Malware analysis driveridentifier_setup.exe Malicious activity

Add for printing

File name:	driveridentifier_setup.exe
Full analysis:	https://app.any.run/tasks/133e1bb7-3d1d-4b58-bd52-ce64b0d448e3
Verdict:	Malicious activity
Analysis date:	August 30, 2024, 07:45:18
OS:	Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32 executable (GUI) Intel 80386, for MS Windows
MD5:	BBB1AB345527B79D388AAF8C413FFE01
SHA1:	7D3C7A62404FA0E2AAD1343D4A2F9C7B06051846
SHA256:	07BB70C93CF1886213C4D89A00C0B88A2FBA8DD86E248765831EC7866CE6F67C
SSDEEP:	98304:a+cD4dnZLlr7OyUXrLQGKe89UqcOQmAWrjTiZ2SHH/KID5kQwV+V8DFP2sWgX674:he2xCHK6K

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
No malicious indicators.
SUSPICIOUS
- Executable content was dropped or overwritten
  - driveridentifier_setup.exe (PID: 780)
  - driveridentifier_setup.exe (PID: 5160)
  - driveridentifier_setup.tmp (PID: 5096)
  - Driver_Updater_1304.exe (PID: 6564)
  - Driver_Updater_1304.exe (PID: 4604)
  - Driver_Updater_1304.tmp (PID: 1636)
- Drops the executable file immediately after the start
  - driveridentifier_setup.exe (PID: 780)
  - driveridentifier_setup.exe (PID: 5160)
  - driveridentifier_setup.tmp (PID: 5096)
  - Driver_Updater_1304.exe (PID: 6564)
  - Driver_Updater_1304.exe (PID: 4604)
  - Driver_Updater_1304.tmp (PID: 1636)
- Reads the date of Windows installation
  - driveridentifier_setup.tmp (PID: 488)
  - driveridentifier_setup.tmp (PID: 5096)
  - Driver_Updater_1304.tmp (PID: 2384)
  - PCHelpSoftDriverUpdater.exe (PID: 4524)
  - PCHelpSoftDriverUpdater.exe (PID: 7580)
  - DriverIdentifier.exe (PID: 6260)
  - MyDriverUploader.exe (PID: 6028)
- Reads security settings of Internet Explorer
  - driveridentifier_setup.tmp (PID: 488)
  - driveridentifier_setup.tmp (PID: 5096)
  - Driver_Updater_1304.tmp (PID: 2384)
  - PCHelpSoftDriverUpdater.exe (PID: 4524)
  - PCHelpSoftDriverUpdater.exe (PID: 7580)
  - DriverIdentifier.exe (PID: 6260)
  - MyDriverUploader.exe (PID: 6028)
- Reads the Windows owner or organization settings
  - driveridentifier_setup.tmp (PID: 5096)
  - Driver_Updater_1304.tmp (PID: 1636)
- Drops 7-zip archiver for unpacking
  - driveridentifier_setup.tmp (PID: 5096)
  - Driver_Updater_1304.tmp (PID: 1636)
- Process drops legitimate windows executable
  - driveridentifier_setup.tmp (PID: 5096)
- Deletes scheduled task without confirmation
  - schtasks.exe (PID: 5944)
  - schtasks.exe (PID: 7764)
- Application launched itself
  - PCHelpSoftDriverUpdater.exe (PID: 7580)
- Checks Windows Trust Settings
  - PCHelpSoftDriverUpdater.exe (PID: 7580)
- Reads Microsoft Outlook installation path
  - DriverIdentifier.exe (PID: 6260)
- Starts CMD.EXE for commands execution
  - php.exe (PID: 5116)
- Uses WMIC.EXE to obtain operating system information
  - cmd.exe (PID: 7028)
INFO
- Reads the computer name
  - driveridentifier_setup.tmp (PID: 488)
  - driveridentifier_setup.tmp (PID: 5096)
  - DriverIdentifier.exe (PID: 6260)
  - identity_helper.exe (PID: 5712)
  - Driver_Updater_1304.tmp (PID: 2384)
  - Driver_Updater_1304.tmp (PID: 1636)
  - PCHelpSoftDriverUpdater.exe (PID: 4524)
  - DriverPro.exe (PID: 7564)
  - PCHelpSoftDriverUpdater.exe (PID: 7580)
  - PCHelpSoftDriverUpdater.exe (PID: 7796)
  - identity_helper.exe (PID: 4804)
  - MyDriverUploader.exe (PID: 6028)
  - php.exe (PID: 5116)
- Process checks computer location settings
  - driveridentifier_setup.tmp (PID: 488)
  - driveridentifier_setup.tmp (PID: 5096)
  - Driver_Updater_1304.tmp (PID: 2384)
  - PCHelpSoftDriverUpdater.exe (PID: 4524)
  - PCHelpSoftDriverUpdater.exe (PID: 7580)
