File name:

Driver_Updater_setup.exe

Full analysis: https://app.any.run/tasks/9477b930-fd2b-400b-9f47-4a11a6ebbc38
Verdict: Malicious activity
Analysis date: April 22, 2024, 04:45:26
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

CB055D7DDB5B500C5FCB0051428FC3CC

SHA1:

C98493F9809C8FD95FD8067A2F1CADF2EE4CEAD3

SHA256:

011D634221DC4DE0498600568F37E27DE35CFE60FC2C2B22C2AA87871FB10C0A

SSDEEP:

98304:6+QqZ8fuhL4lMReXlNfUBJYZ35eJHcOpJn5KZD5pk0uypuJTMVLagOVFp+OKCJbP:ari9iJiRLFTA/YNswKfwv5z

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Driver_Updater_setup.exe (PID: 3416)
      • Driver_Updater_setup.exe (PID: 2548)
      • Driver_Updater_setup.tmp (PID: 3988)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Driver_Updater_setup.exe (PID: 3416)
      • Driver_Updater_setup.exe (PID: 2548)
      • Driver_Updater_setup.tmp (PID: 3988)

    • Reads the Windows owner or organization settings

      • Driver_Updater_setup.tmp (PID: 3988)

    • Drops 7-zip archiver for unpacking

      • Driver_Updater_setup.tmp (PID: 3988)

    • Reads the Internet Settings

      • PCHelpSoftDriverUpdater.exe (PID: 3236)
      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Reads security settings of Internet Explorer

      • PCHelpSoftDriverUpdater.exe (PID: 3236)
      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Non-standard symbols in registry

      • Driver_Updater_setup.tmp (PID: 3988)

    • Checks Windows Trust Settings

      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Adds/modifies Windows certificates

      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Application launched itself

      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Reads settings of System Certificates

      • PCHelpSoftDriverUpdater.exe (PID: 2336)

  • INFO

    • Checks supported languages

      • Driver_Updater_setup.exe (PID: 3416)
      • Driver_Updater_setup.tmp (PID: 1288)
      • Driver_Updater_setup.exe (PID: 2548)
      • Driver_Updater_setup.tmp (PID: 3988)
      • PCHelpSoftDriverUpdater.exe (PID: 3236)
      • PCHelpSoftDriverUpdater.exe (PID: 2336)
      • DriverPro.exe (PID: 3404)
      • PCHelpSoftDriverUpdater.exe (PID: 2544)

    • Reads the computer name

      • Driver_Updater_setup.tmp (PID: 1288)
      • Driver_Updater_setup.tmp (PID: 3988)
      • PCHelpSoftDriverUpdater.exe (PID: 3236)
      • PCHelpSoftDriverUpdater.exe (PID: 2336)
      • DriverPro.exe (PID: 3404)
      • PCHelpSoftDriverUpdater.exe (PID: 2544)

    • Create files in a temporary directory

      • Driver_Updater_setup.exe (PID: 3416)
      • Driver_Updater_setup.exe (PID: 2548)
      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Creates a software uninstall entry

      • Driver_Updater_setup.tmp (PID: 3988)

    • Creates files in the program directory

      • Driver_Updater_setup.tmp (PID: 3988)
      • DriverPro.exe (PID: 3404)

    • Reads Windows Product ID

      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Reads the machine GUID from the registry

      • PCHelpSoftDriverUpdater.exe (PID: 3236)
      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Creates files or folders in the user directory

      • PCHelpSoftDriverUpdater.exe (PID: 3236)
      • PCHelpSoftDriverUpdater.exe (PID: 2336)
      • PCHelpSoftDriverUpdater.exe (PID: 2544)

    • Process checks computer location settings

      • PCHelpSoftDriverUpdater.exe (PID: 2336)
      • PCHelpSoftDriverUpdater.exe (PID: 2544)

    • Application launched itself

      • msedge.exe (PID: 3116)
      • msedge.exe (PID: 1220)

    • Checks proxy server information

      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Reads the software policy settings

      • PCHelpSoftDriverUpdater.exe (PID: 2336)

