URL:

https://www.drivermax.com/

Full analysis: https://app.any.run/tasks/0386d6c2-1b75-497f-b30c-8d588ee8abd9
Verdict: Malicious activity
Analysis date: February 14, 2024, 16:04:51
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
evasion
Indicators:
MD5:

724DD1CAEA1A56A80512B96AF3B79D2C

SHA1:

04444109B32B7CA7E7A71DFB9E0AE4924EB000B2

SHA256:

2F681D492A5A9B9C5A31AAA02EFD68B43C6D2084E1EB3B93D6471DDE7A203EE4

SSDEEP:

3:N8DSLaWWK3:2OLn3

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • drivermax.exe (PID: 2260)
      • drivermax.exe (PID: 3028)
      • drivermax.tmp (PID: 3984)
      • drivermax.exe (PID: 2624)
      • drivermax.exe (PID: 4004)

    • Changes the autorun value in the registry

      • drivermax.tmp (PID: 3984)

    • Connects to the CnC server

      • drivermax.tmp (PID: 3984)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • drivermax.exe (PID: 2260)
      • drivermax.exe (PID: 3028)
      • drivermax.tmp (PID: 3984)
      • drivermax.exe (PID: 2624)
      • drivermax.exe (PID: 4004)

    • Process drops legitimate windows executable

      • drivermax.tmp (PID: 3984)
      • drivermax.exe (PID: 4004)

    • Reads the Internet Settings

      • drivermax.tmp (PID: 3984)
      • drivermax.exe (PID: 2624)
      • dxdiag.exe (PID: 4072)

    • Uses TASKKILL.EXE to kill process

      • drivermax.tmp (PID: 3984)

    • Reads security settings of Internet Explorer

      • drivermax.tmp (PID: 3984)
      • drivermax.exe (PID: 3288)
      • drivermax.exe (PID: 2624)
      • drivermax.exe (PID: 4004)
      • drivermax.exe (PID: 2404)

    • Reads settings of System Certificates

      • drivermax.tmp (PID: 3984)
      • drivermax.exe (PID: 3288)
      • drivermax.exe (PID: 4004)
      • drivermax.exe (PID: 2624)
      • dxdiag.exe (PID: 4072)
      • drivermax.exe (PID: 2404)

    • Adds/modifies Windows certificates

      • drivermax.tmp (PID: 3984)
      • drivermax.exe (PID: 3288)

    • Reads the Windows owner or organization settings

      • drivermax.tmp (PID: 3984)

    • Checks for external IP

      • drivermax.tmp (PID: 3984)
      • drivermax.exe (PID: 3288)
      • drivermax.exe (PID: 2624)
      • drivermax.exe (PID: 4004)
      • drivermax.exe (PID: 2404)

    • Checks Windows Trust Settings

      • drivermax.exe (PID: 3288)
      • drivermax.exe (PID: 2624)
      • drivermax.exe (PID: 4004)
      • drivermax.exe (PID: 2404)

    • Drops a system driver (possible attempt to evade defenses)

      • drivermax.exe (PID: 2624)
      • drivermax.exe (PID: 4004)

    • Searches for installed software

      • drivermax.exe (PID: 4004)

    • Starts CMD.EXE for commands execution

      • drivermax.exe (PID: 4004)

    • Checks for Java to be installed

      • java.exe (PID: 3216)

    • Creates/Modifies COM task schedule object

      • dxdiag.exe (PID: 4072)

    • Application launched itself

      • drivermax.exe (PID: 4004)

  • INFO

    • The process uses the downloaded file

      • FlashUtil32_32_0_0_453_ActiveX.exe (PID: 1992)
      • iexplore.exe (PID: 4052)

    • Application launched itself

      • iexplore.exe (PID: 4052)
      • msedge.exe (PID: 2856)
      • msedge.exe (PID: 1560)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 2920)
      • iexplore.exe (PID: 4052)

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 2920)
      • iexplore.exe (PID: 4052)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 4052)

    • Checks supported languages

      • drivermax.exe (PID: 2260)
      • drivermax.tmp (PID: 2240)
      • drivermax.exe (PID: 3028)
      • drivermax.tmp (PID: 3984)
      • stop_dmx.exe (PID: 2404)
      • drivermax.exe (PID: 3288)
      • innostp.exe (PID: 1092)
      • drivermax.exe (PID: 2624)
      • drivermax.exe (PID: 4004)
      • innostp.exe (PID: 948)
      • java.exe (PID: 3216)
      • innostp.exe (PID: 1020)
      • wmpnscfg.exe (PID: 2652)
      • drivermax.exe (PID: 2404)

    • Create files in a temporary directory

      • drivermax.exe (PID: 2260)
      • drivermax.exe (PID: 3028)
      • drivermax.tmp (PID: 3984)
      • java.exe (PID: 3216)

    • Reads the computer name

      • drivermax.tmp (PID: 2240)
      • drivermax.tmp (PID: 3984)
      • drivermax.exe (PID: 3288)
      • innostp.exe (PID: 1092)
      • drivermax.exe (PID: 2624)
      • drivermax.exe (PID: 4004)
      • innostp.exe (PID: 948)
      • innostp.exe (PID: 1020)
      • wmpnscfg.exe (PID: 2652)
      • drivermax.exe (PID: 2404)

