File name:

driver-hub-install__28.exe

Full analysis: https://app.any.run/tasks/050c756a-27d3-4cdd-a396-0d8d59e4ed2a
Verdict: Malicious activity
Analysis date: January 10, 2025, 21:32:09
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

FE6D9186C3BE67F5661C86D55DC1BF33

SHA1:

975D3FCD37D7CB5239757470F2B94B8D4D7405E7

SHA256:

33CEB17AC30DB78E5A91E3DED8010F067B7BAA0A7A80E8E33364045F535330AB

SSDEEP:

24576:Cbawet5uwFpl+55Bvb6oL75OZf5wi94JfXH:Cbappl+55NJLVOZf5wi94JfXH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Changes the autorun value in the registry

      • VC_redist.x86.exe (PID: 6296)
  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • driver-hub-install__28.exe (PID: 6328)
      • driver-hub-install__28.exe (PID: 6248)
      • VC_redist.x86.exe (PID: 640)
      • DriverHubUninstaller.exe (PID: 6584)
    • Application launched itself

      • driver-hub-install__28.exe (PID: 6328)
      • VC_redist.x86.exe (PID: 1864)
      • VC_redist.x86.exe (PID: 640)
    • Executable content was dropped or overwritten

      • driver-hub-install__28.exe (PID: 6248)
      • vcredist.exe (PID: 556)
      • vcredist.exe (PID: 6692)
      • VC_redist.x86.exe (PID: 6296)
      • VC_redist.x86.exe (PID: 640)
      • VC_redist.x86.exe (PID: 1576)
      • DriverHub.exe (PID: 4264)
      • net_updater32.exe (PID: 4540)
    • Process drops legitimate windows executable

      • driver-hub-install__28.exe (PID: 6248)
      • vcredist.exe (PID: 556)
      • vcredist.exe (PID: 6692)
      • VC_redist.x86.exe (PID: 6296)
      • msiexec.exe (PID: 3620)
      • VC_redist.x86.exe (PID: 1576)
      • DriverHub.exe (PID: 4264)
      • net_updater32.exe (PID: 4540)
    • Creates a software uninstall entry

      • driver-hub-install__28.exe (PID: 6248)
      • VC_redist.x86.exe (PID: 6296)
    • Searches for installed software

      • driver-hub-install__28.exe (PID: 6248)
      • vcredist.exe (PID: 6692)
      • dllhost.exe (PID: 6408)
      • VC_redist.x86.exe (PID: 1576)
      • explorer.exe (PID: 2212)
      • dllhost.exe (PID: 1544)
    • Starts a Microsoft application from unusual location

      • vcredist.exe (PID: 6692)
      • vcredist.exe (PID: 556)
      • VC_redist.x86.exe (PID: 6296)
    • Starts itself from another location

      • vcredist.exe (PID: 6692)
    • Executes as Windows Service

      • VSSVC.exe (PID: 6788)
    • Checks Windows Trust Settings

      • msiexec.exe (PID: 3620)
    • The process drops C-runtime libraries

      • msiexec.exe (PID: 3620)
      • DriverHub.exe (PID: 4264)
      • net_updater32.exe (PID: 4540)
    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 3620)
    • Starts CMD.EXE for commands execution

      • net_updater32.exe (PID: 4540)
      • DriverHubUninstaller.exe (PID: 6584)
    • Detected use of alternative data streams (AltDS)

      • DriverHub.exe (PID: 4264)
    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 3896)
    • The process deletes folder without confirmation

      • DriverHubUninstaller.exe (PID: 6584)
  • INFO

    • Reads the machine GUID from the registry

      • driver-hub-install__28.exe (PID: 6328)
      • driver-hub-install__28.exe (PID: 6248)
      • VC_redist.x86.exe (PID: 6296)
      • msiexec.exe (PID: 3620)
      • DriverHub.exe (PID: 4264)
      • test_wpf.exe (PID: 6912)
      • DriverHubUninstaller.exe (PID: 6584)
    • Reads the computer name

      • driver-hub-install__28.exe (PID: 6328)
      • driver-hub-install__28.exe (PID: 6248)
      • msiexec.exe (PID: 3620)
      • VC_redist.x86.exe (PID: 640)
      • VC_redist.x86.exe (PID: 1576)
      • test_wpf.exe (PID: 6912)
      • DriverHub.exe (PID: 4264)
      • net_updater32.exe (PID: 4540)
    • Checks supported languages

