File name:

driver-hub-install__28.exe

Full analysis: https://app.any.run/tasks/b590e0c3-a5f4-4e5a-b0d3-5482651f50fa
Verdict: Malicious activity
Analysis date: January 10, 2025, 21:17:06
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
evasion
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections
MD5:

FE6D9186C3BE67F5661C86D55DC1BF33

SHA1:

975D3FCD37D7CB5239757470F2B94B8D4D7405E7

SHA256:

33CEB17AC30DB78E5A91E3DED8010F067B7BAA0A7A80E8E33364045F535330AB

SSDEEP:

24576:Cbawet5uwFpl+55Bvb6oL75OZf5wi94JfXH:Cbappl+55NJLVOZf5wi94JfXH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • driver-hub-install__28.exe (PID: 6156)
      • driver-hub-install__28.exe (PID: 6856)
      • vcredist.exe (PID: 6248)
      • VC_redist.x86.exe (PID: 5604)
      • setup.exe (PID: 1740)
      • DriverHub.exe (PID: 6252)

    • Executable content was dropped or overwritten

      • driver-hub-install__28.exe (PID: 6856)
      • vcredist.exe (PID: 444)
      • vcredist.exe (PID: 6248)
      • VC_redist.x86.exe (PID: 6648)
      • VC_redist.x86.exe (PID: 5604)
      • VC_redist.x86.exe (PID: 5472)
      • setup.exe (PID: 7092)
      • DriverHub.exe (PID: 6252)
      • setup.exe (PID: 1740)
      • OperaGXSetup.exe (PID: 6016)
      • setup.exe (PID: 1944)
      • setup.exe (PID: 1392)
      • avast_free_antivirus_setup_online.exe (PID: 1488)
      • avast_free_antivirus_online_setup.exe (PID: 5252)
      • setup.exe (PID: 5636)
      • icarus.exe (PID: 396)
      • icarus.exe (PID: 6700)

    • Application launched itself

      • driver-hub-install__28.exe (PID: 6156)
      • VC_redist.x86.exe (PID: 5964)
      • VC_redist.x86.exe (PID: 5604)
      • setup.exe (PID: 1740)
      • setup.exe (PID: 1392)

    • Process drops legitimate windows executable

      • driver-hub-install__28.exe (PID: 6856)
      • vcredist.exe (PID: 444)
      • vcredist.exe (PID: 6248)
      • VC_redist.x86.exe (PID: 6648)
      • VC_redist.x86.exe (PID: 5472)
      • DriverHub.exe (PID: 6252)
      • icarus.exe (PID: 6700)
      • msiexec.exe (PID: 828)

    • Starts a Microsoft application from unusual location

      • vcredist.exe (PID: 444)
      • VC_redist.x86.exe (PID: 6648)
      • vcredist.exe (PID: 6248)

    • Executes as Windows Service

      • VSSVC.exe (PID: 6472)

    • Starts itself from another location

      • vcredist.exe (PID: 6248)
      • setup.exe (PID: 1740)
      • icarus.exe (PID: 396)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 828)
      • setup.exe (PID: 1740)
      • DriverHub.exe (PID: 6252)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 828)
      • DriverHub.exe (PID: 6252)
      • icarus.exe (PID: 6700)

    • Searches for installed software

      • VC_redist.x86.exe (PID: 5604)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 828)

    • Creates a software uninstall entry

      • VC_redist.x86.exe (PID: 6648)

    • Checks for external IP

      • svchost.exe (PID: 2192)
      • avast_free_antivirus_setup_online.exe (PID: 1488)

  • INFO

    • Creates files in the program directory

      • driver-hub-install__28.exe (PID: 6856)

    • Disables trace logs

      • driver-hub-install__28.exe (PID: 6856)

    • Create files in a temporary directory

      • driver-hub-install__28.exe (PID: 6856)

    • The process uses the downloaded file

      • driver-hub-install__28.exe (PID: 6156)

    • Reads the machine GUID from the registry

      • driver-hub-install__28.exe (PID: 6156)
      • driver-hub-install__28.exe (PID: 6856)
      • msiexec.exe (PID: 828)
      • DriverHub.exe (PID: 6252)
      • avast_free_antivirus_setup_online.exe (PID: 1488)
      • setup.exe (PID: 1740)
      • icarus.exe (PID: 6700)

    • Reads the software policy settings

      • driver-hub-install__28.exe (PID: 6856)
      • setup.exe (PID: 1740)

