust" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32
binary data=44006F006D00610069006E0020004E0061006D0065002000530079007300740065006D002000280044004E005300290020005300650072007600650072002000540072007500730074000000
* Creates value "fveui.dll,-843=BitLocker Drive Encryption" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\System32
binary data=4200690074004C006F0063006B0065007200200044007200690076006500200045006E006300720079007000740069006F006E000000
* Creates value "fveui.dll,-844=BitLocker Data Recovery Agent" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\System32
binary data=4200690074004C006F0063006B00650072002000440061007400610020005200650063006F00760065007200790020004100670065006E0074000000
* Creates value "dhcpqec.dll,-100=DHCP Quarantine Enforcement Client" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32
binary data=44004800430050002000510075006100720061006E00740069006E006500200045006E0066006F007200630065006D0065006E007400200043006C00690065006E0074000000
* Creates value "dhcpqec.dll,-101=Provides DHCP based enforcement for NAP" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32
binary data=500072006F007600690064006500730020004400480043005000200062006100730065006400200065006E0066006F007200630065006D0065006E007400200066006F00720020004E00410050000000
* Creates value "dhcpqec.dll,-103=1.0" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32
binary data=31002E0030000000
* Creates value "dhcpqec.dll,-102=Microsoft Corporation" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32
binary data=4D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000
* Creates value "napipsec.dll,-1=490050007300650063002000520065006C00790069006E0067002000500061007200740079000000" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32
* Creates value "napipsec.dll,-2=Provides IPsec based enforcement for Network Access Protection" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32
binary data=500072006F0076006900640065007300200049005000730065006300200062006100730065006400200065006E0066006F007200630065006D0065006E007400200066006F00720020004E006500740077006F0072006B0020004100630063006500730073002000500072006F00740065006300740069006F006E000000
* Creates value "napipsec.dll,-4=1.0" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32
binary data=31002E0030000000
* Creates value "napipsec.dll,-3=Microsoft Corporation" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32
binary data=4D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000
* Creates value "tsgqec.dll,-100=RD Gateway Quarantine Enforcement Client" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32
binary data=52004400200047006100740065007700610079002000510075006100720061006E00740069006E006500200045006E0066006F007200630065006D0065006E007400200043006C00690065006E0074000000
* Creates value "tsgqec.dll,-101=Provides RD Gateway enforcement for NAP" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32
binary data=500072006F007600690064006500730020005200440020004700610074006500770061007900200065006E0066006F007200630065006D0065006E007400200066006F00720020004E00410050000000
* Creates value "tsgqec.dll,-102=1.0" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32
binary data=31002E0030000000
* Creates value "tsgqec.dll,-103=Microsoft Corporation" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32
binary data=4D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000
* Creates value "eapqec.dll,-100=EAP Quarantine Enforcement Client" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32
binary data=4500410050002000510075006100720061006E00740069006E006500200045006E0066006F007200630065006D0065006E007400200043006C00690065006E0074000000
* Creates value "eapqec.dll,-101=Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies." in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32
binary data=500072006F007600690064006500730020004E006500740077006F0072006B0020004100630063006500730073002000500072006F00740065006300740069006F006E00200065006E0066006F007200630065006D0065006E007400200066006F00720020004500410050002000610075007400680065006E00740069006300610074006500640020006E006500740077006F0072006B00200063006F006E006E0065006300740069006F006E0073002C00200073007500630068002000610073002000740068006F0073006500200075007300650064002000770069007400680020003800300032002E0031005800200061006E0064002000560050004E00200074006500630068006E006F006C006F0067006900650073002E000000
* Creates value "eapqec.dll,-102=1.0" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32
binary data=31002E0030000000
* Creates value "eapqec.dll,-103=Microsoft Corporation" in key HKEY_CURRENT_USER\software\classes\Local Settings\MuiCache\b\52C64B7E\@%SystemRoot%\system32
binary data=4D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000

Changes to filesystem:

