File name:

driver-hub-install__281.exe

Full analysis: https://app.any.run/tasks/6367a97e-f4b4-497d-8b21-02e59db6245f
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: September 15, 2024, 01:50:04
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
stealer
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

31DBC51B4B5F5B44C6CD2474D0A2DD94

SHA1:

7B12FA933F73D2FB2738F0AA200D58106B01C83B

SHA256:

42EE0CA9AE8F7D486058FA77491EDEB61D7F409009E38516D88B99218777D9F1

SSDEEP:

98304:4wfFv+egSLStNrI4sPb18YRx8qhDtA20BLvO3DbwWcyDDH/yMccKocWv8cVCTElt:nWU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • VC_redist.x86.exe (PID: 6108)

    • Actions looks like stealing of personal data

      • setup.exe (PID: 6888)
      • setup.exe (PID: 6548)
      • setup.exe (PID: 6232)
      • setup.exe (PID: 4680)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • driver-hub-install__281.exe (PID: 2524)
      • driver-hub-install__281.exe (PID: 240)
      • VC_redist.x86.exe (PID: 568)
      • VC_redist.x86.exe (PID: 6644)
      • setup.exe (PID: 6888)
      • 360TotalSecurityDownloader.exe (PID: 7164)

    • Reads Microsoft Outlook installation path

      • driver-hub-install__281.exe (PID: 2524)
      • driver-hub-install__281.exe (PID: 240)

    • Reads Internet Explorer settings

      • driver-hub-install__281.exe (PID: 2524)
      • driver-hub-install__281.exe (PID: 240)

    • Application launched itself

      • driver-hub-install__281.exe (PID: 2524)
      • VC_redist.x86.exe (PID: 6928)
      • VC_redist.x86.exe (PID: 6644)
      • setup.exe (PID: 6888)
      • setup.exe (PID: 4680)

    • Creates a software uninstall entry

      • driver-hub-install__281.exe (PID: 240)
      • VC_redist.x86.exe (PID: 6108)

    • Executable content was dropped or overwritten

      • driver-hub-install__281.exe (PID: 240)
      • VC_redist.x86.exe (PID: 2248)
      • VC_redist.x86.exe (PID: 568)
      • VC_redist.x86.exe (PID: 6108)
      • VC_redist.x86.exe (PID: 6644)
      • VC_redist.x86.exe (PID: 2032)
      • setup.exe (PID: 6888)
      • setup.exe (PID: 6548)
      • setup.exe (PID: 1932)
      • OperaDownloader.exe (PID: 3728)
      • setup.exe (PID: 4680)
      • setup.exe (PID: 6232)
      • 360TotalSecurityDownloader.exe (PID: 7164)

    • Starts a Microsoft application from unusual location

      • VC_redist.x86.exe (PID: 2248)
      • VC_redist.x86.exe (PID: 568)
      • VC_redist.x86.exe (PID: 6108)

    • Searches for installed software

      • VC_redist.x86.exe (PID: 568)
      • dllhost.exe (PID: 2228)
      • VC_redist.x86.exe (PID: 6644)
      • VC_redist.x86.exe (PID: 2032)

    • Starts itself from another location

      • VC_redist.x86.exe (PID: 568)
      • setup.exe (PID: 6888)

    • Executes as Windows Service

      • VSSVC.exe (PID: 3908)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 4008)
      • driver-hub-install__281.exe (PID: 240)
      • setup.exe (PID: 6888)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 4008)

    • Potential Corporate Privacy Violation

      • 360TotalSecurityDownloader.exe (PID: 7164)