    • Reads the computer name

      • driver-hub-install__28.exe (PID: 6156)
      • driver-hub-install__28.exe (PID: 6856)
      • vcredist.exe (PID: 6248)
      • VC_redist.x86.exe (PID: 6648)
      • VC_redist.x86.exe (PID: 5604)
      • icarus.exe (PID: 396)
      • VC_redist.x86.exe (PID: 5472)

    • The sample compiled with english language support

      • driver-hub-install__28.exe (PID: 6856)
      • vcredist.exe (PID: 444)
      • vcredist.exe (PID: 6248)
      • VC_redist.x86.exe (PID: 6648)
      • msiexec.exe (PID: 828)
      • VC_redist.x86.exe (PID: 5604)
      • VC_redist.x86.exe (PID: 5472)
      • DriverHub.exe (PID: 6252)
      • OperaGXSetup.exe (PID: 6016)
      • setup.exe (PID: 1740)
      • setup.exe (PID: 7092)
      • setup.exe (PID: 1944)
      • setup.exe (PID: 1392)
      • avast_free_antivirus_online_setup.exe (PID: 5252)
      • avast_free_antivirus_setup_online.exe (PID: 1488)
      • setup.exe (PID: 5636)
      • icarus.exe (PID: 396)
      • icarus.exe (PID: 6700)

    • Checks supported languages

      • driver-hub-install__28.exe (PID: 6856)
      • driver-hub-install__28.exe (PID: 6156)
      • VC_redist.x86.exe (PID: 6648)
      • msiexec.exe (PID: 828)
      • VC_redist.x86.exe (PID: 5964)
      • VC_redist.x86.exe (PID: 5604)
      • icarus.exe (PID: 396)
      • VC_redist.x86.exe (PID: 5472)

    • The sample compiled with russian language support

      • driver-hub-install__28.exe (PID: 6856)

    • Checks proxy server information

      • driver-hub-install__28.exe (PID: 6856)
      • setup.exe (PID: 1740)
      • avast_free_antivirus_online_setup.exe (PID: 5252)

    • Process checks computer location settings

      • driver-hub-install__28.exe (PID: 6156)

    • Manages system restore points

      • SrTasks.exe (PID: 5764)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 828)

    • Sends debugging messages

      • DriverHub.exe (PID: 6252)

    • The sample compiled with czech language support

      • icarus.exe (PID: 6700)

    • Reads Environment values

      • icarus.exe (PID: 6700)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

AssemblyVersion: 4.0.7.0
ProductVersion: 4.0.7.0
ProductName: DriverHub
OriginalFileName: DriverHubInstaller.exe
LegalTrademarks: -
LegalCopyright: © ROSTPAY LTD. All rights reserved.
InternalName: DriverHubInstaller.exe
FileVersion: 4.0.7.0
FileDescription: Install DriverHub
CompanyName: -
Comments: -
CharacterSet: Unicode
LanguageCode: Neutral
FileSubtype: -
ObjectFileType: Executable application
FileOS: Win32
FileFlags: (none)
FileFlagsMask: 0x003f
ProductVersionNumber: 4.0.7.0
FileVersionNumber: 4.0.7.0
Subsystem: Windows GUI
SubsystemVersion: 6
ImageVersion: -
OSVersion: 4
EntryPoint: 0xa7792
UninitializedDataSize: -
InitializedDataSize: 69120
CodeSize: 677888
LinkerVersion: 48
PEType: PE32
ImageFileCharacteristics: Executable, Large address aware
TimeStamp: 2098:11:19 20:09:20+00:00
MachineType: Intel 386 or later, and compatibles
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
163
Monitored processes
27
Malicious processes
12
Suspicious processes
3