* Creates file C:\Program Files\Max Driver Updater\Chinese_rcp.ini
* Creates file C:\Program Files\Max Driver Updater\Danish_rcp.ini
* Creates file C:\Program Files\Max Driver Updater\difxapi.dll
* Creates file C:\Program Files\Max Driver Updater\difxapi64.dll
* Creates file C:\Program Files\Max Driver Updater\Dutch_rcp.ini
* Creates file C:\Program Files\Max Driver Updater\eng_rcp.ini
* Creates file C:\Program Files\Max Driver Updater\Finnish_rcp_fi.ini
* Creates file C:\Program Files\Max Driver Updater\French_rcp.ini
* Creates file C:\Program Files\Max Driver Updater\German_rcp.ini
* Creates file C:\Program Files\Max Driver Updater\install_left_image.bmp
* Creates file C:\Program Files\Max Driver Updater\isxdl.dll
* Creates file C:\Program Files\Max Driver Updater\Italian_rcp.ini
* Creates file C:\Program Files\Max Driver Updater\Japanese_rcp.ini
* Creates file C:\Program Files\Max Driver Updater\maxdu.exe
* Creates file C:\Program Files\Max Driver Updater\Norwegian_rcp.ini
* Creates file C:\Program Files\Max Driver Updater\Portuguese_rcp.ini
* Creates file C:\Program Files\Max Driver Updater\russian_rcp_ru.ini
* Creates file C:\Program Files\Max Driver Updater\Spanish_rcp.ini
* Creates file C:\Program Files\Max Driver Updater\Swedish_rcp.ini
* Creates file C:\Program Files\Max Driver Updater\unins000.dat
* Creates file C:\Program Files\Max Driver Updater\unins000.exe
* Creates file C:\Program Files\Max Driver Updater\unins000.msg
* Creates file C:\Program Files\Max Driver Updater\unrar.dll
* Creates file C:\Program Files\Max Driver Updater\updater\amd64Helper\difxapi.dll
* Creates file C:\Program Files\Max Driver Updater\updater\amd64Helper\DriverUpdateHelper64.exe
* Creates file C:\Program Files\Max Driver Updater\updater\amd64Helper\DriverUpdateHelper64.manifest
* Creates file C:\Program Files\Max Driver Updater\updater\extract\7z.dll
* Creates file C:\Program Files\Max Driver Updater\updater\extract\7z.exe
* Creates file C:\Program Files\Max Driver Updater\updater\extract\copying.txt
* Creates file C:\Program Files\Max Driver Updater\updater\extract\History.txt
* Creates file C:\Program Files\Max Driver Updater\updater\extract\license.txt
* Creates file C:\Program Files\Max Driver Updater\updater\extract\readme.txt
* Modifies file C:\Windows\INF\setupapi.app.log
* Creates file C:\Windows\Tasks\MAXDriverUpdaterRunAtStartup.job
* Creates file C:\Windows\Tasks\MAXDriverUpdater_UPDATES.job
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Driver Updater\Max Driver Updater.lnk
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Driver Updater\Register Max Driver Updater.lnk
* Creates file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Driver Updater\Uninstall Max Driver Updater.lnk
* Changes file attributes C:\Users\vmware\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3
* Modifies file (empty) C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00000c
* Creates file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000013
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Cache\index
* Changes file attributes C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Current Session
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Current Session
* Changes file attributes C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
* Changes file attributes C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\GPUCache\index
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\History
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\History-journal
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Last Session
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Preferences
* Changes file attributes C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG.old
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000004.log
* Changes file attributes C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Default\Visited Links
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\Local State
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_0
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1
* Modifies file C:\Users\vmware\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\index
* Modifies file C:\Users\vmware\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
* Modifies file (hidden) C:\Users\vmware\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\421[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\Alert_icon1[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\award[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\BIGBARLEVEL_2[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\BIGBARLEVEL_6[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\Board[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\btn_Upgrade_full_version_normal[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\Button_black_bg[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\Disk_drivers[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\Fix_errors_d_middle[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\Fix_errors_n_left[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\Gray_normal[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\greybtn_left_whitebg_d[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\greybtn_right_whitebg_h[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\Grey_bg_MGCP[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\money_back_da[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\money_back_fr[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\money_back_no[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\Monitors[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\Purchase_now_down[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\rcp_icon[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\Small_blue_left_btn_d[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\Small_blue_middle_btn_n[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\Small_blue_right_btn_h[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\Small_fixerror_h_left[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\Small_fixerror_n_right[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\Small_level_1[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\Small_level_4[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\ss_driverUpdater[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\System_device[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\thank_award[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\tick_icon[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\Yellowbtn_left_blackbg_n[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\yellowbtn_left_blackbg_n[2]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27NA20YY\yellowbtn_right_blackbg_h[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\5386[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\alttxt[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\Arrow_graybg[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\asp_icon[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\BIGBARLEVEL_4[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\btn_registryScan_hover[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\btn_Upgrade_full_version_down[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\bullet[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\CD_DVD_drive[