    • Checks proxy server information

      • drivermax.tmp (PID: 3984)

    • Reads the software policy settings

      • drivermax.tmp (PID: 3984)
      • drivermax.exe (PID: 3288)
      • drivermax.exe (PID: 4004)
      • drivermax.exe (PID: 2624)
      • dxdiag.exe (PID: 4072)
      • drivermax.exe (PID: 2404)

    • Creates files or folders in the user directory

      • drivermax.tmp (PID: 3984)
      • drivermax.exe (PID: 4004)
      • drivermax.exe (PID: 2624)

    • Creates files in the program directory

      • drivermax.tmp (PID: 3984)
      • drivermax.exe (PID: 3288)
      • drivermax.exe (PID: 4004)
      • dxdiag.exe (PID: 4072)
      • cmd.exe (PID: 1832)
      • java.exe (PID: 3216)

    • Creates a software uninstall entry

      • drivermax.tmp (PID: 3984)

    • Reads the machine GUID from the registry

      • drivermax.tmp (PID: 3984)
      • drivermax.exe (PID: 3288)
      • drivermax.exe (PID: 2624)
      • innostp.exe (PID: 1092)
      • innostp.exe (PID: 948)
      • drivermax.exe (PID: 4004)
      • innostp.exe (PID: 1020)
      • drivermax.exe (PID: 2404)

    • Manual execution by a user

      • msedge.exe (PID: 1560)
      • wmpnscfg.exe (PID: 2652)

    • Reads security settings of Internet Explorer

      • dxdiag.exe (PID: 4072)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
116
Monitored processes
56
Malicious processes
10
Suspicious processes
2

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe flashutil32_32_0_0_453_activex.exe no specs drivermax.exe drivermax.tmp no specs drivermax.exe drivermax.tmp taskkill.exe no specs stop_dmx.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs drivermax.exe innostp.exe no specs drivermax.exe msedge.exe no specs drivermax.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs innostp.exe no specs innostp.exe no specs msedge.exe no specs msedge.exe no specs dxdiag.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs java.exe no specs icacls.exe no specs wmpnscfg.exe no specs msedge.exe no specs msedge.exe no specs drivermax.exe

Process information

PID
CMD
Path
Indicators
Parent process
268"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1628 --field-trial-handle=1284,i,15473012119860670403,15368101077620816990,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
548"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2508 --field-trial-handle=1284,i,15473012119860670403,15368101077620816990,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
572"Taskkill.exe" /IM innoupd.exe /FC:\Windows\System32\taskkill.exedrivermax.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
668"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3912 --field-trial-handle=1284,i,15473012119860670403,15368101077620816990,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
844"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2200 --field-trial-handle=1284,i,15473012119860670403,15368101077620816990,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
908"Taskkill.exe" /IM innoupd.exe /FC:\Windows\System32\taskkill.exedrivermax.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
948"C:\Program Files\Innovative Solutions\DriverMax\innostp.exe" -installC:\Program Files\Innovative Solutions\DriverMax\innostp.exedrivermax.exe
User:
admin
Company:
Innovative Solutions
Integrity Level:
HIGH
Description:
Application Starter
Exit code:
0
Version:
1.0.0.9
Modules
Images
c:\program files\innovative solutions\drivermax\innostp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1020"C:\Program Files\Innovative Solutions\DriverMax\innostp.exe" -installC:\Program Files\Innovative Solutions\DriverMax\innostp.exedrivermax.exe
User:
admin
Company:
Innovative Solutions
Integrity Level:
HIGH
Description:
Application Starter
Exit code:
0
Version:
1.0.0.9
Modules
Images
c:\program files\innovative solutions\drivermax\innostp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1092"C:\Program Files\Innovative Solutions\DriverMax\innostp.exe" "-install"C:\Program Files\Innovative Solutions\DriverMax\innostp.exedrivermax.tmp
User:
admin
Company:
Innovative Solutions
Integrity Level:
HIGH
Description:
Application Starter
Exit code:
0
Version:
1.0.0.9
Modules
Images
c:\program files\innovative solutions\drivermax\innostp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1196"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 --field-trial-handle=1284,i,15473012119860670403,15368101077620816990,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
102 594
Read events
100 930
Write events
1 487
Delete events
177

Modification events

(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31088479
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31088479
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(4052) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
291
Suspicious files
244
Text files
266
Unknown types
116

