File name:

drivermax.exe

Full analysis: https://app.any.run/tasks/35326cd5-63b1-4be4-b6f1-58d3d294b9e3
Verdict: Malicious activity
Analysis date: March 13, 2025, 19:47:23
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
evasion
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 8 sections
MD5:

803C342B5785667D72C5B4F2FB96EDC0

SHA1:

1AB8C786DE7682EBC6C977433CD884768AFDDB06

SHA256:

3A8C85A782E347A3497883923AD31B388A8BFBEF9051EB85B4CCAB257051E8F8

SSDEEP:

98304:0bavbi44C8QhHGK3YztSLfJ7SZfuC4OEUb4DoJ2V7/V60pv8T9rrcI/XkLn+zCeX:kvLMD/GWzR1g

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Connects to the CnC server

      • drivermax.tmp (PID: 7276)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • drivermax.exe (PID: 4652)
      • drivermax.exe (PID: 7256)
      • drivermax.tmp (PID: 7276)
      • drivermax.exe (PID: 6424)
      • drivermax.exe (PID: 920)

    • Reads security settings of Internet Explorer

      • drivermax.tmp (PID: 5720)
      • drivermax.tmp (PID: 7276)

    • Process drops legitimate windows executable

      • drivermax.tmp (PID: 7276)
      • drivermax.exe (PID: 920)

    • Reads the Windows owner or organization settings

      • drivermax.tmp (PID: 7276)

    • Checks for external IP

      • svchost.exe (PID: 2196)
      • drivermax.tmp (PID: 7276)
      • drivermax.exe (PID: 920)
      • drivermax.exe (PID: 2392)
      • drivermax.exe (PID: 6424)

    • Uses TASKKILL.EXE to kill process

      • drivermax.tmp (PID: 7276)

    • Drops a system driver (possible attempt to evade defenses)

      • drivermax.exe (PID: 6424)
      • drivermax.exe (PID: 920)

    • Potential Corporate Privacy Violation

      • drivermax.exe (PID: 920)

    • Starts CMD.EXE for commands execution

      • drivermax.exe (PID: 6424)
      • drivermax.exe (PID: 920)

  • INFO

    • Create files in a temporary directory

      • drivermax.exe (PID: 4652)
      • drivermax.exe (PID: 7256)
      • drivermax.tmp (PID: 7276)

    • Checks supported languages

      • drivermax.tmp (PID: 5720)
      • drivermax.exe (PID: 4652)
      • drivermax.exe (PID: 7256)
      • drivermax.tmp (PID: 7276)

    • Process checks computer location settings

      • drivermax.tmp (PID: 5720)

    • Reads the computer name

      • drivermax.tmp (PID: 5720)
      • drivermax.tmp (PID: 7276)

    • The sample compiled with english language support

      • drivermax.tmp (PID: 7276)
      • drivermax.exe (PID: 6424)
      • drivermax.exe (PID: 920)

    • Checks proxy server information

      • drivermax.tmp (PID: 7276)

    • Creates files or folders in the user directory

      • drivermax.tmp (PID: 7276)
      • BackgroundTransferHost.exe (PID: 5956)

    • Reads the software policy settings

      • drivermax.tmp (PID: 7276)

    • Application launched itself

      • msedge.exe (PID: 6712)
      • msedge.exe (PID: 2772)
      • msedge.exe (PID: 5056)

    • Reads the machine GUID from the registry

      • drivermax.tmp (PID: 7276)

    • The sample compiled with arabic language support

      • drivermax.tmp (PID: 7276)

    • Creates files in the program directory

      • drivermax.tmp (PID: 7276)