      • driver-hub-install__28.exe (PID: 6328)
      • driver-hub-install__28.exe (PID: 6248)
      • vcredist.exe (PID: 556)
      • vcredist.exe (PID: 6692)
      • VC_redist.x86.exe (PID: 6296)
      • msiexec.exe (PID: 3620)
      • VC_redist.x86.exe (PID: 640)
      • DriverHub.exe (PID: 4264)
      • VC_redist.x86.exe (PID: 1576)
      • test_wpf.exe (PID: 6912)
      • net_updater32.exe (PID: 4540)
    • Process checks computer location settings

      • driver-hub-install__28.exe (PID: 6328)
      • driver-hub-install__28.exe (PID: 6248)
    • Disables trace logs

      • driver-hub-install__28.exe (PID: 6248)
      • DriverHubUninstaller.exe (PID: 6584)
    • Reads the software policy settings

      • driver-hub-install__28.exe (PID: 6248)
      • msiexec.exe (PID: 3620)
      • DriverHub.exe (PID: 4264)
      • net_updater32.exe (PID: 4540)
      • DriverHubUninstaller.exe (PID: 6584)
    • Checks proxy server information

      • driver-hub-install__28.exe (PID: 6248)
      • DriverHubUninstaller.exe (PID: 6584)
    • The sample compiled with russian language support

      • driver-hub-install__28.exe (PID: 6248)
    • Creates files in the program directory

      • driver-hub-install__28.exe (PID: 6248)
      • VC_redist.x86.exe (PID: 6296)
      • DriverHub.exe (PID: 4264)
    • The sample compiled with english language support

      • driver-hub-install__28.exe (PID: 6248)
      • vcredist.exe (PID: 556)
      • vcredist.exe (PID: 6692)
      • VC_redist.x86.exe (PID: 6296)
      • msiexec.exe (PID: 3620)
      • VC_redist.x86.exe (PID: 640)
      • VC_redist.x86.exe (PID: 1576)
      • DriverHub.exe (PID: 4264)
      • net_updater32.exe (PID: 4540)
    • Create files in a temporary directory

      • driver-hub-install__28.exe (PID: 6248)
      • vcredist.exe (PID: 6692)
      • VC_redist.x86.exe (PID: 6296)
    • The process uses the downloaded file

      • vcredist.exe (PID: 6692)
    • Manages system restore points

      • SrTasks.exe (PID: 6012)
    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 3620)
    • Creates a software uninstall entry

      • msiexec.exe (PID: 3620)
    • Creates files or folders in the user directory

      • DriverHub.exe (PID: 4264)
    • Checks transactions between databases Windows and Oracle

      • explorer.exe (PID: 2212)
    • Sends debugging messages

      • DriverHub.exe (PID: 4264)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

AssemblyVersion: 4.0.7.0
ProductVersion: 4.0.7.0
ProductName: DriverHub
OriginalFileName: DriverHubInstaller.exe
LegalTrademarks: -
LegalCopyright: © ROSTPAY LTD. All rights reserved.
InternalName: DriverHubInstaller.exe
FileVersion: 4.0.7.0
FileDescription: Install DriverHub
CompanyName: -
Comments: -
CharacterSet: Unicode
LanguageCode: Neutral
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x003f
ProductVersionNumber: 4.0.7.0
FileVersionNumber: 4.0.7.0
Subsystem: Windows GUI
SubsystemVersion: 6
ImageVersion: -
OSVersion: 4
EntryPoint: 0xa7792
UninitializedDataSize: -
InitializedDataSize: 69120
CodeSize: 677888
LinkerVersion: 48
PEType: PE32
ImageFileCharacteristics: Executable, Large address aware
TimeStamp: 2098:11:19 20:09:20+00:00
MachineType: Intel 386 or later, and compatibles
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
170
Monitored processes
28
Malicious processes
10
Suspicious processes
3