Dropped files

PID
Process
Filename
Type
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:47B4FB330585AE741EE76F16422EEE75
SHA256:7A69A2496B285D0790BEA2FCFBE999D4CC8C466E8D3B465DA0E25E6388109356
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751der
MD5:822467B728B7A66B081C91795373789A
SHA256:AF2343382B88335EEA72251AD84949E244FF54B6995063E24459A7216E9576B9
2920iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\index[1].csstext
MD5:DEBB7BD83824D9D66FE1A5D991600DB0
SHA256:1A3E56AEA4F92D6E19C4A214F0C568E3E1D996ECD0784378BFB4DC350BB38DCB
2920iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\increased-productivity[1].pngimage
MD5:0231D034A56F99AFA7FF047DDDE389BB
SHA256:B4182271404D7DEC37DFB471CC1960B1026ED35EE8F7F5F5B39787660CD6E6AE
2920iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\preturi[1].jstext
MD5:A666DFDFE597CD3EFACF58C59C5EFC10
SHA256:66D3B95574F00008CE6C4DF01DB62D0297DD64487663C66D309A3FD7D3559D61
2920iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\dmax[1].pngimage
MD5:300E8BA3044534627147A9F1E94E294F
SHA256:B8292C9D40B45903F8CDFBBFF10EB83B9B489DA74EDAA0717B8D4957E6ED0DA0
2920iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751binary
MD5:1DC0877972C9B6D51BFE2372A105AC9B
SHA256:230C62F51C389230AB1B4AB1AAF363F63C5CF7FBA4519120410A0D4ADA91218B
2920iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\lightbox.min[1].jstext
MD5:B6F34E032D792968B14F3E7D0DF126A1
SHA256:EECB43939FCF96A5F2CC12C63A247D8037499D61C4F2EB0564BC6252B8F1D2BC
2920iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\4HPL13QO.htmhtml
MD5:FDBE18AB628C50F2095120F2822088BB
SHA256:4F09950B04277BFDFAC49783D722898FED6CFBA9FE024A10CFCCA0190A9D1332
2920iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\referral[1].jstext
MD5:7EDE0F228E352CB1EE954769FCA2CC8C
SHA256:D96763BB18499368F4E79CBBECE0B15390B91518A6D79606ED616538E3936C44
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
63
TCP/UDP connections
167
DNS requests
95
Threats
19

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2920
iexplore.exe
GET
304
173.222.108.201:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?5b0325f31ae0f9b6
unknown
unknown
2920
iexplore.exe
GET
304
173.222.108.201:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?927e0d673a39dd41
unknown
unknown
2920
iexplore.exe
GET
200
23.192.153.142:80
http://x1.c.lencr.org/
unknown
binary
717 b
unknown
2920
iexplore.exe
GET
200
142.250.184.195:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
binary
724 b
unknown
2920
iexplore.exe
GET
200
142.250.184.195:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
2920
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D
unknown
binary
1.47 Kb
unknown
2920
iexplore.exe
GET
200
142.250.184.195:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEAch2W18yjrFCctU7xjW0Yc%3D
unknown
binary
471 b
unknown
2920
iexplore.exe
GET
200
142.250.184.195:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCG5mYmc5exBwr3zurLpXnC
unknown
binary
472 b
unknown
2920
iexplore.exe
GET
200
142.250.184.195:80
http://ocsp.pki.goog/gts1c3/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEQCG5mYmc5exBwr3zurLpXnC
unknown
binary
472 b
unknown
2920
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2920
iexplore.exe
168.119.201.56:443
www.drivermax.com
Hetzner Online GmbH
UA
unknown
2920
iexplore.exe
173.222.108.201:80
ctldl.windowsupdate.com
Akamai International B.V.
CH
unknown
2920
iexplore.exe
23.192.153.142:80
x1.c.lencr.org
AKAMAI-AS
GB
unknown
2920
iexplore.exe
216.58.212.138:443
fonts.googleapis.com
GOOGLE
US
whitelisted
2920
iexplore.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2920
iexplore.exe
142.250.185.168:443
www.googletagmanager.com
GOOGLE
US
unknown
2920
iexplore.exe
142.250.184.195:80
ocsp.pki.goog
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
www.drivermax.com
  • 168.119.201.56
unknown
ctldl.windowsupdate.com
  • 173.222.108.201
  • 173.222.108.241
  • 173.222.108.219
  • 173.222.108.210
  • 93.184.221.240
whitelisted
x1.c.lencr.org
  • 23.192.153.142
whitelisted
fonts.googleapis.com
  • 216.58.212.138
  • 172.217.16.202
whitelisted
cdn.onesignal.com
  • 104.18.215.59
  • 104.18.214.59
whitelisted
www.googletagmanager.com
  • 142.250.185.168
  • 142.250.181.232
whitelisted
ajax.googleapis.com
  • 142.250.186.42
whitelisted
ocsp.pki.goog
  • 142.250.184.195
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
fonts.gstatic.com
  • 142.250.186.131
  • 142.250.185.163
whitelisted

Threats

PID
Process
Class
Message
1080
svchost.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
1080
svchost.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
2920
iexplore.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code.jquery .com)
3984
drivermax.tmp
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ipinfo.io
3984
drivermax.tmp
Misc activity
ET ADWARE_PUP Drivermax Utility Checkin Activity
3984
drivermax.tmp
Device Retrieving External IP Address Detected
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
3288
drivermax.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ipinfo.io
2624
drivermax.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ipinfo.io
4004
drivermax.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ipinfo.io
1308
msedge.exe
Potentially Bad Traffic
ET DNS Query for .to TLD
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://www.drivermax.com/