File name:

DriverHubInstaller.exe

Full analysis: https://app.any.run/tasks/a15ebe28-0e47-4372-9a94-8919493fec6c
Verdict: Malicious activity
Analysis date: May 18, 2024, 19:21:11
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

3955635EAB486EFEEDA272531B4DA99A

SHA1:

E3566FAC9E5EBD4CB4521E035913030BC022276F

SHA256:

2DBB42715A3E67084F75F43C1067ED3EC61FD222998C3A5606641DD56FBEBE69

SSDEEP:

98304:9qvcpkBN0MuvAsdqMGc7sFkxBkwdmhsvO3abwWX9DDH/yMccKocWv8xVyWVlECbg:GkJOnO

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • DriverHubInstaller.exe (PID: 3956)
      • VC_redist.x86.exe (PID: 1620)
      • DriverHubInstaller.exe (PID: 2116)
      • VC_redist.x86.exe (PID: 768)
      • VC_redist.x86.exe (PID: 2052)
      • VC_redist.x86.exe (PID: 2408)
      • msiexec.exe (PID: 1332)
      • VC_redist.x86.exe (PID: 676)

    • Changes the autorun value in the registry

      • VC_redist.x86.exe (PID: 2052)

    • Creates a writable file in the system directory

      • msiexec.exe (PID: 1332)

  • SUSPICIOUS

    • Reads the Internet Settings

      • DriverHubInstaller.exe (PID: 3956)
      • DriverHubInstaller.exe (PID: 2116)
      • VC_redist.x86.exe (PID: 768)
      • VC_redist.x86.exe (PID: 2408)

    • Reads Microsoft Outlook installation path

      • DriverHubInstaller.exe (PID: 3956)
      • DriverHubInstaller.exe (PID: 2116)

    • Reads security settings of Internet Explorer

      • DriverHubInstaller.exe (PID: 3956)
      • DriverHubInstaller.exe (PID: 2116)
      • VC_redist.x86.exe (PID: 768)
      • VC_redist.x86.exe (PID: 2408)
      • DriverHub.exe (PID: 2436)

    • Application launched itself

      • DriverHubInstaller.exe (PID: 3956)
      • VC_redist.x86.exe (PID: 1964)
      • VC_redist.x86.exe (PID: 2408)

    • Reads Internet Explorer settings

      • DriverHubInstaller.exe (PID: 3956)
      • DriverHubInstaller.exe (PID: 2116)

    • Reads settings of System Certificates

      • DriverHubInstaller.exe (PID: 2116)
      • DriverHub.exe (PID: 2436)

    • Creates a software uninstall entry

      • DriverHubInstaller.exe (PID: 2116)
      • VC_redist.x86.exe (PID: 2052)
      • VC_redist.x86.exe (PID: 676)

    • Executable content was dropped or overwritten

      • DriverHubInstaller.exe (PID: 2116)
      • VC_redist.x86.exe (PID: 1620)
      • VC_redist.x86.exe (PID: 768)
      • VC_redist.x86.exe (PID: 2052)
      • VC_redist.x86.exe (PID: 2408)
      • VC_redist.x86.exe (PID: 676)

    • Process drops legitimate windows executable

      • DriverHubInstaller.exe (PID: 2116)
      • VC_redist.x86.exe (PID: 1620)
      • VC_redist.x86.exe (PID: 768)
      • VC_redist.x86.exe (PID: 2052)
      • msiexec.exe (PID: 1332)
      • VC_redist.x86.exe (PID: 676)

    • Starts a Microsoft application from unusual location

      • VC_redist.x86.exe (PID: 1620)
      • VC_redist.x86.exe (PID: 768)
      • VC_redist.x86.exe (PID: 2052)

    • Adds/modifies Windows certificates

      • DriverHubInstaller.exe (PID: 2116)

    • Starts itself from another location

      • VC_redist.x86.exe (PID: 768)

    • Searches for installed software

      • VC_redist.x86.exe (PID: 768)
      • VC_redist.x86.exe (PID: 2052)
      • VC_redist.x86.exe (PID: 2408)
      • VC_redist.x86.exe (PID: 676)

    • Executes as Windows Service

      • VSSVC.exe (PID: 1836)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 1332)
      • DriverHubInstaller.exe (PID: 2116)
      • DriverHub.exe (PID: 2436)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 1332)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 1332)

  • INFO

    • Reads the computer name

      • DriverHubInstaller.exe (PID: 3956)
      • DriverHubInstaller.exe (PID: 2116)
      • wmpnscfg.exe (PID: 1628)
      • VC_redist.x86.exe (PID: 768)
      • VC_redist.x86.exe (PID: 2052)
      • msiexec.exe (PID: 1332)
      • VC_redist.x86.exe (PID: 2408)
      • VC_redist.x86.exe (PID: 676)
      • DriverHub.exe (PID: 2436)