Behavior graph

Click at the process to see the details
start svchost.exe driver-hub-install__28.exe no specs driver-hub-install__28.exe vcredist.exe vcredist.exe vc_redist.x86.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe vc_redist.x86.exe no specs vc_redist.x86.exe vc_redist.x86.exe driverhub.exe test_wpf.exe no specs COpenControlPanel no specs explorer.exe no specs driverhubuninstaller.exe no specs appwiz.cpl no specs driverhubuninstaller.exe net_updater32.exe conhost.exe no specs cmd.exe no specs choice.exe no specs cmd.exe no specs conhost.exe no specs timeout.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2192C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
6328"C:\Users\admin\AppData\Local\Temp\driver-hub-install__28.exe" C:\Users\admin\AppData\Local\Temp\driver-hub-install__28.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Install DriverHub
Exit code:
0
Version:
4.0.7.0
Modules
Images
c:\users\admin\appdata\local\temp\driver-hub-install__28.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
6248"C:\Users\admin\AppData\Local\Temp\driver-hub-install__28.exe" /install /pos=220,20 /lang=en /framework=1C:\Users\admin\AppData\Local\Temp\driver-hub-install__28.exe
driver-hub-install__28.exe
User:
admin
Integrity Level:
HIGH
Description:
Install DriverHub
Exit code:
0
Version:
4.0.7.0
Modules
Images
c:\users\admin\appdata\local\temp\driver-hub-install__28.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
556"C:\Users\admin\AppData\Local\Temp\DriverHub\vcredist.exe" /quiet /norestartC:\Users\admin\AppData\Local\Temp\DriverHub\vcredist.exe
driver-hub-install__28.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135
Exit code:
0
Version:
14.38.33135.0
Modules
Images
c:\users\admin\appdata\local\temp\driverhub\vcredist.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6692"C:\WINDOWS\Temp\{2DC575F9-AE63-40A1-B897-C352A6F937A2}\.cr\vcredist.exe" -burn.clean.room="C:\Users\admin\AppData\Local\Temp\DriverHub\vcredist.exe" -burn.filehandle.attached=576 -burn.filehandle.self=616 /quiet /norestartC:\Windows\Temp\{2DC575F9-AE63-40A1-B897-C352A6F937A2}\.cr\vcredist.exe
vcredist.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135
Exit code:
0
Version:
14.38.33135.0
Modules
Images
c:\windows\temp\{2dc575f9-ae63-40a1-b897-c352a6f937a2}\.cr\vcredist.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6296"C:\WINDOWS\Temp\{71237C6A-66F8-44A9-91DA-44153246FE3D}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{EE43A872-FFAD-4B42-A101-B82B8CBE2C14} {72CD789C-8BE3-4838-8A11-AC3D8D4695F3} 6692C:\Windows\Temp\{71237C6A-66F8-44A9-91DA-44153246FE3D}\.be\VC_redist.x86.exe
vcredist.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135
Exit code:
0
Version:
14.38.33135.0
Modules
Images
c:\windows\temp\{71237c6a-66f8-44a9-91da-44153246fe3d}\.be\vc_redist.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6408C:\WINDOWS\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
6788C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6012C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exedllhost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6836\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
33 412
Read events
32 437
Write events
708
Delete events
267

Modification events

(PID) Process:(6328) driver-hub-install__28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
Operation:writeName:Left
Value:
0
(PID) Process:(6328) driver-hub-install__28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
Operation:writeName:Top
Value:
0
(PID) Process:(6248) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6248) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6248) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6248) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(6248) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(6248) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(6248) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(6248) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
Executable files
111
Suspicious files
180
Text files
620
Unknown types
6