    • Manual execution by a user

      • msedge.exe (PID: 2772)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (74.3)
.exe | Win32 Executable Delphi generic (9.6)
.scr | Windows screen saver (8.8)
.exe | Win32 Executable (generic) (3)
.exe | Win16/32 Executable Delphi generic (1.4)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 40448
InitializedDataSize: 382976
UninitializedDataSize: -
EntryPoint: 0xa5f8
OSVersion: 1
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Innovative Solutions
FileDescription: DriverMax Setup
FileVersion:
LegalCopyright:
ProductName: DriverMax
ProductVersion: 16.18.0.22
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
249
Monitored processes
116
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start drivermax.exe drivermax.tmp no specs drivermax.exe drivermax.tmp svchost.exe sppextcomobj.exe no specs slui.exe no specs taskkill.exe no specs conhost.exe no specs stop_dmx.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs backgroundtransferhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs backgroundtransferhost.exe taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs backgroundtransferhost.exe no specs drivermax.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs innostp.exe no specs drivermax.exe msedge.exe no specs drivermax.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs innostp.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs innostp.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs dxdiag.exe no specs dxdiag.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs dxdiag.exe no specs cmd.exe no specs conhost.exe no specs java.exe no specs icacls.exe no specs conhost.exe no specs dxdiag.exe no specs cmd.exe no specs conhost.exe no specs java.exe no specs cmd.exe no specs conhost.exe no specs java.exe no specs cmd.exe no specs conhost.exe no specs java.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
616"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4036 --field-trial-handle=2496,i,9177898251473955988,5791548223932826697,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
856"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
904"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
920"C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe"C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
drivermax.tmp
User:
admin
Company:
Innovative Solutions
Integrity Level:
HIGH
Description:
DriverMax
Version:
16.18.0.22
Modules
Images
c:\program files (x86)\innovative solutions\drivermax\drivermax.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
924"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5948 --field-trial-handle=2496,i,9177898251473955988,5791548223932826697,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
960"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4280 --field-trial-handle=2496,i,9177898251473955988,5791548223932826697,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1040"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2232 --field-trial-handle=2364,i,4931757483710068037,614258807683749555,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1180"Taskkill.exe" /IM innostp.exe /FC:\Windows\SysWOW64\taskkill.exedrivermax.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1240"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2272 --field-trial-handle=2276,i,6477106376672721591,13319837781136865721,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1532"Taskkill.exe" /IM stop_dmx.exe /FC:\Windows\SysWOW64\taskkill.exedrivermax.tmp
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
Total events
82 788
Read events
82 257
Write events
462
Delete events
69

Modification events

(PID) Process:(7276) drivermax.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
Operation:delete valueName:2A1D6027D94AB10A1C4D915CCD33A0CB3E2D54CB
Value:
(PID) Process:(7276) drivermax.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2A1D6027D94AB10A1C4D915CCD33A0CB3E2D54CB
Operation:writeName:Blob
Value:
0400000001000000100000005DB66AC46017246A1A99A84BEE5EB426140000000100000014000000804CD6EB74FF4936A3D5D8FCB53EC56AF0941D8C62000000010000002000000071CCA5391F9E794B04802530B363E121DA8A3043BB26662FEA4DCA7FC951A4BD19000000010000001000000086665B2DECDDA69376F98E02CD5FA29A0300000001000000140000002A1D6027D94AB10A1C4D915CCD33A0CB3E2D54CB0F0000000100000030000000DF03EE17776FAE07203AE956F6094206455C833A06297419E38793A34C4E010E8E0DD06107E0CD574F970FB35FB7C04E09000000010000002A000000302806082B0601050507030206082B0601050507030406082B0601050507030106082B060105050703080B0000000100000018000000470054005300200052006F006F00740020005200340000001D00000001000000100000006D81CF5A57E7A81939F2FA048E7CB95020000000010000000E0200003082020A30820191A00302010202106E47A9C88B94B6E8BB3B2AD8A2B2C199300A06082A8648CE3D0403033047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F74205234301E170D3136303632323030303030305A170D3336303632323030303030305A3047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F742052343076301006072A8648CE3D020106052B8104002203620004F37473A7688B60AE43B835C581307B4B499DFBC161CEE6DE46BD6BD5611835AE40DD73F78991305AEB3CEE857CA240763BA9C6B847D82AE792916A73E9B172399F299FA298D35F5E5886650FA1846506D1DC8BC9C773C88C6A2FE5C4ABD11D8AA3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E04160414804CD6EB74FF4936A3D5D8FCB53EC56AF0941D8C300A06082A8648CE3D040303036700306402306A50527408C470DC9E507421E88D7A21C34F966E15D12235612DFA0837EE196DADDBB2CC7D0734F560192CB534D96F2002300371B1BAA3600B86ED9A086A95689FE2B3E193647C5E93A6DF792D8D85E394CF235D71CCF2B04DD6FE99C894A975A2E3
(PID) Process:(7276) drivermax.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2A1D6027D94AB10A1C4D915CCD33A0CB3E2D54CB
Operation:writeName:Blob
Value:
5C0000000100000004000000800100001D00000001000000100000006D81CF5A57E7A81939F2FA048E7CB9500B0000000100000018000000470054005300200052006F006F007400200052003400000009000000010000002A000000302806082B0601050507030206082B0601050507030406082B0601050507030106082B060105050703080F0000000100000030000000DF03EE17776FAE07203AE956F6094206455C833A06297419E38793A34C4E010E8E0DD06107E0CD574F970FB35FB7C04E0300000001000000140000002A1D6027D94AB10A1C4D915CCD33A0CB3E2D54CB19000000010000001000000086665B2DECDDA69376F98E02CD5FA29A62000000010000002000000071CCA5391F9E794B04802530B363E121DA8A3043BB26662FEA4DCA7FC951A4BD140000000100000014000000804CD6EB74FF4936A3D5D8FCB53EC56AF0941D8C0400000001000000100000005DB66AC46017246A1A99A84BEE5EB42620000000010000000E0200003082020A30820191A00302010202106E47A9C88B94B6E8BB3B2AD8A2B2C199300A06082A8648CE3D0403033047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F74205234301E170D3136303632323030303030305A170D3336303632323030303030305A3047310B300906035504061302555331223020060355040A1319476F6F676C65205472757374205365727669636573204C4C43311430120603550403130B47545320526F6F742052343076301006072A8648CE3D020106052B8104002203620004F37473A7688B60AE43B835C581307B4B499DFBC161CEE6DE46BD6BD5611835AE40DD73F78991305AEB3CEE857CA240763BA9C6B847D82AE792916A73E9B172399F299FA298D35F5E5886650FA1846506D1DC8BC9C773C88C6A2FE5C4ABD11D8AA3423040300E0603551D0F0101FF040403020106300F0603551D130101FF040530030101FF301D0603551D0E04160414804CD6EB74FF4936A3D5D8FCB53EC56AF0941D8C300A06082A8648CE3D040303036700306402306A50527408C470DC9E507421E88D7A21C34F966E15D12235612DFA0837EE196DADDBB2CC7D0734F560192CB534D96F2002300371B1BAA3600B86ED9A086A95689FE2B3E193647C5E93A6DF792D8D85E394CF235D71CCF2B04DD6FE99C894A975A2E3
(PID) Process:(7276) drivermax.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Innovative Solutions\DriverMax
Operation:writeName:Affiliate
Value:
Inno
(PID) Process:(7276) drivermax.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7276) drivermax.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7276) drivermax.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7276) drivermax.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Innovative Solutions\DriverMax
Operation:writeName:fc
Value:
DE
(PID) Process:(7276) drivermax.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Innovative Solutions\DriverMax
Operation:writeName:lc
Value:
DE
(PID) Process:(7276) drivermax.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Innovative Solutions\Analytics
Operation:writeName:cid
Value:
92377058-E3FD-4E47-97F5-E38C5B2C8093
Executable files
73
Suspicious files
444
Text files
110
Unknown types
1