    • Checks supported languages

      • DriverHubInstaller.exe (PID: 3956)
      • DriverHubInstaller.exe (PID: 2116)
      • wmpnscfg.exe (PID: 1628)
      • VC_redist.x86.exe (PID: 1620)
      • VC_redist.x86.exe (PID: 768)
      • VC_redist.x86.exe (PID: 2052)
      • msiexec.exe (PID: 1332)
      • VC_redist.x86.exe (PID: 2408)
      • VC_redist.x86.exe (PID: 676)
      • VC_redist.x86.exe (PID: 1964)
      • DriverHub.exe (PID: 2436)

    • Reads the machine GUID from the registry

      • DriverHubInstaller.exe (PID: 3956)
      • DriverHubInstaller.exe (PID: 2116)
      • VC_redist.x86.exe (PID: 768)
      • VC_redist.x86.exe (PID: 2052)
      • msiexec.exe (PID: 1332)
      • VC_redist.x86.exe (PID: 2408)
      • VC_redist.x86.exe (PID: 676)
      • DriverHub.exe (PID: 2436)

    • Checks proxy server information

      • DriverHubInstaller.exe (PID: 3956)
      • DriverHubInstaller.exe (PID: 2116)

    • Process checks whether UAC notifications are on

      • DriverHubInstaller.exe (PID: 2116)

    • Creates files in the program directory

      • DriverHubInstaller.exe (PID: 2116)
      • VC_redist.x86.exe (PID: 2052)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1628)

    • Create files in a temporary directory

      • DriverHubInstaller.exe (PID: 2116)
      • VC_redist.x86.exe (PID: 768)
      • VC_redist.x86.exe (PID: 2052)
      • msiexec.exe (PID: 1332)
      • VC_redist.x86.exe (PID: 2408)

    • Reads the software policy settings

      • DriverHubInstaller.exe (PID: 2116)
      • msiexec.exe (PID: 1332)
      • DriverHub.exe (PID: 2436)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 1332)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 1332)

    • Creates files or folders in the user directory

      • DriverHubInstaller.exe (PID: 2116)
      • DriverHub.exe (PID: 2436)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable (generic) (3.6)
.exe | Generic Win/DOS Executable (1.6)
.exe | DOS Executable Generic (1.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:05:16 11:41:18+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 4757504
InitializedDataSize: 7328768
UninitializedDataSize: -
EntryPoint: 0x401a72
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 3.4.9.0
ProductVersionNumber: 3.4.9.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: ROSTPAY LTD.
FileDescription: Install DriverHub
InternalName: DriverHubInstaller
LegalCopyright: © ROSTPAY LTD. All rights reserved.
OriginalFileName: DriverHubInstaller.exe
ProductName: DriverHub
FileVersion: 3.4.9
ProductVersion: 3.4.9
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
49
Monitored processes
12
Malicious processes
9
Suspicious processes
1

Behavior graph

Click at the process to see the details
start driverhubinstaller.exe no specs driverhubinstaller.exe wmpnscfg.exe no specs vc_redist.x86.exe vc_redist.x86.exe vc_redist.x86.exe vssvc.exe no specs msiexec.exe vc_redist.x86.exe no specs vc_redist.x86.exe vc_redist.x86.exe driverhub.exe