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\Fix_errors_d_left[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\Fix_errors_h_right[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\Fix_errors_n_middle[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\Gray_down[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\GREEN_STRIP[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\greybtn_left_whitebg_n[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\grey_middle_whitebg_h[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\Home_alert[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\money_back_es[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\money_back_ja[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\money_back_ru[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\money_back_sv[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\Oldest_driver[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\pb_home_left_right_border[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\Processors[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\Purchase_now_normal[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\Small_blue_left_btn_n[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\Small_blue_middle_btn_d[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\Small_fixerror_d_right[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\Small_fixerror_h_middle[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\Tick_gray[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\tick_list[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\universal_bus[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\yellowbtn_left_blackbg_d[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\yellowbtn_middle_blackbg_h[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98QV99O4\yellowbtn_middle_blackbg_n[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\5388[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\ALERT_ICON1[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\ALERT_ICON2[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\BIGBARLEVEL_1[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\BIGBARLEVEL_5[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\btn_bg[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\btn_downloadNow[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\btn_registryScan_down[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\btn_registryScan_normal[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\Fix_errors_d_right[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\Fix_errors_h_middle[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\Gradiant_box[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\Gray_hover[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\greybtn_right_whitebg_d[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\grey_middle_whitebg_n[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\IDA_Controller[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\info[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\money_back[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\money_back_fi[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\money_back_nl[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\money_back_zhcn[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\pb_home_middle_bg[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\Small_blue_left_btn_h[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\Small_blue_right_btn_n[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\Small_fixerror_d_left[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\Small_fixerror_d_middle[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\Small_fixerror_n_left[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\Small_level_2[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\Small_level_6[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\Sound[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\texts[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\tick_uptodate[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\Total_outdated_drivers[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\Yellowbtn_left_blackbg_h[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F495O1CT\yellowbtn_right_blackbg_d[1]
* Modifies file (hidden) C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\420[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\424[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\adu_icon[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\ALERT_SQUARE[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\arrow[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\arrow_icon[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\BIGBARLEVEL_3[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\btn_Upgrade_full_version_hover[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\Display_adapters[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\Fix_errors_h_left[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\Fix_errors_n_right[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\Footer_award[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\greybtn_left_whitebg_h[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\greybtn_right_whitebg_n[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\grey_middle_whitebg_d[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\info_box_red[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\Last_driver_scan[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\money_back_de[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\money_back_it[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\money_back_ptbr[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\Network_adp[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\Other_device[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\pb_home_power_bundle_logo[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\Purchase_now_hover[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\RCP[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\Red_strip[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\SCSI_RAID[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\SmallAlert[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\Small_blue_middle_btn_h[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\Small_blue_right_btn_d[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\Small_fixerror_h_right[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\Small_fixerror_n_middle[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\Tick_green[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\yellowbtn_middle_blackbg_d[1]
* Creates file C:\Users\vmware\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFK0SX85\yellowbtn_right_blackbg_n[1]
* Creates file C:\Users\vmware\AppData\Roaming\csdimedia\Max Driver Updater\Download.dat
* Creates file C:\Users\vmware\AppData\Roaming\csdimedia\Max Driver Updater\ininotfound0.ini
* Creates file C:\Users\vmware\AppData\Roaming\csdimedia\Max Driver Updater\log_05-12-2016.log
* Creates file C:\Users\vmware\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3876664759-1550432450-4008606742-1000\32f8e947fd3078374278ea97f9f9c4de_fbbe3336-6481-4cb0-a39c-2d0664723c1f
* Creates file C:\Users\Public\Desktop\Max Driver Updater.lnk