Behavior graph

Click at the process to see the details
start driver-hub-install__28.exe no specs driver-hub-install__28.exe vcredist.exe vcredist.exe vc_redist.x86.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe vc_redist.x86.exe no specs vc_redist.x86.exe vc_redist.x86.exe driverhub.exe test_wpf.exe no specs operagxsetup.exe setup.exe avast_free_antivirus_setup_online.exe setup.exe setup.exe setup.exe setup.exe avast_free_antivirus_online_setup.exe icarus.exe icarus.exe icarus.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
2192C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
6156"C:\Users\admin\AppData\Local\Temp\driver-hub-install__28.exe" C:\Users\admin\AppData\Local\Temp\driver-hub-install__28.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Install DriverHub
Exit code:
0
Version:
4.0.7.0
Modules
Images
c:\users\admin\appdata\local\temp\driver-hub-install__28.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
6856"C:\Users\admin\AppData\Local\Temp\driver-hub-install__28.exe" /install /pos=220,20 /lang=en /framework=1C:\Users\admin\AppData\Local\Temp\driver-hub-install__28.exe
driver-hub-install__28.exe
User:
admin
Integrity Level:
HIGH
Description:
Install DriverHub
Exit code:
0
Version:
4.0.7.0
Modules
Images
c:\users\admin\appdata\local\temp\driver-hub-install__28.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
444"C:\Users\admin\AppData\Local\Temp\DriverHub\vcredist.exe" /quiet /norestartC:\Users\admin\AppData\Local\Temp\DriverHub\vcredist.exe
driver-hub-install__28.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135
Exit code:
0
Version:
14.38.33135.0
Modules
Images
c:\users\admin\appdata\local\temp\driverhub\vcredist.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6248"C:\WINDOWS\Temp\{A7C48BA6-0E13-4F1D-9C8E-110AF10A2F61}\.cr\vcredist.exe" -burn.clean.room="C:\Users\admin\AppData\Local\Temp\DriverHub\vcredist.exe" -burn.filehandle.attached=568 -burn.filehandle.self=580 /quiet /norestartC:\Windows\Temp\{A7C48BA6-0E13-4F1D-9C8E-110AF10A2F61}\.cr\vcredist.exe
vcredist.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135
Exit code:
0
Version:
14.38.33135.0
Modules
Images
c:\windows\temp\{a7c48ba6-0e13-4f1d-9c8e-110af10a2f61}\.cr\vcredist.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6648"C:\WINDOWS\Temp\{0A6E6073-818F-48EC-8D84-1EEA0F9E97DA}\.be\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{C766F170-9E51-4E32-9F6B-43B7776A4703} {EF64F116-DC92-419E-9765-53E800FFC4E7} 6248C:\Windows\Temp\{0A6E6073-818F-48EC-8D84-1EEA0F9E97DA}\.be\VC_redist.x86.exe
vcredist.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135
Exit code:
0
Version:
14.38.33135.0
Modules
Images
c:\windows\temp\{0a6e6073-818f-48ec-8d84-1eea0f9e97da}\.be\vc_redist.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
6500C:\WINDOWS\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
6472C:\WINDOWS\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
5764C:\WINDOWS\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:11C:\Windows\System32\SrTasks.exedllhost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft® Windows System Protection background tasks.
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\srtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1876\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
32 330
Read events
31 399
Write events
664
Delete events
267

Modification events

(PID) Process:(6156) driver-hub-install__28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
Operation:writeName:Left
Value:
0
(PID) Process:(6156) driver-hub-install__28.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CUAS\DefaultCompositionWindow
Operation:writeName:Top
Value:
0
(PID) Process:(6856) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(6856) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(6856) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(6856) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(6856) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(6856) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(6856) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
(PID) Process:(6856) driver-hub-install__28.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\driver-hub-install__28_RASMANCS
Operation:writeName:EnableFileTracing
Value:
0
Executable files
416
Suspicious files
306
Text files
707
Unknown types
0

