File name:

Driver_Updater_setup.exe

Full analysis: https://app.any.run/tasks/9477b930-fd2b-400b-9f47-4a11a6ebbc38
Verdict: Malicious activity
Analysis date: April 22, 2024, 04:45:26
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

CB055D7DDB5B500C5FCB0051428FC3CC

SHA1:

C98493F9809C8FD95FD8067A2F1CADF2EE4CEAD3

SHA256:

011D634221DC4DE0498600568F37E27DE35CFE60FC2C2B22C2AA87871FB10C0A

SSDEEP:

98304:6+QqZ8fuhL4lMReXlNfUBJYZ35eJHcOpJn5KZD5pk0uypuJTMVLagOVFp+OKCJbP:ari9iJiRLFTA/YNswKfwv5z

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Driver_Updater_setup.exe (PID: 3416)
      • Driver_Updater_setup.exe (PID: 2548)
      • Driver_Updater_setup.tmp (PID: 3988)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • Driver_Updater_setup.tmp (PID: 3988)

    • Executable content was dropped or overwritten

      • Driver_Updater_setup.exe (PID: 2548)
      • Driver_Updater_setup.exe (PID: 3416)
      • Driver_Updater_setup.tmp (PID: 3988)

    • Drops 7-zip archiver for unpacking

      • Driver_Updater_setup.tmp (PID: 3988)

    • Reads security settings of Internet Explorer

      • PCHelpSoftDriverUpdater.exe (PID: 3236)
      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Reads the Internet Settings

      • PCHelpSoftDriverUpdater.exe (PID: 3236)
      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Non-standard symbols in registry

      • Driver_Updater_setup.tmp (PID: 3988)

    • Application launched itself

      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Reads settings of System Certificates

      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Adds/modifies Windows certificates

      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Checks Windows Trust Settings

      • PCHelpSoftDriverUpdater.exe (PID: 2336)

  • INFO

    • Checks supported languages

      • Driver_Updater_setup.exe (PID: 3416)
      • Driver_Updater_setup.exe (PID: 2548)
      • Driver_Updater_setup.tmp (PID: 1288)
      • Driver_Updater_setup.tmp (PID: 3988)
      • PCHelpSoftDriverUpdater.exe (PID: 3236)
      • DriverPro.exe (PID: 3404)
      • PCHelpSoftDriverUpdater.exe (PID: 2544)
      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Reads the computer name

      • Driver_Updater_setup.tmp (PID: 1288)
      • Driver_Updater_setup.tmp (PID: 3988)
      • PCHelpSoftDriverUpdater.exe (PID: 3236)
      • PCHelpSoftDriverUpdater.exe (PID: 2336)
      • DriverPro.exe (PID: 3404)
      • PCHelpSoftDriverUpdater.exe (PID: 2544)

    • Create files in a temporary directory

      • Driver_Updater_setup.exe (PID: 3416)
      • Driver_Updater_setup.exe (PID: 2548)
      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Creates files in the program directory

      • Driver_Updater_setup.tmp (PID: 3988)
      • DriverPro.exe (PID: 3404)

    • Creates a software uninstall entry

      • Driver_Updater_setup.tmp (PID: 3988)

    • Creates files or folders in the user directory

      • PCHelpSoftDriverUpdater.exe (PID: 3236)
      • PCHelpSoftDriverUpdater.exe (PID: 2336)
      • PCHelpSoftDriverUpdater.exe (PID: 2544)

    • Reads the machine GUID from the registry

      • PCHelpSoftDriverUpdater.exe (PID: 2336)
      • PCHelpSoftDriverUpdater.exe (PID: 3236)

    • Process checks computer location settings

      • PCHelpSoftDriverUpdater.exe (PID: 2336)
      • PCHelpSoftDriverUpdater.exe (PID: 2544)

    • Checks proxy server information

      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Reads the software policy settings

      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Reads Windows Product ID

      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Manual execution by a user

      • msedge.exe (PID: 1220)