  - PCHelpSoftDriverUpdater.exe (PID: 7796)
  - DriverIdentifier.exe (PID: 6260)
  - MyDriverUploader.exe (PID: 6028)
- Checks supported languages
  - driveridentifier_setup.tmp (PID: 488)
  - driveridentifier_setup.exe (PID: 5160)
  - driveridentifier_setup.tmp (PID: 5096)
  - driveridentifier_setup.exe (PID: 780)
  - DriverIdentifier.exe (PID: 6260)
  - identity_helper.exe (PID: 5712)
  - Driver_Updater_1304.tmp (PID: 2384)
  - Driver_Updater_1304.exe (PID: 4604)
  - Driver_Updater_1304.tmp (PID: 1636)
  - Driver_Updater_1304.exe (PID: 6564)
  - PCHelpSoftDriverUpdater.exe (PID: 4524)
  - PCHelpSoftDriverUpdater.exe (PID: 7580)
  - PCHelpSoftDriverUpdater.exe (PID: 7796)
  - DriverPro.exe (PID: 7564)
  - identity_helper.exe (PID: 4804)
  - MyDriverUploader.exe (PID: 6028)
  - php.exe (PID: 5116)
- Create files in a temporary directory
  - driveridentifier_setup.tmp (PID: 5096)
  - driveridentifier_setup.exe (PID: 5160)
  - DriverIdentifier.exe (PID: 6260)
  - driveridentifier_setup.exe (PID: 780)
  - Driver_Updater_1304.exe (PID: 6564)
  - Driver_Updater_1304.exe (PID: 4604)
  - Driver_Updater_1304.tmp (PID: 1636)
  - PCHelpSoftDriverUpdater.exe (PID: 7580)
  - MyDriverUploader.exe (PID: 6028)
  - php.exe (PID: 5116)
- Creates files in the program directory
  - driveridentifier_setup.tmp (PID: 5096)
  - Driver_Updater_1304.tmp (PID: 1636)
  - DriverPro.exe (PID: 7564)
  - MyDriverUploader.exe (PID: 6028)
- Reads Microsoft Office registry keys
  - driveridentifier_setup.tmp (PID: 5096)
  - msedge.exe (PID: 1128)
  - msedge.exe (PID: 2008)
  - msedge.exe (PID: 6000)
- Manual execution by a user
  - msedge.exe (PID: 1128)
- Reads Environment values
  - identity_helper.exe (PID: 5712)
  - PCHelpSoftDriverUpdater.exe (PID: 4524)
  - PCHelpSoftDriverUpdater.exe (PID: 7580)
  - DriverPro.exe (PID: 7564)
  - PCHelpSoftDriverUpdater.exe (PID: 7796)
  - identity_helper.exe (PID: 4804)
- Creates a software uninstall entry
  - driveridentifier_setup.tmp (PID: 5096)
  - Driver_Updater_1304.tmp (PID: 1636)
- The process uses the downloaded file
  - driveridentifier_setup.tmp (PID: 5096)
  - msedge.exe (PID: 1128)
  - msedge.exe (PID: 8064)
  - PCHelpSoftDriverUpdater.exe (PID: 4524)
  - PCHelpSoftDriverUpdater.exe (PID: 7580)
  - DriverIdentifier.exe (PID: 6260)
  - MyDriverUploader.exe (PID: 6028)
- Application launched itself
  - msedge.exe (PID: 2008)
  - msedge.exe (PID: 1128)
  - msedge.exe (PID: 6000)
- Reads the software policy settings
  - slui.exe (PID: 5988)
  - PCHelpSoftDriverUpdater.exe (PID: 7580)
  - slui.exe (PID: 4164)
- Executable content was dropped or overwritten
  - msedge.exe (PID: 1128)
  - msedge.exe (PID: 1220)
- Creates files or folders in the user directory
  - PCHelpSoftDriverUpdater.exe (PID: 4524)
  - PCHelpSoftDriverUpdater.exe (PID: 7580)
  - PCHelpSoftDriverUpdater.exe (PID: 7796)
  - DriverIdentifier.exe (PID: 6260)
- Reads Windows Product ID
  - PCHelpSoftDriverUpdater.exe (PID: 7580)
- Reads the machine GUID from the registry
  - PCHelpSoftDriverUpdater.exe (PID: 7580)
  - DriverIdentifier.exe (PID: 6260)
  - php.exe (PID: 5116)
- Checks proxy server information
  - PCHelpSoftDriverUpdater.exe (PID: 7580)
  - slui.exe (PID: 4164)
- Reads security settings of Internet Explorer
  - WMIC.exe (PID: 6672)
- Checks operating system version
  - php.exe (PID: 5116)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Inno Setup installer (65.1)
.exe	\|	Win32 EXE PECompact compressed (generic) (24.6)
.dll	\|	Win32 Dynamic Link Library (generic) (3.9)
.exe	\|	Win32 Executable (generic) (2.6)
.exe	\|	Win16/32 Executable Delphi generic (1.2)