Process information

PID
CMD
Path
Indicators
Parent process
676"C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{49194B84-8643-4705-956F-539216698BE8} {5517905B-5C85-472D-B027-21C28DCC2B34} 2408C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe
VC_redist.x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532
Exit code:
0
Version:
14.36.32532.0
Modules
Images
c:\programdata\package cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\vc_redist.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
768"C:\Windows\Temp\{A478E6E5-3091-4927-99DB-BC36F44E35C8}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\admin\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" -burn.filehandle.attached=152 -burn.filehandle.self=160 /quiet /norestartC:\Windows\Temp\{A478E6E5-3091-4927-99DB-BC36F44E35C8}\.cr\VC_redist.x86.exe
VC_redist.x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135
Exit code:
3010
Version:
14.38.33135.0
Modules
Images
c:\windows\temp\{a478e6e5-3091-4927-99db-bc36f44e35c8}\.cr\vc_redist.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1332C:\Windows\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1620"C:\Users\admin\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" /quiet /norestartC:\Users\admin\AppData\Local\Temp\DriverHub\VC_redist.x86.exe
DriverHubInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135
Exit code:
3010
Version:
14.38.33135.0
Modules
Images
c:\users\admin\appdata\local\temp\driverhub\vc_redist.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1628"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1836C:\Windows\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1964"C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" -uninstall -quiet -burn.related.upgrade -burn.ancestors={46c3b171-c15c-4137-8e1d-67eeb2985b44} -burn.filehandle.self=864 -burn.embedded BurnPipe.{BE052860-6436-47E8-AD5A-EA9626250201} {6399E040-158A-415A-91AB-FD3C78EBBEF3} 2052C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exeVC_redist.x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532
Exit code:
0
Version:
14.36.32532.0
Modules
Images
c:\programdata\package cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\vc_redist.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2052"C:\Windows\Temp\{6DF6B1CB-8FBC-4910-A337-A48FBCA86BE7}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{225D7729-A470-408D-AAEA-6B67A001F553} {7904AF09-0F27-4BD1-861A-AD9A5FC51B34} 768C:\Windows\Temp\{6DF6B1CB-8FBC-4910-A337-A48FBCA86BE7}\.be\VC_redist.x86.exe
VC_redist.x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135
Exit code:
3010
Version:
14.38.33135.0
Modules
Images
c:\windows\temp\{6df6b1cb-8fbc-4910-a337-a48fbca86be7}\.be\vc_redist.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2116"C:\Users\admin\Downloads\DriverHubInstaller.exe" /screen=proc /pos=240,46 /lang=enC:\Users\admin\Downloads\DriverHubInstaller.exe
DriverHubInstaller.exe
User:
admin
Company:
ROSTPAY LTD.
Integrity Level:
HIGH
Description:
Install DriverHub
Exit code:
0
Version:
3.4.9
Modules
Images
c:\users\admin\downloads\driverhubinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\webio.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2408"C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" -burn.clean.room="C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" -burn.filehandle.attached=152 -burn.filehandle.self=160 -uninstall -quiet -burn.related.upgrade -burn.ancestors={46c3b171-c15c-4137-8e1d-67eeb2985b44} -burn.filehandle.self=864 -burn.embedded BurnPipe.{BE052860-6436-47E8-AD5A-EA9626250201} {6399E040-158A-415A-91AB-FD3C78EBBEF3} 2052C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe
VC_redist.x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532
Exit code:
0
Version:
14.36.32532.0
Modules
Images
c:\programdata\package cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\vc_redist.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
50 944
Read events
49 950
Write events
643
Delete events
351

Modification events

(PID) Process:(3956) DriverHubInstaller.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3956) DriverHubInstaller.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3956) DriverHubInstaller.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3956) DriverHubInstaller.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3956) DriverHubInstaller.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3956) DriverHubInstaller.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3956) DriverHubInstaller.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2116) DriverHubInstaller.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2116) DriverHubInstaller.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(2116) DriverHubInstaller.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
Executable files
107
Suspicious files
99
Text files
619
Unknown types
0