    • Application launched itself

      • msedge.exe (PID: 3116)
      • msedge.exe (PID: 1220)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (65.1)
.exe | Win32 EXE PECompact compressed (generic) (24.6)
.dll | Win32 Dynamic Link Library (generic) (3.9)
.exe | Win32 Executable (generic) (2.6)
.exe | Win16/32 Executable Delphi generic (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:06:03 08:09:11+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741376
InitializedDataSize: 68096
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 7.1.1130.0
ProductVersionNumber: 7.1.1130.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: PC HelpSoft
FileDescription: PC HelpSoft Driver Updater
FileVersion: 7.1.1130.0
LegalCopyright: PC HelpSoft
OriginalFileName:
ProductName: PC HelpSoft Driver Updater
ProductVersion: 7.1.1130.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
76
Monitored processes
34
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start driver_updater_setup.exe driver_updater_setup.tmp no specs driver_updater_setup.exe driver_updater_setup.tmp pchelpsoftdriverupdater.exe no specs schtasks.exe no specs schtasks.exe no specs pchelpsoftdriverupdater.exe driverpro.exe no specs pchelpsoftdriverupdater.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
376"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3352 --field-trial-handle=1324,i,1025451212397511938,5049040391442548059,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
532"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3668 --field-trial-handle=1324,i,1025451212397511938,5049040391442548059,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
584"C:\Windows\System32\schtasks.exe" /Delete /TN "PC HelpSoft Driver Updater Monitoring" /FC:\Windows\System32\schtasks.exePCHelpSoftDriverUpdater.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Manages scheduled tasks
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
968"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1296,i,9301873096923023138,2237265777717116527,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1220"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate https://store.pchelpsoft.com/clickgate/join.aspx?ref=pchelpsoft.com&ujid=n4l4AdUDqyE%3D&mkey3=win_cta1&mkey4=0&mkey5=5&mkey6=0&mkey7=NO_TRIALC:\Program Files\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1288"C:\Users\admin\AppData\Local\Temp\is-NS9QR.tmp\Driver_Updater_setup.tmp" /SL5="$22016A,5837648,810496,C:\Users\admin\AppData\Local\Temp\Driver_Updater_setup.exe" C:\Users\admin\AppData\Local\Temp\is-NS9QR.tmp\Driver_Updater_setup.tmpDriver_Updater_setup.exe
User:
admin
Company:
PC HelpSoft
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-ns9qr.tmp\driver_updater_setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1368"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1280 --field-trial-handle=1296,i,9301873096923023138,2237265777717116527,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1560"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1324,i,1025451212397511938,5049040391442548059,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1832"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1324,i,1025451212397511938,5049040391442548059,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1880"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xdc,0x6ba1f598,0x6ba1f5a8,0x6ba1f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
30 273
Read events
30 032
Write events
212
Delete events
29

Modification events

(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
940F0000A632C5EA6F94DA01
(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
ECBE5B9F22A5EB24832FD9015B46E6300BC1FB2A9B7CAB1431732CDA48FF0F6A
(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files\PC HelpSoft Driver Updater\Extra\DriverPro.exe
(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
52542FBAFAA20A1F23EFD0CCEE1EE67B41BBBDD18E4C654D3D59BAF784C75D2A
(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.HDM_encrypted\OpenWithProgids
Operation:writeName:PCHelpSoftDriverUpdater.HDM_encrypted
Value:
(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\PCHelpSoftDriverUpdater.exe\SupportedTypes
Operation:writeName:.HDM_encrypted
Value:
(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_CURRENT_USER\Software\PC HelpSoft Driver Updater
Operation:writeName:Language
Value:
1
(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_CURRENT_USER\Software\PC HelpSoft Driver Updater
Operation:writeName:DelayedStart
Value:
0
(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_CURRENT_USER\Software\PC HelpSoft Driver Updater
Operation:writeName:SetupName
Value:
C:\Users\admin\AppData\Local\Temp\Driver_Updater_setup.exe
Executable files
20
Suspicious files
79
Text files
160
Unknown types
12