EXIF

EXE

MachineType:	Intel 386 or later, and compatibles
TimeStamp:	2023:02:15 14:54:16+00:00
ImageFileCharacteristics:	No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType:	PE32
LinkerVersion:	2.25
CodeSize:	741888
InitializedDataSize:	35840
UninitializedDataSize:	-
EntryPoint:	0xb5eec
OSVersion:	6.1
ImageVersion:	6
SubsystemVersion:	6.1
Subsystem:	Windows GUI
FileVersionNumber:	6.1.0.0
ProductVersionNumber:	6.1.0.0
FileFlagsMask:	0x003f
FileFlags:	(none)
FileOS:	Win32
ObjectFileType:	Executable application
FileSubtype:	-
LanguageCode:	Neutral
CharacterSet:	Unicode
Comments:	This installation was built with Inno Setup.
CompanyName:	DriverIdentifier
FileDescription:	DriverIdentifier Setup
FileVersion:	6.1
LegalCopyright:
OriginalFileName:
ProductName:	DriverIdentifier
ProductVersion:	6.1

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

286

Monitored processes

138

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

320

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5952 --field-trial-handle=2316,i,163924592617784078,9041644797642801703,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

368

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6596 --field-trial-handle=2316,i,163924592617784078,9041644797642801703,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

PWA Identity Proxy Host

Exit code:

3221226029

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll

488

"C:\Users\admin\AppData\Local\Temp\is-JTDO9.tmp\driveridentifier_setup.tmp" /SL5="$80396,4835121,778752,C:\Users\admin\Desktop\driveridentifier_setup.exe"

C:\Users\admin\AppData\Local\Temp\is-JTDO9.tmp\driveridentifier_setup.tmp

—

driveridentifier_setup.exe

User:

admin

Company:

DriverIdentifier

Integrity Level:

MEDIUM

Description:

Setup/Uninstall

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-jtdo9.tmp\driveridentifier_setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll

780

"C:\Users\admin\Desktop\driveridentifier_setup.exe"

C:\Users\admin\Desktop\driveridentifier_setup.exe

explorer.exe

User:

admin

Company:

DriverIdentifier

Integrity Level:

MEDIUM

Description:

DriverIdentifier Setup

Version:

6.1

Modules

Images
c:\users\admin\desktop\driveridentifier_setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll

1076

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x294,0x298,0x29c,0x288,0x2a4,0x7fffd3b55fd8,0x7fffd3b55fe4,0x7fffd3b55ff0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1128

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate --single-argument https://www.driveridentifier.com/?cmd=start&v=6.2&cmd_line=declined

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1220

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2472 --field-trial-handle=2316,i,163924592617784078,9041644797642801703,262144 --variations-seed-version /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1344

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5116 --field-trial-handle=2416,i,8094434356402560451,13707513020956366901,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1636