Dropped files

PID
Process
Filename
Type
7276drivermax.tmpC:\Program Files (x86)\Innovative Solutions\DriverMax\unins000.exeexecutable
MD5:DDA56268C2B003EA0ECF68982E950F9E
SHA256:61E4D3ED79FD304D8D8E9588A4E4ACDD9193FE44955A3E1CF3BF60A2B8351138
7276drivermax.tmpC:\Users\admin\AppData\Local\Temp\is-L78RK.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
7276drivermax.tmpC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\json[1].jsonbinary
MD5:5622BE04E0FC9E3FA978D2574F34F421
SHA256:64BACE4B03C59E3F3DE0311C2F021472484EB555F73080C4B26843A631F6FAD2
7276drivermax.tmpC:\Users\admin\AppData\Local\Temp\is-L78RK.tmp\analytics_v2.dllexecutable
MD5:1661226A7016F8614B1530AE268858A7
SHA256:864DE77C5000C2C4214977247D1770CBF6CE80AE7357434BC2A75DFE7D8116AE
7276drivermax.tmpC:\Users\admin\AppData\Local\Temp\is-L78RK.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
7256drivermax.exeC:\Users\admin\AppData\Local\Temp\is-9C8GK.tmp\drivermax.tmpexecutable
MD5:AB126F7F9FF2E7902FF2BBDC1A6D3158
SHA256:89D0CFA56BACC7981227BF45E2983DD6BFF5BAA359EBF756EF2B171B5668E515
7276drivermax.tmpC:\Program Files (x86)\Innovative Solutions\DriverMax\is-UDK97.tmpexecutable
MD5:7064F23AA18D9DA00FD7502388AE5332
SHA256:AF29EB812EECD677C4ADDA44C48A8FD146695472B38944583A1736947989B663
7276drivermax.tmpC:\Users\admin\AppData\Local\Temp\is-L78RK.tmp\folder-images-icon.bmpimage
MD5:D393253B0477CCE0D1E2F6E96E1339E9
SHA256:171092952FE01BACAFEEA6B4C7CF90AF0CA98EB251834F9B9E3E702DC878FA61
7276drivermax.tmpC:\Program Files (x86)\Innovative Solutions\DriverMax\Readme\license.rtftext
MD5:9F32A7200E53AE9AE7D61D1B2F672165
SHA256:0369014DDABCC82AFC72E7399C80D8F6C47A4DD2B8C339C52FAF9A480B5DBDB6
7276drivermax.tmpC:\Program Files (x86)\Innovative Solutions\DriverMax\is-J8MCP.tmpexecutable
MD5:DDA56268C2B003EA0ECF68982E950F9E
SHA256:61E4D3ED79FD304D8D8E9588A4E4ACDD9193FE44955A3E1CF3BF60A2B8351138
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
30
TCP/UDP connections
103
DNS requests
103
Threats
27