    • Manual execution by a user

      • msedge.exe (PID: 1220)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (65.1)
.exe | Win32 EXE PECompact compressed (generic) (24.6)
.dll | Win32 Dynamic Link Library (generic) (3.9)
.exe | Win32 Executable (generic) (2.6)
.exe | Win16/32 Executable Delphi generic (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:06:03 08:09:11+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741376
InitializedDataSize: 68096
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 7.1.1130.0
ProductVersionNumber: 7.1.1130.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: PC HelpSoft
FileDescription: PC HelpSoft Driver Updater
FileVersion: 7.1.1130.0
LegalCopyright: PC HelpSoft
OriginalFileName:
ProductName: PC HelpSoft Driver Updater
ProductVersion: 7.1.1130.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
76
Monitored processes
34
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start driver_updater_setup.exe driver_updater_setup.tmp no specs driver_updater_setup.exe driver_updater_setup.tmp pchelpsoftdriverupdater.exe no specs schtasks.exe no specs schtasks.exe no specs pchelpsoftdriverupdater.exe driverpro.exe no specs pchelpsoftdriverupdater.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
376"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3352 --field-trial-handle=1324,i,1025451212397511938,5049040391442548059,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
532"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3668 --field-trial-handle=1324,i,1025451212397511938,5049040391442548059,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
584"C:\Windows\System32\schtasks.exe" /Delete /TN "PC HelpSoft Driver Updater Monitoring" /FC:\Windows\System32\schtasks.exePCHelpSoftDriverUpdater.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Manages scheduled tasks
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
968"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1536 --field-trial-handle=1296,i,9301873096923023138,2237265777717116527,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1220"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate https://store.pchelpsoft.com/clickgate/join.aspx?ref=pchelpsoft.com&ujid=n4l4AdUDqyE%3D&mkey3=win_cta1&mkey4=0&mkey5=5&mkey6=0&mkey7=NO_TRIALC:\Program Files\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1288"C:\Users\admin\AppData\Local\Temp\is-NS9QR.tmp\Driver_Updater_setup.tmp" /SL5="$22016A,5837648,810496,C:\Users\admin\AppData\Local\Temp\Driver_Updater_setup.exe" C:\Users\admin\AppData\Local\Temp\is-NS9QR.tmp\Driver_Updater_setup.tmpDriver_Updater_setup.exe
User:
admin
Company:
PC HelpSoft
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-ns9qr.tmp\driver_updater_setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1368"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1280 --field-trial-handle=1296,i,9301873096923023138,2237265777717116527,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1560"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1324,i,1025451212397511938,5049040391442548059,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1832"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=1324,i,1025451212397511938,5049040391442548059,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1880"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xdc,0x6ba1f598,0x6ba1f5a8,0x6ba1f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
30 273
Read events
30 032
Write events
212
Delete events
29

Modification events

(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
940F0000A632C5EA6F94DA01
(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
ECBE5B9F22A5EB24832FD9015B46E6300BC1FB2A9B7CAB1431732CDA48FF0F6A
(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files\PC HelpSoft Driver Updater\Extra\DriverPro.exe
(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
52542FBAFAA20A1F23EFD0CCEE1EE67B41BBBDD18E4C654D3D59BAF784C75D2A
(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.HDM_encrypted\OpenWithProgids
Operation:writeName:PCHelpSoftDriverUpdater.HDM_encrypted
Value:
(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\PCHelpSoftDriverUpdater.exe\SupportedTypes
Operation:writeName:.HDM_encrypted
Value:
(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_CURRENT_USER\Software\PC HelpSoft Driver Updater
Operation:writeName:Language
Value:
1
(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_CURRENT_USER\Software\PC HelpSoft Driver Updater
Operation:writeName:DelayedStart
Value:
0
(PID) Process:(3988) Driver_Updater_setup.tmpKey:HKEY_CURRENT_USER\Software\PC HelpSoft Driver Updater
Operation:writeName:SetupName
Value:
C:\Users\admin\AppData\Local\Temp\Driver_Updater_setup.exe
Executable files
20
Suspicious files
79
Text files
160
Unknown types
12