"C:\Users\admin\AppData\Local\Temp\is-7UFSQ.tmp\Driver_Updater_1304.tmp" /SL5="$603AC,6175688,810496,C:\Users\admin\Downloads\Driver_Updater_1304.exe" /SPAWNWND=$802CE /NOTIFYWND=$502F0

C:\Users\admin\AppData\Local\Temp\is-7UFSQ.tmp\Driver_Updater_1304.tmp

Driver_Updater_1304.exe

User:

admin

Company:

PC HelpSoft

Integrity Level:

HIGH

Description:

Setup/Uninstall

Exit code:

Version:

51.1052.0.0

Modules

Images
c:\users\admin\appdata\local\temp\is-7ufsq.tmp\driver_updater_1304.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll

1656

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6276 --field-trial-handle=2416,i,8094434356402560451,13707513020956366901,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

Add for printing

Total events

49 491

Read events

49 062

Write events

412

Delete events

Modification events


(PID) Process:	(5096) driveridentifier_setup.tmp	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:	write	Name:	Owner
Value: E8130000FD70FE93B0FADA01
(PID) Process:	(5096) driveridentifier_setup.tmp	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:	write	Name:	SessionHash
Value: 8C5F1245E731AF47F40B0FAB2C26E69C423E0A99A49B2B43467295D30ABC56D5
(PID) Process:	(5096) driveridentifier_setup.tmp	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:	write	Name:	Sequence
Value: 1
(PID) Process:	(5096) driveridentifier_setup.tmp	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:	write	Name:	RegFiles0000
Value: C:\Program Files (x86)\Driver Identifier\DriverIdentifier.exe
(PID) Process:	(5096) driveridentifier_setup.tmp	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:	write	Name:	RegFilesHash
Value: B9F851DEC94491E5FD029D37DB580B3517AB151BBD1386E595082AF70688EF0E
(PID) Process:	(5096) driveridentifier_setup.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Classes\driveruploader
Operation:	write	Name:	URL Protocol
Value:
(PID) Process:	(5096) driveridentifier_setup.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1
Operation:	write	Name:	Inno Setup: Setup Version
Value: 6.2.2
(PID) Process:	(5096) driveridentifier_setup.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1
Operation:	write	Name:	Inno Setup: App Path
Value: C:\Program Files (x86)\Driver Identifier
(PID) Process:	(5096) driveridentifier_setup.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1
Operation:	write	Name:	InstallLocation
Value: C:\Program Files (x86)\Driver Identifier\
(PID) Process:	(5096) driveridentifier_setup.tmp	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1
Operation:	write	Name:	Inno Setup: Icon Group
Value: Driver Identifier

Add for printing

Executable files

Suspicious files

658

Text files

307

Unknown types

Dropped files

PID	Process	Filename		Type
5160	driveridentifier_setup.exe	C:\Users\admin\AppData\Local\Temp\is-72AJK.tmp\driveridentifier_setup.tmp		executable
		MD5:926935272B2860B2EC3CD3485D96F0AA	SHA256:9695C7A46E91654083E822EB30971E1A1AC51E8B2500B22DF89237469729687B
780	driveridentifier_setup.exe	C:\Users\admin\AppData\Local\Temp\is-JTDO9.tmp\driveridentifier_setup.tmp		executable
		MD5:926935272B2860B2EC3CD3485D96F0AA	SHA256:9695C7A46E91654083E822EB30971E1A1AC51E8B2500B22DF89237469729687B
5096	driveridentifier_setup.tmp	C:\Program Files (x86)\Driver Identifier\psvince.dll		executable
		MD5:A4E5C512B047A6D9DC38549161CAC4DE	SHA256:C7F1E7E866834D9024F97C2B145C09D106E447E8ABD65A10A1732116D178E44E
5096	driveridentifier_setup.tmp	C:\Users\admin\AppData\Local\Temp\is-7JC77.tmp\psvince.dll		executable
		MD5:A4E5C512B047A6D9DC38549161CAC4DE	SHA256:C7F1E7E866834D9024F97C2B145C09D106E447E8ABD65A10A1732116D178E44E
5096	driveridentifier_setup.tmp	C:\Program Files (x86)\Driver Identifier\is-E9FOU.tmp		executable
		MD5:C8DCF04597C913AF685A770572EA2A8E	SHA256:AF2FBE36915E9E6FAF7CC69856798C8C246135E7962CF55AE9619B16D29374DF
5096	driveridentifier_setup.tmp	C:\Users\admin\AppData\Local\Temp\is-7JC77.tmp\_isetup\_setup64.tmp		executable
		MD5:E4211D6D009757C078A9FAC7FF4F03D4	SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
5096	driveridentifier_setup.tmp	C:\Program Files (x86)\Driver Identifier\is-GRCT2.tmp		executable
		MD5:81C4970314760D1669F7F85E802A8833	SHA256:1F3B6997FA8BD24569F361E9B44690DA6A00F2F42F659EB1C84D165C324155F5
5096	driveridentifier_setup.tmp	C:\Program Files (x86)\Driver Identifier\is-I2EJ8.tmp		executable
		MD5:A4E5C512B047A6D9DC38549161CAC4DE	SHA256:C7F1E7E866834D9024F97C2B145C09D106E447E8ABD65A10A1732116D178E44E
5096	driveridentifier_setup.tmp	C:\Program Files (x86)\Driver Identifier\DriverIdentifier.exe		executable
		MD5:16ADC25067286FDA14E2BA02D3C77912	SHA256:B28F9D39A99E39DD85F00EF9677B7CCFEA457E7A3D092200604B32DB726682D2
5096	driveridentifier_setup.tmp	C:\Program Files (x86)\Driver Identifier\is-35PL0.tmp		executable
		MD5:78490B09625B2ED0E8ADE069DA835F7C	SHA256:B535885340E807BCFA95CE539E55E07672E8D0DECBF7C9F65DECDAE96E596255