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.19.11.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7276
drivermax.tmp
GET
200
34.117.59.81:80
http://ipinfo.io/json
unknown
whitelisted
2392
drivermax.exe
GET
200
34.117.59.81:80
http://ipinfo.io/json
unknown
whitelisted
5956
BackgroundTransferHost.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
7836
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7836
SIHClient.exe
GET
200
23.52.120.96:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2392
drivermax.exe
GET
200
151.101.194.133:80
http://ocsp.globalsign.com/codesigningrootr45/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQVFZP5vqhCrtRN5SWf40Rn6NM1IAQUHwC%2FRoAK%2FHg5t6W0Q9lWULvOljsCEHe9DgW3WQu2HUdhUx4%2Fde0%3D
unknown
whitelisted
3176
backgroundTaskHost.exe
GET
200
23.54.109.203:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
2392
drivermax.exe
GET
200
151.101.194.133:80
http://ocsp.globalsign.com/gsgccr45evcodesignca2020/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQaCbVYh07WONuW4e63Ydlu4AlbDAQUJZ3Q%2FFkJhmPF7POxEztXHAOSNhECDCCtkc7alS0T%2BWxUPg%3D%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.19.11.120:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
192.168.100.255:138
whitelisted
3216
svchost.exe
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
20.190.160.65:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
23.54.109.203:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
7276
drivermax.tmp
34.117.59.81:80
ipinfo.io
GOOGLE-CLOUD-PLATFORM
US
whitelisted
7276
drivermax.tmp
34.117.59.81:443
ipinfo.io
GOOGLE-CLOUD-PLATFORM
US
whitelisted
7276
drivermax.tmp
142.250.181.238:443
www.google-analytics.com
GOOGLE
US
whitelisted
3176
backgroundTaskHost.exe
20.223.35.26:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.142
whitelisted
crl.microsoft.com
  • 2.19.11.120
  • 2.19.11.105
  • 23.48.23.184
  • 23.48.23.172
  • 23.48.23.189
  • 23.48.23.179
  • 23.48.23.183
  • 23.48.23.182
  • 23.48.23.175
  • 23.48.23.181
  • 23.48.23.185
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
login.live.com
  • 20.190.160.65
  • 20.190.160.2
  • 20.190.160.20
  • 40.126.32.140
  • 40.126.32.76
  • 20.190.160.5
  • 40.126.32.72
  • 40.126.32.134
whitelisted
ocsp.digicert.com
  • 23.54.109.203
whitelisted
ipinfo.io
  • 34.117.59.81
whitelisted
www.google-analytics.com
  • 142.250.181.238
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
www.bing.com
  • 92.123.104.64
  • 92.123.104.62
  • 92.123.104.61
  • 92.123.104.53
  • 92.123.104.46
  • 92.123.104.47
  • 92.123.104.63
  • 92.123.104.59
  • 92.123.104.65
  • 92.123.104.36
  • 92.123.104.34
  • 92.123.104.38
  • 92.123.104.35
  • 92.123.104.52
whitelisted

Threats

PID
Process
Class
Message
7276
drivermax.tmp
Misc activity
ET ADWARE_PUP Drivermax Utility Checkin Activity
7276
drivermax.tmp
Device Retrieving External IP Address Detected
ET INFO External IP Lookup ipinfo.io
7276
drivermax.tmp
Device Retrieving External IP Address Detected
ET INFO Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
2196
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
2392
drivermax.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup ipinfo.io
2196
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
2196
svchost.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain in DNS Lookup (ipinfo .io)
6424
drivermax.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup ipinfo.io
920
drivermax.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup ipinfo.io
5544
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
drivermax.exe