Network services:

* Looks for an Internet connection.
* Queries DNS "webres1.qheal.ctmail.com".
* Queries DNS "webres2.qheal.ctmail.com".
* Queries DNS "webres5.qheal.ctmail.com".
* Queries DNS "crl.microsoft.com".
* Queries DNS "accounts.google.com".
* Queries DNS "webres4.qheal.ctmail.com".
* Queries DNS "maxdriverupdater.com".
* Queries DNS "clients4.google.com".
* Queries DNS "translate.googleapis.com".
* Queries DNS "ssl.gstatic.com".
* Queries DNS "pki.google.com".
* Queries DNS "www.microsoft.com".
* Queries DNS "www.cyberoam.com".
* Queries DNS "redirector.gvt1.com".
* Queries DNS "teredo.ipv6.microsoft.com".
* Queries DNS "ocsp.verisign.com".
* Queries DNS "crl.verisign.com".
* C:\Program Files\Google\Chrome\Application\chrome.exe Connects to "216.58.220.14" on port 443 (TCP - HTTPS).
* C:\Program Files\Google\Chrome\Application\chrome.exe Connects to "74.125.200.239" on port 443 (TCP - HTTPS).
* C:\Program Files\Google\Chrome\Application\chrome.exe Connects to "216.58.199.163" on port 443 (TCP - HTTPS).
* C:\Program Files\Google\Chrome\Application\chrome.exe Connects to "37.187.174.83" on port 80 (TCP - HTTP).
* C:\Program Files\Google\Chrome\Application\chrome.exe Connects to "216.58.199.174" on port 443 (TCP - HTTPS).
* Downloads file from "maxdriverupdater.com/afterinstall.html?newmaxdu=1&utm_content=AfterInstall&utm_term=Setup&page=install&utm_source=39018&affiliate=39018&utm_campaign=39018&utm_medium=39018&affiliateid=39018&LangID=en".
* Downloads file from "maxdriverupdater.com/favicon.ico".

Process/window/string information:

* Keylogger functionality.
* Gets user name information.
* Gets system default language ID.
* Gets input locale identifiers.
* Gets volume information.
* Gets computer name.
* Checks for debuggers.
* Modifies access control lists (ACLs) of files.
* Uses a pipe for inter-process communication.
* Anti-Malware Analyzer routine: Disk information query.
* Creates process "null, "C:\Users\vmware\AppData\Local\Temp\is-U3ACS.tmp\maxdriverupdater-widget..tmp" /SL5="$6072C,3188624,221696,C:\Users\vmware\Desktop\report\maxdriverupdater-widget..exe" , null".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\AppData\Local\Temp\is-U3ACS.tmp\maxdriverupdater-widget..tmp".
* Creates a mutex "Local\RstrMgr3887CAB8-533F-4C85-B0DC-3E5639F8D511".
* Creates a mutex "Local\RstrMgr-3887CAB8-533F-4C85-B0DC-3E5639F8D511-Session0000".
* Creates a mutex "ADU_Max Driver Updater_24BF8EAB-03C7-4e3c-B10F-1D1F7C0297CB_1".
* Creates process "null, "C:\Windows\system32\taskkill.exe" /f /im maxdu.exe, C:\Windows\system32".
* Injects code into process "C:\Windows\System32\taskkill.exe".
* Enables privilege SeDebugPrivilege.
* Enumerates running processes.
* Creates process "C:\Windows\System32\taskkill.exe, "C:\Windows\System32\taskkill.exe" /f /im "maxdu.exe", C:\Windows\system32".
* Creates process "null, "C:\Windows\system32\regsvr32.exe" /s "C:\Windows\system32\jscript.dll", C:\Windows\system32".
* Injects code into process "C:\Windows\System32\regsvr32.exe".
* Creates process "C:\Windows\System32\schtasks.exe, "C:\Windows\System32\schtasks.exe" /delete /tn "csdimedia-MaxDriverUpdater" /f, C:\Program Files\Max Driver Updater".
* Injects code into process "C:\Windows\System32\schtasks.exe".
* Creates process "C:\Windows\System32\schtasks.exe, "C:\Windows\System32\schtasks.exe" /delete /tn "csdimediaMaxDriverUpdaterRunAtStartup" /f, C:\Program Files\Max Driver Updater".
* Creates process "C:\Windows\system32\netsh.exe, "C:\Windows\system32\netsh.exe" advfirewall firewall delete rule "MaxDriverUpdater" , C:\Program Files\Max Driver Updater".
* Injects code into process "C:\Windows\System32\netsh.exe".
* Creates process "C:\Windows\system32\netsh.exe, "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="MaxDriverUpdater" dir=in action=allow program="C:\Program Files\Max Driver Updater\maxdu.exe" , C:\Program Files\Max Driver Updater".
* Creates a mutex "Local\!IETld!Mutex".
* Creates process "C:\Program Files\Google\Chrome\Application\chrome.exe, "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "http://maxdriverupdater.com/afterinstall.html?newmaxdu=1&utm_content=AfterInstall&utm_term=Setup&page=install&utm_source=39018&affiliate=39018&utm_campaign=39018&utm_medium=39018&affiliateid=39018&LangID=en", C:\Windows\system32".
* Injects code into process "C:\Program Files\Google\Chrome\Application\chrome.exe".
* Creates process "null, "C:\Program Files\Max Driver Updater\maxdu.exe" -firstinstall, C:\Program Files\Max Driver Updater".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\drive\C\Program Files\Max Driver Updater\maxdu.exe".
* Creates a mutex "Global\3a886eb8-fe40-4d0a-b78b-9e0bcb683fb7".
* Creates a mutex "Local\!PrivacIE!SharedMemory!Mutex".
* Opens a service named "policyagent".
* Opens a service named "NapAgent".
* Creates an event named "Global\c:!program files!google!chrome!application!chrome.exe".
* Creates a mutex "Local\ChromeProcessSingletonStartup!".
* Opens a service named "AudioSrv".
* Creates a mutex "{A946A6A9-917E-4949-B9BC-6BADA8C7FD63}".
* Enables privilege SeAuditPrivilege.
* Creates a mutex "Local\MAX_DU_MAX Driver Updater_24BF8EAB-03C7-4e3c-B10F-1D1F7C0297CB".
* Terminates process "C:\Program Files\Google\Chrome\Application\chrome.exe".
* Creates a mutex "Local\__DDrawExclMode__".
* Creates a mutex "Local\__DDrawCheckExclMode__".
* Creates a mutex "Local\DDrawWindowListMutex".
* Creates a mutex "Local\DDrawDriverObjectListMutex".
* Opens a service named "Schedule".
* Opens a service named "Sens".
* Opens a service named "rasman".
* Opens a service named "winmgmt".
* Enables privilege SeRestorePrivilege.
* Enables process privileges.
* Sleeps 362 seconds.

Additional Information:

How To Remove maxdriverupdater-widget.exe

1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where maxdriverupdater-widget.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.

Top