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

349

DNS requests

415

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
7852	SIHClient.exe	GET	200	23.35.229.160:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	unknown	—	—	whitelisted
8152	svchost.exe	HEAD	200	199.232.214.172:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a1310cb6-94be-46c6-b8dc-986450234260?P1=1725572530&P2=404&P3=2&P4=acIS0PsTCYYccdqJtzwXmz0PCP2LHU%2fbH5caIbNO1ebjPuF%2bfzUiDQi5yWlKcuwFOr%2bRfhcky5ifTUMjFj%2f9QQ%3d%3d	unknown	—	—	whitelisted
2028	svchost.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
8152	svchost.exe	GET	206	199.232.214.172:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a1310cb6-94be-46c6-b8dc-986450234260?P1=1725572530&P2=404&P3=2&P4=acIS0PsTCYYccdqJtzwXmz0PCP2LHU%2fbH5caIbNO1ebjPuF%2bfzUiDQi5yWlKcuwFOr%2bRfhcky5ifTUMjFj%2f9QQ%3d%3d	unknown	—	—	whitelisted
8152	svchost.exe	HEAD	200	199.232.214.172:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/e4e3842c-b736-489b-b1b0-5f03d2b80317?P1=1725572530&P2=404&P3=2&P4=GpBVjovNAaw%2bRp7TaMWjj5BEQpMwZBjbu03V599NCc8nRJqcvJmzi%2foZOjbvejOEUxX1kvkOE0FLOaN%2f6zrBOQ%3d%3d	unknown	—	—	whitelisted
7852	SIHClient.exe	GET	200	23.35.229.160:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	unknown	—	—	whitelisted
8152	svchost.exe	GET	206	199.232.214.172:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/a1310cb6-94be-46c6-b8dc-986450234260?P1=1725572530&P2=404&P3=2&P4=acIS0PsTCYYccdqJtzwXmz0PCP2LHU%2fbH5caIbNO1ebjPuF%2bfzUiDQi5yWlKcuwFOr%2bRfhcky5ifTUMjFj%2f9QQ%3d%3d	unknown	—	—	whitelisted
8152	svchost.exe	GET	206	199.232.214.172:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/e4e3842c-b736-489b-b1b0-5f03d2b80317?P1=1725572530&P2=404&P3=2&P4=GpBVjovNAaw%2bRp7TaMWjj5BEQpMwZBjbu03V599NCc8nRJqcvJmzi%2foZOjbvejOEUxX1kvkOE0FLOaN%2f6zrBOQ%3d%3d	unknown	—	—	whitelisted
8152	svchost.exe	GET	206	199.232.214.172:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/e4e3842c-b736-489b-b1b0-5f03d2b80317?P1=1725572530&P2=404&P3=2&P4=GpBVjovNAaw%2bRp7TaMWjj5BEQpMwZBjbu03V599NCc8nRJqcvJmzi%2foZOjbvejOEUxX1kvkOE0FLOaN%2f6zrBOQ%3d%3d	unknown	—	—	whitelisted
8152	svchost.exe	GET	206	199.232.214.172:80	http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/e4e3842c-b736-489b-b1b0-5f03d2b80317?P1=1725572530&P2=404&P3=2&P4=GpBVjovNAaw%2bRp7TaMWjj5BEQpMwZBjbu03V599NCc8nRJqcvJmzi%2foZOjbvejOEUxX1kvkOE0FLOaN%2f6zrBOQ%3d%3d	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
6244	RUXIMICS.exe	4.231.128.59:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
—	—	192.168.100.255:138	—	—	—	whitelisted
2120	MoUsoCoreWorker.exe	4.231.128.59:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
6252	svchost.exe	4.231.128.59:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
6252	svchost.exe	20.73.194.208:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
1220	msedge.exe	142.251.141.34:443	pagead2.googlesyndication.com	—	—	whitelisted
1220	msedge.exe	188.114.97.3:443	www.driveridentifier.com	—	—	unknown
1220	msedge.exe	13.107.42.16:443	config.edge.skype.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
1220	msedge.exe	157.240.252.13:443	connect.facebook.net	—	—	whitelisted
1128	msedge.exe	239.255.255.250:1900	—	—	—	whitelisted