Dropped files

PID
Process
Filename
Type
3988Driver_Updater_setup.tmpC:\Program Files\PC HelpSoft Driver Updater\is-RSV5G.tmpexecutable
MD5:4947F753EB5C3B1AA3CE496A9AB30130
SHA256:1CB7131714F41D651792F15B48A128840C959A5190D076A7FEE5FE8B8EFE232D
3988Driver_Updater_setup.tmpC:\Program Files\PC HelpSoft Driver Updater\unins000.exeexecutable
MD5:4947F753EB5C3B1AA3CE496A9AB30130
SHA256:1CB7131714F41D651792F15B48A128840C959A5190D076A7FEE5FE8B8EFE232D
3988Driver_Updater_setup.tmpC:\Program Files\PC HelpSoft Driver Updater\Extra\is-HMLDS.tmpexecutable
MD5:34392941C1918C5639E8C0CBFA64115E
SHA256:C825552C99C321DFBAAE6B16D797F80A6557C555689BD78AF815B0D48B0CCB05
3988Driver_Updater_setup.tmpC:\Program Files\PC HelpSoft Driver Updater\Extra\Settings.initext
MD5:C12E324F7BA24C91F31927D7A720294A
SHA256:BAD8F599F3B38B7F67E77E26AEC057FA8849C0CB80B72AC9E7265F9DCB3AF199
3988Driver_Updater_setup.tmpC:\Program Files\PC HelpSoft Driver Updater\Extra\is-8FTI6.tmptext
MD5:C12E324F7BA24C91F31927D7A720294A
SHA256:BAD8F599F3B38B7F67E77E26AEC057FA8849C0CB80B72AC9E7265F9DCB3AF199
3416Driver_Updater_setup.exeC:\Users\admin\AppData\Local\Temp\is-NS9QR.tmp\Driver_Updater_setup.tmpexecutable
MD5:4947F753EB5C3B1AA3CE496A9AB30130
SHA256:1CB7131714F41D651792F15B48A128840C959A5190D076A7FEE5FE8B8EFE232D
2548Driver_Updater_setup.exeC:\Users\admin\AppData\Local\Temp\is-MRD4U.tmp\Driver_Updater_setup.tmpexecutable
MD5:4947F753EB5C3B1AA3CE496A9AB30130
SHA256:1CB7131714F41D651792F15B48A128840C959A5190D076A7FEE5FE8B8EFE232D
3988Driver_Updater_setup.tmpC:\Program Files\PC HelpSoft Driver Updater\Extra\is-TMT32.tmpimage
MD5:915F2CE934FD4789216B91BF9C2609FD
SHA256:135D81FEEF8BC93E48F3D929D9249ABE56E8B0A566F51964C8CAD28602219250
3988Driver_Updater_setup.tmpC:\Program Files\PC HelpSoft Driver Updater\Extra\Animation.gifimage
MD5:915F2CE934FD4789216B91BF9C2609FD
SHA256:135D81FEEF8BC93E48F3D929D9249ABE56E8B0A566F51964C8CAD28602219250
3988Driver_Updater_setup.tmpC:\Program Files\PC HelpSoft Driver Updater\Extra\is-FDFR0.tmptext
MD5:FACB8BA5A3FF31B9AD16A410096979F0
SHA256:4F6EE74BB3F07809DA715D9F0A30112F8FAB35676D58E57915CA16B1BD6F4425
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
83
DNS requests
78
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
488
lsass.exe
GET
200
108.138.2.195:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
unknown
unknown
488
lsass.exe
GET
200
18.245.65.219:80
http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAIZ3N4iW9BAI0lEJQIp3%2F0%3D
unknown
unknown
2336
PCHelpSoftDriverUpdater.exe
POST
200
18.245.86.105:80
http://api.playanext.com/httpapi
unknown
unknown
2336
PCHelpSoftDriverUpdater.exe
POST
200
18.245.86.105:80
http://api.playanext.com/httpapi
unknown
unknown
488
lsass.exe
GET
200
18.245.39.64:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkzUBtJnwJkc3SmanzgxeYU%3D
unknown
unknown
2336
PCHelpSoftDriverUpdater.exe
POST
200
18.245.86.105:80
http://api.playanext.com/httpapi
unknown
unknown
2336
PCHelpSoftDriverUpdater.exe
POST
200
18.245.86.105:80
http://api.playanext.com/httpapi
unknown
unknown
2336
PCHelpSoftDriverUpdater.exe
GET
200
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?78b1ae975f98aaed
unknown
unknown
488
lsass.exe
GET
200
18.245.39.64:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
unknown
unknown
488
lsass.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?58113e117cf2b140
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
2336
PCHelpSoftDriverUpdater.exe
99.86.4.76:443
offers.playanext.com
AMAZON-02
US
unknown
2336
PCHelpSoftDriverUpdater.exe
18.245.86.105:80
api.playanext.com
US
unknown
2336
PCHelpSoftDriverUpdater.exe
116.203.251.147:443
drivers.avqtools.com
Hetzner Online GmbH
DE
unknown
2336
PCHelpSoftDriverUpdater.exe
216.239.34.21:443
cloud.pchelpsoft.com
GOOGLE
US
whitelisted
488
lsass.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown
2336
PCHelpSoftDriverUpdater.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown

DNS requests

Domain
IP
Reputation
drivers.avqtools.com
  • 116.203.251.147
unknown
api.playanext.com
  • 18.245.86.105
  • 18.245.86.26
  • 18.245.86.79
  • 18.245.86.84
whitelisted
offers.playanext.com
  • 99.86.4.76
  • 99.86.4.112
  • 99.86.4.23
  • 99.86.4.92
unknown
collect.avqtools.com
  • 116.203.251.147
unknown
cloud.pchelpsoft.com
  • 216.239.34.21
  • 216.239.36.21
  • 216.239.38.21
  • 216.239.32.21
unknown
ctldl.windowsupdate.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
o.ss2.us
  • 108.138.2.195
  • 108.138.2.107
  • 108.138.2.10
  • 108.138.2.173
whitelisted
ocsp.rootg2.amazontrust.com
  • 18.245.39.64
whitelisted
ocsp.rootca1.amazontrust.com
  • 18.245.39.64
shared
ocsp.r2m03.amazontrust.com
  • 18.245.65.219
unknown

Threats

PID
Process
Class
Message
2408
msedge.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
2408
msedge.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard Low Port)
2408
msedge.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard Low Port)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Driver_Updater_setup.exe