  • INFO

    • Checks supported languages

      • driver-hub-install__281.exe (PID: 2524)
      • driver-hub-install__281.exe (PID: 240)
      • VC_redist.x86.exe (PID: 2248)
      • VC_redist.x86.exe (PID: 568)
      • VC_redist.x86.exe (PID: 6108)
      • msiexec.exe (PID: 4008)
      • VC_redist.x86.exe (PID: 6928)
      • VC_redist.x86.exe (PID: 6644)
      • VC_redist.x86.exe (PID: 2032)
      • DriverHub.exe (PID: 6240)
      • OperaDownloader.exe (PID: 3728)
      • setup.exe (PID: 6888)
      • setup.exe (PID: 6548)
      • setup.exe (PID: 1932)
      • setup.exe (PID: 4680)
      • setup.exe (PID: 6232)
      • 360TotalSecurityDownloader.exe (PID: 7164)
      • identity_helper.exe (PID: 7260)

    • Reads the computer name

      • driver-hub-install__281.exe (PID: 2524)
      • driver-hub-install__281.exe (PID: 240)
      • VC_redist.x86.exe (PID: 568)
      • VC_redist.x86.exe (PID: 6108)
      • msiexec.exe (PID: 4008)
      • VC_redist.x86.exe (PID: 6644)
      • VC_redist.x86.exe (PID: 2032)
      • DriverHub.exe (PID: 6240)
      • setup.exe (PID: 6888)
      • setup.exe (PID: 4680)
      • 360TotalSecurityDownloader.exe (PID: 7164)
      • identity_helper.exe (PID: 7260)

    • Checks proxy server information

      • driver-hub-install__281.exe (PID: 2524)
      • driver-hub-install__281.exe (PID: 240)
      • setup.exe (PID: 6888)
      • 360TotalSecurityDownloader.exe (PID: 7164)

    • Process checks computer location settings

      • driver-hub-install__281.exe (PID: 2524)
      • driver-hub-install__281.exe (PID: 240)
      • VC_redist.x86.exe (PID: 568)
      • VC_redist.x86.exe (PID: 6644)

    • Process checks whether UAC notifications are on

      • driver-hub-install__281.exe (PID: 240)

    • Reads the machine GUID from the registry

      • driver-hub-install__281.exe (PID: 240)
      • VC_redist.x86.exe (PID: 6108)
      • msiexec.exe (PID: 4008)
      • DriverHub.exe (PID: 6240)
      • setup.exe (PID: 6888)
      • 360TotalSecurityDownloader.exe (PID: 7164)

    • Creates files in the program directory

      • driver-hub-install__281.exe (PID: 240)
      • VC_redist.x86.exe (PID: 6108)

    • Reads the software policy settings

      • driver-hub-install__281.exe (PID: 240)
      • msiexec.exe (PID: 4008)
      • setup.exe (PID: 6888)

    • Create files in a temporary directory

      • VC_redist.x86.exe (PID: 568)
      • driver-hub-install__281.exe (PID: 240)
      • VC_redist.x86.exe (PID: 6108)
      • VC_redist.x86.exe (PID: 6644)
      • OperaDownloader.exe (PID: 3728)
      • setup.exe (PID: 6888)
      • setup.exe (PID: 6548)
      • setup.exe (PID: 1932)
      • setup.exe (PID: 4680)
      • setup.exe (PID: 6232)
      • 360TotalSecurityDownloader.exe (PID: 7164)

    • The process uses the downloaded file

      • VC_redist.x86.exe (PID: 568)
      • VC_redist.x86.exe (PID: 6644)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 4008)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 4008)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 4008)
      • driver-hub-install__281.exe (PID: 240)
      • DriverHub.exe (PID: 6240)
      • setup.exe (PID: 6888)
      • setup.exe (PID: 6548)
      • 360TotalSecurityDownloader.exe (PID: 7164)

    • Sends debugging messages

      • DriverHub.exe (PID: 6240)

    • Disables trace logs

      • 360TotalSecurityDownloader.exe (PID: 7164)

    • Application launched itself

      • msedge.exe (PID: 6692)
      • msedge.exe (PID: 2720)

    • Reads Environment values

      • identity_helper.exe (PID: 7260)