DNS requests

Domain	IP	Reputation
google.com	142.250.186.46	whitelisted
settings-win.data.microsoft.com	20.73.194.208 4.231.128.59 51.124.78.146	whitelisted
config.edge.skype.com	13.107.42.16	whitelisted
www.driveridentifier.com	188.114.97.3 188.114.96.3	unknown
edge.microsoft.com	13.107.21.239 204.79.197.239	whitelisted
business.bing.com	13.107.6.158	whitelisted
edge-mobile-static.azureedge.net	13.107.253.67	whitelisted
bzib.nelreports.net	23.48.23.26 23.48.23.51 2.19.126.152 2.19.126.145	whitelisted
cdnjs.cloudflare.com	104.17.25.14 104.17.24.14	whitelisted
translate.google.com	216.58.212.14 142.250.185.238 142.250.186.46	whitelisted

Threats

PID	Process	Class	Message
1220	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
1220	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
1220	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
1220	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
1220	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
1220	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
1220	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Global content delivery network (unpkg .com)
1220	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
1220	msedge.exe	Not Suspicious Traffic	INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
1220	msedge.exe	Misc activity	ET INFO Session Traversal Utilities for NAT (STUN Binding Request On Non-Standard Low Port)

Add for printing

No debug info

General Info

driveridentifier_setup.exe

BBB1AB345527B79D388AAF8C413FFE01

7D3C7A62404FA0E2AAD1343D4A2F9C7B06051846

07BB70C93CF1886213C4D89A00C0B88A2FBA8DD86E248765831EC7866CE6F67C

98304:a+cD4dnZLlr7OyUXrLQGKe89UqcOQmAWrjTiZ2SHH/KID5kQwV+V8DFP2sWgX674:he2xCHK6K

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

SUSPICIOUS

Executable content was dropped or overwritten

Drops the executable file immediately after the start

Reads the date of Windows installation

Reads security settings of Internet Explorer

Reads the Windows owner or organization settings

Drops 7-zip archiver for unpacking

Process drops legitimate windows executable

Deletes scheduled task without confirmation

Application launched itself

Checks Windows Trust Settings

Reads Microsoft Outlook installation path

Starts CMD.EXE for commands execution

Uses WMIC.EXE to obtain operating system information

INFO

Reads the computer name

Process checks computer location settings

Checks supported languages

Create files in a temporary directory

Creates files in the program directory

Reads Microsoft Office registry keys

Manual execution by a user

Reads Environment values

Creates a software uninstall entry

The process uses the downloaded file

Application launched itself

Reads the software policy settings

Executable content was dropped or overwritten

Creates files or folders in the user directory

Reads Windows Product ID

Reads the machine GUID from the registry

Checks proxy server information

Reads security settings of Internet Explorer

Checks operating system version

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files