Program.Unwanted.2606

Technical Information

To ensure autorun and distribution

Modifies the following registry keys

[<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'DriverUpdate' = '"%ProgramFiles%\DriverUpdate\DriverUpdate.exe" -boot'

Creates or modifies the following files

<SYSTEM32>\tasks\driverupdate scan

Sets the following service settings

[<HKLM>\System\CurrentControlSet\Services\SlimWareServices] 'Start' = '00000002'
[<HKLM>\System\CurrentControlSet\Services\SlimWareServices] 'ImagePath' = '"%ProgramFiles%\SlimWare Utilities\Services\SlimWare.Services.exe"'

Creates the following services

'SlimWareServices' "%ProgramFiles%\SlimWare Utilities\Services\SlimWare.Services.exe"
'SlimWareServices' %ProgramFiles%\SlimWare Utilities\Services\SlimWare.Services.exe

Modifies file system

Creates the following files

%TEMP%\swufae1.tmp
%ProgramFiles%\slimware utilities\services\slimware.services.proxystub.dll
%ProgramFiles%\slimware utilities\services\slimware.session.exe
%ProgramFiles%\slimware utilities\services\slimware.session.proxystub.dll
%ProgramFiles%\driverupdate\unifiedlogger.dll
%ProgramFiles%\driverupdate\uninstallstub.exe
%ProgramFiles%\driverupdate\dbghelp.dll
%ProgramFiles%\slimware utilities\services\bssndrpt64.exe
%ProgramFiles%\slimware utilities\services\bugsplat64.dll
%ProgramFiles%\slimware utilities\services\bugsplatrc64.dll
%WINDIR%\installer\{3e5a0633-577c-4cb7-ace7-406bbdcbf770}\icon.exe
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\driverupdate\driverupdate.lnk
%ALLUSERSPROFILE%\microsoft\windows\start menu\programs\driverupdate\driverupdate help.lnk
C:\users\public\desktop\driverupdate.lnk
%LOCALAPPDATA%\slimware utilities inc\driverupdate\settings.db-journal
%LOCALAPPDATA%\slimware utilities inc\driverupdate\settings.db
%ProgramFiles%\slimware utilities\services\slimware.services.exe
%LOCALAPPDATA%\slimware utilities inc\driverupdate\logs\2020-09-01 02-29-01 0.log
%ProgramFiles%\driverupdate\slimware.pushnotification.services.dll
%ProgramFiles%\driverupdate\slimware.driverupdate.services.dll
%TEMP%\swufae1.tmp.msi
C:\users\public\documents\downloaded installers\{3e5a0633-577c-4cb7-ace7-406bbdcbf770}\setup.msi
%ProgramFiles%\slimware utilities\services\bssndrpt.exe
%ProgramFiles%\driverupdate\bssndrpt.exe
%ProgramFiles%\slimware utilities\services\bugsplat.dll
%ProgramFiles%\driverupdate\bugsplat.dll
%ProgramFiles%\slimware utilities\services\bugsplatrc.dll
%ProgramFiles%\driverupdate\bugsplatrc.dll
%ProgramFiles%\slimware utilities\services\dbghelp.dll
%ProgramFiles%\driverupdate\dbghelp-app.dll
%ProgramFiles%\driverupdate\driverupdate.exe
%ProgramFiles%\slimware utilities\services\driverupdate.updatelauncher.exe
%ProgramFiles%\driverupdate\htmlayout.dll
%ProgramFiles%\driverupdate\open-source licenses.txt
%ProgramFiles%\slimware utilities\services\slimware.core.dll
%ProgramFiles%\driverupdate\slimware.messaging.dll
%LOCALAPPDATA%\slimware utilities inc\driverupdate\htmlayout.dll

Deletes the following files

%TEMP%\swufae1.tmp
%LOCALAPPDATA%\slimware utilities inc\driverupdate\settings.db-journal
<SYSTEM32>\tasks\driverupdate scan
%TEMP%\swufae1.tmp.msi

Substitutes the following files

%LOCALAPPDATA%\slimware utilities inc\driverupdate\settings.db-journal

Network activity

TCP

HTTP GET requests

http://tr#.####wareutilities.com/ulc.php?ev######################################################################################################################################################...
http://ap######.slimwareutilities.com/install/du/6.1/x64/DriverUpdate-setup.msi.bz2?ma############################################
http://do######.driverupdate.net/5.6.0/x64/DriverUpdate-setup.msi.bz2
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
http://www.sl###are.com/services/get_pc_brand.php?id##
http://x.##2.us/x.cer
http://oc##.#tartssl.com/sub/class2/code/ca/MEMwQTA%2FMD0wOzAJBgUrDgMCGgUABBQSOgrhRCSnWfKxoWTjWxhk8hga9AQU0E4PQJlsuEsZbzsouODjiAc0qrcCAhAV

HTTP POST requests

http://ap######.slimwareutilities.com/v1/AutoActivate
http://ap######.slimwareutilities.com/rpc/version-info

'sl###are.com':443

'dr######c.driverupdate.net':443

UDP

DNS ASK ap######.slimwareutilities.com
DNS ASK tr#.####wareutilities.com
DNS ASK do######.driverupdate.net
DNS ASK microsoft.com
DNS ASK sl###are.com
DNS ASK dr######c.driverupdate.net
DNS ASK x.##2.us
DNS ASK oc##.#tartssl.com

Miscellaneous

Creates and executes the following

'%ProgramFiles%\slimware utilities\services\slimware.services.exe'
'%ProgramFiles%\driverupdate\driverupdate.exe' -installscan
'%ProgramFiles%\slimware utilities\services\slimware.session.exe' -Embedding

Technologies

Terminology

Training and education

Myths

Technical Information

Curing recommendations

Free trial