Dropped files

PID
Process
Filename
Type
6856driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\Credits.txttext
MD5:7282852E37095B043D99A678B8C31C9E
SHA256:EED093D8D23DC0F8A1B001BC6B59A31C70BD52EE85B3917E18AFAECCA788BF3D
6856driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\libEGL.dllexecutable
MD5:E0E4011346A86083A0EC8EB01136D0BA
SHA256:411966CE4F8FEBB2FE3AB84B97ED9FB9062AB60C6211FC3B3E4A25A5EE607ECB
6856driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\libcrypto-1_1.dllexecutable
MD5:D588D5B4162D2C66071A171A903AC8A1
SHA256:F1B06DB34B6BC09738FA66AC2103F7F47BA58F9BB6D1A518112F42846B6DC8EA
6856driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\DriverHubUninstaller.exeexecutable
MD5:C517A578D67C99DF6A9FDB5513BA0E43
SHA256:EB8D01BC243243407990CE15CE08C25A53D57ED93FE6E80FCA575D7EC4099991
6856driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\DriverHub.exebinary
MD5:7020BE7436DCD6D6BE2EA720A656A9E3
SHA256:A9FE171F30446178F7EA4972D06F2D47BD89D7A42050D9F1BBC05884C74C8E4E
6856driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\net_updater32.exeexecutable
MD5:307FD52E69396D657BA2902D52ED3D5C
SHA256:7DB584FC533AC28A4E7E7B0CF3D149932EC608F7B4C4D6269425094DDC935665
6856driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\Images\DriverHubLogo.pngimage
MD5:451B153070269850DA133D4E493A1BD6
SHA256:91D221FE4045038100274A1A32F8155C0195517C51A712B1F742A4F5BBB45E4B
6856driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\Qt5Network.dllexecutable
MD5:4CCC16253F60FC8C06475BF936C8D168
SHA256:DF013042C338346B30D2E33A9895A6DE8D6A6EE785406996B4A523957AB10A2E
6856driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\imageformats\qjpeg.dllexecutable
MD5:35AA301AF3284B1349C4229B8937C895
SHA256:8A7B522660C91AA5463C5A9534C9B4959E3055448E6B9428ED8F1352549B088C
6856driver-hub-install__28.exeC:\Program Files (x86)\DriverHub\libGLESv2.dllexecutable
MD5:CB9B4E963A78FBFB70E13BDF30509235
SHA256:DE7DABF9C1BC8D0BF448EFAE15F9FBB32FA3BCD0DC676F1F7696B8DE0662B6F4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
27
TCP/UDP connections
104
DNS requests
83
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
828
msiexec.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
5872
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5872
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5156
svchost.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1740
setup.exe
GET
200
142.250.186.131:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
1740
setup.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAz1vQYrVgL0erhQLCPM8GY%3D
unknown
whitelisted
6204
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
1488
avast_free_antivirus_setup_online.exe
POST
200
216.58.206.46:80
http://www.google-analytics.com/collect
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4500
RUXIMICS.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5156
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5064
SearchApp.exe
2.23.227.215:443
www.bing.com
Ooredoo Q.S.C.
QA
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
4
System
192.168.100.255:138
whitelisted
1076
svchost.exe
2.23.242.9:443
go.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
1176
svchost.exe
40.126.32.74:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1176
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.124.78.146
  • 40.127.240.158
whitelisted
www.bing.com
  • 2.23.227.215
  • 2.23.227.208
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
google.com
  • 142.250.181.238
whitelisted
go.microsoft.com
  • 2.23.242.9
  • 184.28.89.167
whitelisted
login.live.com
  • 40.126.32.74
  • 40.126.32.133
  • 40.126.32.134
  • 20.190.160.20
  • 20.190.160.17
  • 20.190.160.14
  • 40.126.32.76
  • 40.126.32.140
whitelisted
api.az-partners.net
  • 188.130.153.33
  • 188.130.153.32
unknown
www.drvhub.net
  • 188.130.153.33
  • 188.130.153.32
whitelisted
crl.microsoft.com
  • 2.16.241.19
  • 2.16.241.12
whitelisted
www.microsoft.com
  • 95.101.149.131
  • 2.23.246.101
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO Observed External IP Lookup Domain (ip-info .ff .avast .com) in TLS SNI
Misc activity
ET INFO External IP Lookup Service in DNS Query (ip-info .ff .avast .com)
Process
Message
DriverHub.exe
qrc:/UpdateProgressDialog.qml:11:5: QML Connections: Implicitly defined onFoo properties in Connections are deprecated. Use this syntax instead: function onFoo(<arguments>) { ... }
DriverHub.exe
qrc:/main.qml:655:13: QML Connections: Implicitly defined onFoo properties in Connections are deprecated. Use this syntax instead: function onFoo(<arguments>) { ... }
DriverHub.exe
qrc:/main.qml:453:31: QML ItemDelegate: Binding loop detected for property "height"
DriverHub.exe
file:///C:/Program Files (x86)/DriverHub/QtQuick/Dialogs/DefaultFileDialog.qml:102:33: QML Settings: Failed to initialize QSettings instance. Status code is: 1
DriverHub.exe
file:///C:/Program Files (x86)/DriverHub/QtQuick/Dialogs/DefaultFileDialog.qml:102:33: QML Settings: The following application identifiers have not been set: QVector("organizationName", "organizationDomain")
DriverHub.exe
qrc:/SettingsPage.qml:47:9: QML MyCheckBox: Binding loop detected for property "width"
DriverHub.exe
qrc:/SettingsPage.qml:47:9: QML MyCheckBox: Binding loop detected for property "width"
DriverHub.exe
qrc:/SettingsPage.qml:47:9: QML MyCheckBox: Binding loop detected for property "width"
DriverHub.exe
qrc:/SettingsPage.qml:29:9: QML MyCheckBox: Binding loop detected for property "width"
DriverHub.exe
qrc:/SettingsPage.qml:29:9: QML MyCheckBox: Binding loop detected for property "width"
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
driver-hub-install__28.exe