Dropped files

PID
Process
Filename
Type
2116DriverHubInstaller.exeC:\Program Files\DriverHub\DriverHub.exeodttf
MD5:CA2C8157F279F015B4D05DF954D31735
SHA256:0503FBC7B5E35CE49544170DE9EDDF83049A39BEDC96A4F957E8D9D21505167E
2116DriverHubInstaller.exeC:\Program Files\DriverHub\DriverHubUninstaller.exeexecutable
MD5:E1B9C130947EC2B71FFEB9AE9808967E
SHA256:B070B13153CEE5C06261C72F40C466048E0794656FBB4FA64FACA66D5F4018A2
2116DriverHubInstaller.exeC:\Program Files\DriverHub\Images\DriverHubLogo.pngimage
MD5:451B153070269850DA133D4E493A1BD6
SHA256:91D221FE4045038100274A1A32F8155C0195517C51A712B1F742A4F5BBB45E4B
2116DriverHubInstaller.exeC:\Program Files\DriverHub\imageformats\qgif.dllexecutable
MD5:A7D24E2226FF09208E22FC6F70BF0DE7
SHA256:6356257682FB64D28AD68DEBEA96E1A0104C273E8838953459A110933F0A84BE
2116DriverHubInstaller.exeC:\Program Files\DriverHub\d3dcompiler_47.dllexecutable
MD5:C5B362BCE86BB0AD3149C4540201331D
SHA256:EFBDBBCD0D954F8FDC53467DE5D89AD525E4E4A9CFFF8A15D07C6FDB350C407F
2116DriverHubInstaller.exeC:\Program Files\DriverHub\libssl-1_1.dllexecutable
MD5:4A1BD71115017098E6B75570A61B6DC3
SHA256:244AE1F0EF1AD908B54068EB13611FBA58C8F78BA2F126ACDE7379A0C823123F
2116DriverHubInstaller.exeC:\Program Files\DriverHub\ProxymaDataSetup.exeexecutable
MD5:B540B85C8EE16F4A756352994C0F6E09
SHA256:7E90AE8D7A676E701AA0FFEA3EB4EDA31EDFBCFEF562F6D73F810A173D33F44F
2116DriverHubInstaller.exeC:\Program Files\DriverHub\opengl32sw.dllexecutable
MD5:8B197F55264A44B7B25046F7BA5BD7D2
SHA256:25AE7577E066FA80519A8F1C314B15CDD22E4A8D3ECD2A36ECCC79E40714A91D
2116DriverHubInstaller.exeC:\Program Files\DriverHub\Qt5Gui.dllexecutable
MD5:DF758556C1235D3A7E0CFAC2E060A465
SHA256:A383BC6B268D1E1B344414DDBDD400843649C61AD45C6018CA81EC0EF535B0DD
2116DriverHubInstaller.exeC:\Program Files\DriverHub\PDInterface.dllexecutable
MD5:9BC55DB8D82C0C55DE07A68757722A21
SHA256:10ED88872E665B1F1E349BA52EDEEDC55502113988AFFAE99B8E90CC694FBE57
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
33
DNS requests
7
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2116
DriverHubInstaller.exe
GET
200
69.192.161.44:80
http://x1.c.lencr.org/
unknown
unknown
2116
DriverHubInstaller.exe
GET
304
199.232.214.172:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?4bb8e789d886b072
unknown
unknown
2116
DriverHubInstaller.exe
GET
200
184.24.77.54:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgQD1n%2FIoHZIwk2IQzX2xUiGuw%3D%3D
unknown
unknown
480
lsass.exe
GET
200
184.24.77.54:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgM3oBEEzRMsvnzEeu4%2F79GHzA%3D%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
unknown
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
2116
DriverHubInstaller.exe
188.130.153.32:443
api.az-partners.net
Rostpay Ltd
RU
unknown
2116
DriverHubInstaller.exe
199.232.214.172:80
ctldl.windowsupdate.com
FASTLY
US
unknown
2116
DriverHubInstaller.exe
69.192.161.44:80
x1.c.lencr.org
AKAMAI-AS
DE
unknown
2116
DriverHubInstaller.exe
184.24.77.54:80
r3.o.lencr.org
Akamai International B.V.
DE
unknown
2436
DriverHub.exe
188.130.153.32:443
api.az-partners.net
Rostpay Ltd
RU
unknown
480
lsass.exe
184.24.77.54:80
r3.o.lencr.org
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
api.az-partners.net
  • 188.130.153.32
  • 188.130.153.33
unknown
www.drvhub.net
  • 188.130.153.32
  • 188.130.153.33
unknown
www.az-partners.net
  • 188.130.153.32
  • 188.130.153.33
malicious
ctldl.windowsupdate.com
  • 199.232.214.172
  • 199.232.210.172
whitelisted
x1.c.lencr.org
  • 69.192.161.44
whitelisted
r3.o.lencr.org
  • 184.24.77.54
  • 184.24.77.79
shared
api.drvhub.net
  • 188.130.153.32
  • 188.130.153.33
unknown

Threats

No threats detected
Process
Message
msiexec.exe
Failed to release Service
DriverHub.exe
qrc:/main.qml:655:13: QML Connections: Implicitly defined onFoo properties in Connections are deprecated. Use this syntax instead: function onFoo(<arguments>) { ... }
DriverHub.exe
qrc:/UpdateProgressDialog.qml:11:5: QML Connections: Implicitly defined onFoo properties in Connections are deprecated. Use this syntax instead: function onFoo(<arguments>) { ... }
DriverHub.exe
qrc:/main.qml:453:31: QML ItemDelegate: Binding loop detected for property "height"
DriverHub.exe
file:///C:/Program Files/DriverHub/QtQuick/Dialogs/DefaultFileDialog.qml:102:33: QML Settings: The following application identifiers have not been set: QVector("organizationName", "organizationDomain")
DriverHub.exe
file:///C:/Program Files/DriverHub/QtQuick/Dialogs/DefaultFileDialog.qml:102:33: QML Settings: Failed to initialize QSettings instance. Status code is: 1
DriverHub.exe
qrc:/SettingsPage.qml:29:9: QML MyCheckBox: Binding loop detected for property "width"
DriverHub.exe
qrc:/SettingsPage.qml:47:9: QML MyCheckBox: Binding loop detected for property "width"
DriverHub.exe
qrc:/SettingsPage.qml:47:9: QML MyCheckBox: Binding loop detected for property "width"
DriverHub.exe
qrc:/SettingsPage.qml:47:9: QML MyCheckBox: Binding loop detected for property "width"
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
DriverHubInstaller.exe