    • Manual execution by a user

      • msedge.exe (PID: 2720)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (18)
.exe | Win32 Executable (generic) (2.9)
.exe | Generic Win/DOS Executable (1.3)
.exe | DOS Executable Generic (1.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:08:06 14:05:26+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.29
CodeSize: 4763136
InitializedDataSize: 7387136
UninitializedDataSize: -
EntryPoint: 0x402f82
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 3.4.20.0
ProductVersionNumber: 3.4.20.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: ROSTPAY LTD.
FileDescription: Install DriverHub
InternalName: DriverHubInstaller
LegalCopyright: © ROSTPAY LTD. All rights reserved.
OriginalFileName: DriverHubInstaller.exe
ProductName: DriverHub
FileVersion: 3.4.20
ProductVersion: 3.4.20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
198
Monitored processes
66
Malicious processes
14
Suspicious processes
1

Behavior graph

Click at the process to see the details
start driver-hub-install__281.exe no specs driver-hub-install__281.exe vc_redist.x86.exe vc_redist.x86.exe vc_redist.x86.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe vc_redist.x86.exe no specs vc_redist.x86.exe vc_redist.x86.exe driverhub.exe operadownloader.exe setup.exe setup.exe setup.exe setup.exe setup.exe 360totalsecuritydownloader.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2328 --field-trial-handle=2332,i,15384744855132877682,4847505115570601314,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
240"C:\Users\admin\Desktop\driver-hub-install__281.exe" /screen=proc /pos=240,40 /lang=enC:\Users\admin\Desktop\driver-hub-install__281.exe
driver-hub-install__281.exe
User:
admin
Company:
ROSTPAY LTD.
Integrity Level:
HIGH
Description:
Install DriverHub
Exit code:
0
Version:
3.4.20
Modules
Images
c:\users\admin\desktop\driver-hub-install__281.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\bcrypt.dll
568"C:\WINDOWS\Temp\{6171A96B-D191-4FBD-92FE-90AD3C649E22}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\admin\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" -burn.filehandle.attached=556 -burn.filehandle.self=552 /quiet /norestart /repairC:\Windows\Temp\{6171A96B-D191-4FBD-92FE-90AD3C649E22}\.cr\VC_redist.x86.exe
VC_redist.x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135
Exit code:
0
Version:
14.38.33135.0
Modules
Images
c:\windows\temp\{6171a96b-d191-4fbd-92fe-90ad3c649e22}\.cr\vc_redist.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1636"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3292 --field-trial-handle=2280,i,9211748271742058550,15402797662475870568,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1932"C:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --versionC:\Users\admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
setup.exe
User:
admin
Company:
Opera Software
Integrity Level:
HIGH
Description:
Opera Installer
Exit code:
0
Version:
113.0.5230.62
Modules
Images
c:\users\admin\appdata\local\temp\.opera\opera installer temp\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
2032"C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" -q -burn.elevated BurnPipe.{A3565CA0-604A-47FC-9491-833D88EB12DE} {2192B19A-298E-4A31-8168-D95D89622ED4} 6644C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe
VC_redist.x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532
Exit code:
0
Version:
14.36.32532.0
Modules
Images
c:\programdata\package cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\vc_redist.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2224"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5664 --field-trial-handle=2280,i,9211748271742058550,15402797662475870568,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2228C:\WINDOWS\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\msvcrt.dll
2248"C:\Users\admin\AppData\Local\Temp\DriverHub\VC_redist.x86.exe" /quiet /norestart /repairC:\Users\admin\AppData\Local\Temp\DriverHub\VC_redist.x86.exe
driver-hub-install__281.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.38.33135
Exit code:
0
Version:
14.38.33135.0
Modules
Images
c:\users\admin\appdata\local\temp\driverhub\vc_redist.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
2492"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2632 --field-trial-handle=2332,i,15384744855132877682,4847505115570601314,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
Total events
28 058
Read events
27 117
Write events
673
Delete events
268