Dropped files

PID
Process
Filename
Type
3416Driver_Updater_setup.exeC:\Users\admin\AppData\Local\Temp\is-NS9QR.tmp\Driver_Updater_setup.tmpexecutable
MD5:4947F753EB5C3B1AA3CE496A9AB30130
SHA256:1CB7131714F41D651792F15B48A128840C959A5190D076A7FEE5FE8B8EFE232D
2548Driver_Updater_setup.exeC:\Users\admin\AppData\Local\Temp\is-MRD4U.tmp\Driver_Updater_setup.tmpexecutable
MD5:4947F753EB5C3B1AA3CE496A9AB30130
SHA256:1CB7131714F41D651792F15B48A128840C959A5190D076A7FEE5FE8B8EFE232D
3988Driver_Updater_setup.tmpC:\Program Files\PC HelpSoft Driver Updater\Extra\DriverPro.exeexecutable
MD5:34392941C1918C5639E8C0CBFA64115E
SHA256:C825552C99C321DFBAAE6B16D797F80A6557C555689BD78AF815B0D48B0CCB05
3988Driver_Updater_setup.tmpC:\Program Files\PC HelpSoft Driver Updater\Extra\Animation.gifimage
MD5:915F2CE934FD4789216B91BF9C2609FD
SHA256:135D81FEEF8BC93E48F3D929D9249ABE56E8B0A566F51964C8CAD28602219250
3988Driver_Updater_setup.tmpC:\Program Files\PC HelpSoft Driver Updater\unins000.exeexecutable
MD5:4947F753EB5C3B1AA3CE496A9AB30130
SHA256:1CB7131714F41D651792F15B48A128840C959A5190D076A7FEE5FE8B8EFE232D
3988Driver_Updater_setup.tmpC:\Program Files\PC HelpSoft Driver Updater\Extra\is-CGVA2.tmpexecutable
MD5:33BEA8D12BB5F49A948B650A882F54FE
SHA256:B82D89D84D2815B550810DCBB7F99E68B793DC152AA3838C8F953A7BE50B750F
3988Driver_Updater_setup.tmpC:\Program Files\PC HelpSoft Driver Updater\Extra\is-HMLDS.tmpexecutable
MD5:34392941C1918C5639E8C0CBFA64115E
SHA256:C825552C99C321DFBAAE6B16D797F80A6557C555689BD78AF815B0D48B0CCB05
3988Driver_Updater_setup.tmpC:\Program Files\PC HelpSoft Driver Updater\Extra\HDMSchedule.exeexecutable
MD5:33BEA8D12BB5F49A948B650A882F54FE
SHA256:B82D89D84D2815B550810DCBB7F99E68B793DC152AA3838C8F953A7BE50B750F
3988Driver_Updater_setup.tmpC:\Program Files\PC HelpSoft Driver Updater\Extra\is-8FTI6.tmptext
MD5:C12E324F7BA24C91F31927D7A720294A
SHA256:BAD8F599F3B38B7F67E77E26AEC057FA8849C0CB80B72AC9E7265F9DCB3AF199
3988Driver_Updater_setup.tmpC:\Program Files\PC HelpSoft Driver Updater\Extra\Settings.initext
MD5:C12E324F7BA24C91F31927D7A720294A
SHA256:BAD8F599F3B38B7F67E77E26AEC057FA8849C0CB80B72AC9E7265F9DCB3AF199
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
83
DNS requests
78
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2336
PCHelpSoftDriverUpdater.exe
POST
200
18.245.86.105:80
http://api.playanext.com/httpapi
unknown
unknown
488
lsass.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?58113e117cf2b140
unknown
unknown
2336
PCHelpSoftDriverUpdater.exe
GET
200
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?00da6e4ccd0a2f45
unknown
unknown
2336
PCHelpSoftDriverUpdater.exe
GET
200
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?d5cbbd0e20f5010c
unknown
unknown
2336
PCHelpSoftDriverUpdater.exe
GET
200
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?2b9f815de3da48bf
unknown
unknown
2336
PCHelpSoftDriverUpdater.exe
GET
200
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?78b1ae975f98aaed
unknown
unknown
488
lsass.exe
GET
200
108.138.2.195:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
unknown
unknown
488
lsass.exe
GET
200
18.245.39.64:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
unknown
unknown
488
lsass.exe
GET
200
18.245.39.64:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkzUBtJnwJkc3SmanzgxeYU%3D
unknown
unknown
488
lsass.exe
GET
200
18.245.65.219:80
http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAIZ3N4iW9BAI0lEJQIp3%2F0%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
2336
PCHelpSoftDriverUpdater.exe
99.86.4.76:443
offers.playanext.com
AMAZON-02
US
unknown
2336
PCHelpSoftDriverUpdater.exe
18.245.86.105:80
api.playanext.com
US
unknown
2336
PCHelpSoftDriverUpdater.exe
116.203.251.147:443
drivers.avqtools.com
Hetzner Online GmbH
DE
unknown
2336
PCHelpSoftDriverUpdater.exe
216.239.34.21:443
cloud.pchelpsoft.com
GOOGLE
US
whitelisted
488
lsass.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown
2336
PCHelpSoftDriverUpdater.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown

DNS requests

Domain
IP
Reputation
drivers.avqtools.com
  • 116.203.251.147
unknown
api.playanext.com
  • 18.245.86.105
  • 18.245.86.26
  • 18.245.86.79
  • 18.245.86.84
whitelisted
offers.playanext.com
  • 99.86.4.76
  • 99.86.4.112
  • 99.86.4.23
  • 99.86.4.92
unknown
collect.avqtools.com
  • 116.203.251.147
unknown
cloud.pchelpsoft.com
  • 216.239.34.21
  • 216.239.36.21
  • 216.239.38.21
  • 216.239.32.21
unknown
ctldl.windowsupdate.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
o.ss2.us
  • 108.138.2.195
  • 108.138.2.107
  • 108.138.2.10
  • 108.138.2.173
whitelisted
ocsp.rootg2.amazontrust.com
  • 18.245.39.64
whitelisted
ocsp.rootca1.amazontrust.com
  • 18.245.39.64
shared
ocsp.r2m03.amazontrust.com
  • 18.245.65.219
unknown

Threats

PID
Process
Class
Message
2408
msedge.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard High Port)
2408
msedge.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard Low Port)
2408
msedge.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard Low Port)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Driver_Updater_setup.exe