Dropped files

PID
Process
Filename
Type
6248driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\imageformats\qjpeg.dllexecutable
MD5:35AA301AF3284B1349C4229B8937C895
SHA256:8A7B522660C91AA5463C5A9534C9B4959E3055448E6B9428ED8F1352549B088C
6248driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\libcrypto-1_1.dllexecutable
MD5:D588D5B4162D2C66071A171A903AC8A1
SHA256:F1B06DB34B6BC09738FA66AC2103F7F47BA58F9BB6D1A518112F42846B6DC8EA
6248driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\libEGL.dllexecutable
MD5:E0E4011346A86083A0EC8EB01136D0BA
SHA256:411966CE4F8FEBB2FE3AB84B97ED9FB9062AB60C6211FC3B3E4A25A5EE607ECB
6248driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\libssl-1_1.dllexecutable
MD5:4A1BD71115017098E6B75570A61B6DC3
SHA256:244AE1F0EF1AD908B54068EB13611FBA58C8F78BA2F126ACDE7379A0C823123F
6248driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\Credits.txttext
MD5:7282852E37095B043D99A678B8C31C9E
SHA256:EED093D8D23DC0F8A1B001BC6B59A31C70BD52EE85B3917E18AFAECCA788BF3D
6248driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\DriverHub.exebinary
MD5:7020BE7436DCD6D6BE2EA720A656A9E3
SHA256:A9FE171F30446178F7EA4972D06F2D47BD89D7A42050D9F1BBC05884C74C8E4E
6248driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\Qt5Qml.dllexecutable
MD5:D3939D46D3756542C4EAB1DF9207A776
SHA256:CAAE45FCF9538B4D5994491A322AACC9854BDEDF054B681CD21D8EE38D143673
6248driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\imageformats\qgif.dllexecutable
MD5:A7D24E2226FF09208E22FC6F70BF0DE7
SHA256:6356257682FB64D28AD68DEBEA96E1A0104C273E8838953459A110933F0A84BE
6248driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\net_updater32.exeexecutable
MD5:307FD52E69396D657BA2902D52ED3D5C
SHA256:7DB584FC533AC28A4E7E7B0CF3D149932EC608F7B4C4D6269425094DDC935665
6248driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\DriverHubUninstaller.exeexecutable
MD5:C517A578D67C99DF6A9FDB5513BA0E43
SHA256:EB8D01BC243243407990CE15CE08C25A53D57ED93FE6E80FCA575D7EC4099991
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
67
DNS requests
38
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
6432
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4076
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
3620
msiexec.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
4076
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
4264
DriverHub.exe
POST
200
172.217.16.206:80
http://www.google-analytics.com/collect
unknown
whitelisted
3620
msiexec.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4264
DriverHub.exe
POST
200
172.217.16.206:80
http://www.google-analytics.com/collect
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5064
SearchApp.exe
2.23.227.215:443
www.bing.com
Ooredoo Q.S.C.
QA
whitelisted
5064
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4712
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3040
svchost.exe
2.16.241.12:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3040
svchost.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
4
System
192.168.100.255:138
whitelisted
1176
svchost.exe
20.190.159.23:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1176
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1876
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 2.23.227.215
  • 2.23.227.208
  • 104.126.37.160
  • 104.126.37.144
  • 104.126.37.153
  • 104.126.37.155
  • 104.126.37.137
  • 104.126.37.145
  • 104.126.37.170
  • 104.126.37.162
  • 104.126.37.139
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl.microsoft.com
  • 2.16.241.12
  • 2.16.241.19
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 184.30.21.171
  • 95.101.149.131
whitelisted
login.live.com
  • 20.190.159.23
  • 40.126.31.69
  • 20.190.159.75
  • 40.126.31.67
  • 20.190.159.71
  • 20.190.159.4
  • 20.190.159.64
  • 20.190.159.2
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
whitelisted
go.microsoft.com
  • 184.28.89.167
  • 23.35.238.131
whitelisted
api.az-partners.net
  • 188.130.153.32
  • 188.130.153.33
unknown
www.drvhub.net
  • 188.130.153.33
  • 188.130.153.32
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted

Threats

No threats detected
Process
Message
DriverHub.exe
qrc:/main.qml:655:13: QML Connections: Implicitly defined onFoo properties in Connections are deprecated. Use this syntax instead: function onFoo(<arguments>) { ... }
DriverHub.exe
qrc:/UpdateProgressDialog.qml:11:5: QML Connections: Implicitly defined onFoo properties in Connections are deprecated. Use this syntax instead: function onFoo(<arguments>) { ... }
DriverHub.exe
qrc:/main.qml:453:31: QML ItemDelegate: Binding loop detected for property "height"
DriverHub.exe
file:///C:/Program Files (x86)/DriverHub/QtQuick/Dialogs/DefaultFileDialog.qml:102:33: QML Settings: Failed to initialize QSettings instance. Status code is: 1
DriverHub.exe
file:///C:/Program Files (x86)/DriverHub/QtQuick/Dialogs/DefaultFileDialog.qml:102:33: QML Settings: The following application identifiers have not been set: QVector("organizationName", "organizationDomain")
DriverHub.exe
qrc:/SettingsPage.qml:29:9: QML MyCheckBox: Binding loop detected for property "width"
DriverHub.exe
qrc:/SettingsPage.qml:47:9: QML MyCheckBox: Binding loop detected for property "width"
DriverHub.exe
qrc:/SettingsPage.qml:47:9: QML MyCheckBox: Binding loop detected for property "width"
DriverHub.exe
qrc:/SettingsPage.qml:29:9: QML MyCheckBox: Binding loop detected for property "width"
DriverHub.exe
qrc:/SettingsPage.qml:47:9: QML MyCheckBox: Binding loop detected for property "width"