Modification events

(PID) Process:(2524) driver-hub-install__281.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2524) driver-hub-install__281.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2524) driver-hub-install__281.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(240) driver-hub-install__281.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(240) driver-hub-install__281.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(240) driver-hub-install__281.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(240) driver-hub-install__281.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverHub
Operation:writeName:UninstallString
Value:
C:\Program Files (x86)\DriverHub\DriverHubUninstaller.exe
(PID) Process:(240) driver-hub-install__281.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverHub
Operation:writeName:DisplayName
Value:
DriverHub
(PID) Process:(240) driver-hub-install__281.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverHub
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)\DriverHub
(PID) Process:(240) driver-hub-install__281.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverHub
Operation:writeName:Publisher
Value:
ROSTPAY LTD.
Executable files
122
Suspicious files
287
Text files
712
Unknown types
5

Dropped files

PID
Process
Filename
Type
240driver-hub-install__281.exeC:\Program Files (x86)\DriverHub\Credits.txttext
MD5:7282852E37095B043D99A678B8C31C9E
SHA256:EED093D8D23DC0F8A1B001BC6B59A31C70BD52EE85B3917E18AFAECCA788BF3D
240driver-hub-install__281.exeC:\Program Files (x86)\DriverHub\libcrypto-1_1.dllexecutable
MD5:D588D5B4162D2C66071A171A903AC8A1
SHA256:F1B06DB34B6BC09738FA66AC2103F7F47BA58F9BB6D1A518112F42846B6DC8EA
240driver-hub-install__281.exeC:\Program Files (x86)\DriverHub\Images\DriverHubLogo.pngimage
MD5:451B153070269850DA133D4E493A1BD6
SHA256:91D221FE4045038100274A1A32F8155C0195517C51A712B1F742A4F5BBB45E4B
240driver-hub-install__281.exeC:\Program Files (x86)\DriverHub\DriverHub.exeodttf
MD5:362F1A73BD16B0EF0762B5ABD5557C91
SHA256:7354005BD27793196ABFA99FE23147B3C395B6531AE36DCBDEC5CD8F4869D2DB
240driver-hub-install__281.exeC:\Program Files (x86)\DriverHub\libcurl.dllexecutable
MD5:E5064ADFBC48E3FB81F09E7B8E78D49D
SHA256:4BFCAEE356CF1B99D3DBC03D42018FCFC29271C6A72B373343D24C45A7569489
240driver-hub-install__281.exeC:\Program Files (x86)\DriverHub\d3dcompiler_47.dllexecutable
MD5:C5B362BCE86BB0AD3149C4540201331D
SHA256:EFBDBBCD0D954F8FDC53467DE5D89AD525E4E4A9CFFF8A15D07C6FDB350C407F
240driver-hub-install__281.exeC:\Program Files (x86)\DriverHub\opengl32sw.dllexecutable
MD5:8B197F55264A44B7B25046F7BA5BD7D2
SHA256:25AE7577E066FA80519A8F1C314B15CDD22E4A8D3ECD2A36ECCC79E40714A91D
240driver-hub-install__281.exeC:\Program Files (x86)\DriverHub\libssl-1_1.dllexecutable
MD5:4A1BD71115017098E6B75570A61B6DC3
SHA256:244AE1F0EF1AD908B54068EB13611FBA58C8F78BA2F126ACDE7379A0C823123F
240driver-hub-install__281.exeC:\Program Files (x86)\DriverHub\DriverHubUninstaller.exeexecutable
MD5:3220E1B78A19A7556781F81D04A5D097
SHA256:6F203E9F9B0637AECD7E0DF3F94715798FFAE8B76D51FD898D7D9B6ACD09469F
240driver-hub-install__281.exeC:\Program Files (x86)\DriverHub\imageformats\qgif.dllexecutable
MD5:A7D24E2226FF09208E22FC6F70BF0DE7
SHA256:6356257682FB64D28AD68DEBEA96E1A0104C273E8838953459A110933F0A84BE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
136
TCP/UDP connections
153
DNS requests
78
Threats
14

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
HEAD
200
188.130.153.33:443
https://www.drvhub.net/products/free/download
unknown
7072
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6288
RUXIMICS.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2120
MoUsoCoreWorker.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
HEAD
200
188.130.153.32:443
https://www.az-partners.net/storage/vs/VC_redist.x86.exe
unknown
GET
200
188.130.153.32:443
https://api.az-partners.net/apps/driver-hub/payload?ap=281&locale=en&arch=amd64&os=10.0
unknown
binary
2.53 Kb
GET
206
188.130.153.33:443
https://www.drvhub.net/products/free/download
unknown
compressed
2.15 Mb
GET
206
188.130.153.32:443
https://www.drvhub.net/products/free/download
unknown
binary
2.15 Mb
GET
206
188.130.153.33:443
https://www.drvhub.net/products/free/download
unknown
binary
2.15 Mb
GET
206
188.130.153.32:443
https://www.drvhub.net/products/free/download
unknown
binary
2.15 Mb
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
7072
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6288
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
7072
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
6288
RUXIMICS.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2120
MoUsoCoreWorker.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2120
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
7072
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
google.com
  • 142.250.185.174
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 95.101.149.131
whitelisted
api.az-partners.net
  • 188.130.153.33
  • 188.130.153.32
unknown
www.drvhub.net
  • 188.130.153.32
  • 188.130.153.33
whitelisted
www.az-partners.net
  • 188.130.153.33
  • 188.130.153.32
malicious
net.geo.opera.com
  • 185.26.182.112
  • 185.26.182.111
whitelisted
api.drvhub.net
  • 188.130.153.32
  • 188.130.153.33
whitelisted
free.360totalsecurity.com
  • 151.236.71.147
whitelisted
desktop-netinstaller-sub.osp.opera.software
  • 82.145.217.121
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE - Served Attached HTTP
Potential Corporate Privacy Violation
ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
7164
360TotalSecurityDownloader.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Potentially Bad Traffic
ET INFO Possible Chrome Plugin install
Potentially Bad Traffic
ET INFO Possible Chrome Plugin install
6996
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
6996
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Requests to a free CDN for open source projects (jsdelivr .net)
1 ETPRO signatures available at the full report
Process
Message
DriverHub.exe
qrc:/UpdateProgressDialog.qml:11:5: QML Connections: Implicitly defined onFoo properties in Connections are deprecated. Use this syntax instead: function onFoo(<arguments>) { ... }
DriverHub.exe
qrc:/main.qml:655:13: QML Connections: Implicitly defined onFoo properties in Connections are deprecated. Use this syntax instead: function onFoo(<arguments>) { ... }
DriverHub.exe
qrc:/main.qml:453:31: QML ItemDelegate: Binding loop detected for property "height"
DriverHub.exe
file:///C:/Program Files (x86)/DriverHub/QtQuick/Dialogs/DefaultFileDialog.qml:102:33: QML Settings: Failed to initialize QSettings instance. Status code is: 1
DriverHub.exe
file:///C:/Program Files (x86)/DriverHub/QtQuick/Dialogs/DefaultFileDialog.qml:102:33: QML Settings: The following application identifiers have not been set: QVector("organizationName", "organizationDomain")
DriverHub.exe
qrc:/SettingsPage.qml:47:9: QML MyCheckBox: Binding loop detected for property "width"
DriverHub.exe
qrc:/SettingsPage.qml:47:9: QML MyCheckBox: Binding loop detected for property "width"
DriverHub.exe
qrc:/SettingsPage.qml:47:9: QML MyCheckBox: Binding loop detected for property "width"
DriverHub.exe
qrc:/SettingsPage.qml:29:9: QML MyCheckBox: Binding loop detected for property "width"
DriverHub.exe
qrc:/SettingsPage.qml:29:9: QML MyCheckBox: Binding loop detected for property "width"
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
driver-hub-install__281.exe