File name:

DriverTalent_2548.exe

Full analysis: https://app.any.run/tasks/c8bc17ae-5695-474d-80c7-2b4ad4002a81
Verdict: Malicious activity
Analysis date: June 15, 2024, 18:40:17
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5:

1371BA1AB87CEA58D3571D6746F28447

SHA1:

E4D58E044017BB15BCB570759D182CC5C585ACC1

SHA256:

6B124A19F9BAED71B97D8A763071EA3CBD0A040AA0ED77E85067DDBE141EE472

SSDEEP:

196608:RF2IiRbjruqph20NfGPp1UFopvXj7dbIqlBYWEoEaNMqdZvR7vrdNqf:Hit/h2qf2DfpvXj7WqE/mMqdL7vrdN+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • DriverTalent_2548.exe (PID: 6416)
      • HardWareReport.exe (PID: 6516)

    • Scans artifacts that could help determine the target

      • DriverTalent.exe (PID: 7088)

  • SUSPICIOUS

    • Checks Windows Trust Settings

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)

    • Reads security settings of Internet Explorer

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)
      • HardWareReport.exe (PID: 6516)

    • Executable content was dropped or overwritten

      • DriverTalent_2548.exe (PID: 6416)
      • HardWareReport.exe (PID: 6516)

    • Process drops legitimate windows executable

      • DriverTalent_2548.exe (PID: 6416)

    • Drops 7-zip archiver for unpacking

      • DriverTalent_2548.exe (PID: 6416)

    • Drops a system driver (possible attempt to evade defenses)

      • DriverTalent_2548.exe (PID: 6416)
      • HardWareReport.exe (PID: 6516)

    • Creates a software uninstall entry

      • DriverTalent_2548.exe (PID: 6416)

    • Creates or modifies Windows services

      • DriverTalent_2548.exe (PID: 6416)

    • Reads the date of Windows installation

      • DriverTalent_2548.exe (PID: 6416)
      • HardWareReport.exe (PID: 6516)

    • Reads Microsoft Outlook installation path

      • DriverTalent.exe (PID: 7088)

    • Reads Internet Explorer settings

      • DriverTalent.exe (PID: 7088)

    • Searches for installed software

      • DriverTalent.exe (PID: 7088)

    • Changes Internet Explorer settings (feature browser emulation)

      • DriverTalent.exe (PID: 7088)

    • Detected use of alternative data streams (AltDS)

      • DriverTalent.exe (PID: 7088)

    • Reads the BIOS version

      • HardWareReport.exe (PID: 6516)

    • Reads the Windows owner or organization settings

      • HardWareReport.exe (PID: 6516)

    • The process checks if it is being run in the virtual environment

      • HardWareReport.exe (PID: 6516)

    • Connects to unusual port

      • DriverTalent.exe (PID: 7088)

  • INFO

    • Checks supported languages

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)
      • HardWareReport.exe (PID: 6516)
      • identity_helper.exe (PID: 6368)
      • Dtl7z.exe (PID: 4944)
      • Dtl7z.exe (PID: 6648)
      • identity_helper.exe (PID: 6572)
      • identity_helper.exe (PID: 5180)

    • Reads the computer name

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)
      • HardWareReport.exe (PID: 6516)
      • Dtl7z.exe (PID: 4944)
      • identity_helper.exe (PID: 6368)
      • Dtl7z.exe (PID: 6648)
      • identity_helper.exe (PID: 5180)
      • identity_helper.exe (PID: 6572)

    • Create files in a temporary directory

      • DriverTalent_2548.exe (PID: 6416)

    • Reads the machine GUID from the registry

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)
      • HardWareReport.exe (PID: 6516)

    • Checks proxy server information

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)

    • Creates files in the program directory

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)

    • Reads Microsoft Office registry keys

      • DriverTalent_2548.exe (PID: 6416)
      • msedge.exe (PID: 3740)
      • msedge.exe (PID: 1676)
      • msedge.exe (PID: 5108)
      • DriverTalent.exe (PID: 7088)
      • msedge.exe (PID: 2132)
      • msedge.exe (PID: 5092)

    • Reads the software policy settings

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)
      • HardWareReport.exe (PID: 6516)

    • Creates files or folders in the user directory

      • DriverTalent_2548.exe (PID: 6416)
      • DriverTalent.exe (PID: 7088)
      • Dtl7z.exe (PID: 4944)
      • HardWareReport.exe (PID: 6516)
      • Dtl7z.exe (PID: 6648)

    • Process checks computer location settings

      • DriverTalent_2548.exe (PID: 6416)

    • Manual execution by a user

      • msedge.exe (PID: 1676)

    • Application launched itself

      • msedge.exe (PID: 1676)
      • msedge.exe (PID: 3740)
      • msedge.exe (PID: 5108)
      • msedge.exe (PID: 2132)
      • msedge.exe (PID: 5092)

    • Reads Environment values

      • DriverTalent.exe (PID: 7088)
      • HardWareReport.exe (PID: 6516)

    • Process checks Internet Explorer phishing filters

      • DriverTalent.exe (PID: 7088)

    • Reads Windows Product ID

      • HardWareReport.exe (PID: 6516)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (76)
.exe | Win32 Executable (generic) (12.6)
.exe | Generic Win/DOS Executable (5.6)
.exe | DOS Executable Generic (5.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:02:23 10:06:45+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 253952
InitializedDataSize: 24854528
UninitializedDataSize: 25145344
EntryPoint: 0x1838e70
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 8.1.11.46
ProductVersionNumber: 8.1.11.46
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileVersion: 8.1.11.46
ProductVersion: 8.1.11.46
ProductName: Driver Talent
FileDescription: Driver Talent Setup
CompanyName: OSToto Co., Ltd.
LegalCopyright: Copyright (C) 2008-2022 OSToto. All rights reserved.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
206
Monitored processes
80
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drivertalent_2548.exe drivertalent.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs hardwarereport.exe rundll32.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs dtl7z.exe no specs conhost.exe no specs msedge.exe no specs rundll32.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs dtl7z.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs drivertalent_2548.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
400"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2552 --field-trial-handle=2312,i,11307112802560533279,6266778810954962389,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
432"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x260,0x264,0x268,0x25c,0x270,0x7ffcf3aa5fd8,0x7ffcf3aa5fe4,0x7ffcf3aa5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
624"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5052 --field-trial-handle=2360,i,10454254369822711956,8185164477082334675,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1256"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x260,0x264,0x268,0x25c,0x270,0x7ffcf3aa5fd8,0x7ffcf3aa5fe4,0x7ffcf3aa5ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1332"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5312 --field-trial-handle=2340,i,4375269813688836311,16338844197655567601,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1412\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeDtl7z.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1572"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4176 --field-trial-handle=2132,i,7520114469951572205,11404222505954844407,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1572"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5380 --field-trial-handle=2312,i,11307112802560533279,6266778810954962389,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1604"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4484 --field-trial-handle=2340,i,4375269813688836311,16338844197655567601,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1676"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --do-not-de-elevate --single-argument http://www.ostoto.com/web/install/2548/1?v=8.1.11.46C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
53 196
Read events
52 930
Write events
253
Delete events
13

Modification events

(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\OSTotoSoft\DriverTalent
Operation:writeName:AppPath
Value:
C:\Program Files (x86)\OSTotoSoft\DriverTalent
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\OSTotoSoft\DriverTalent
Operation:writeName:OemID
Value:
0
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\OSTotoSoft\DriverTalent
Operation:writeName:UnionId
Value:
2548
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\OSTotoSoft\DriverTalent
Operation:writeName:UserID
Value:
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_CURRENT_USER\SOFTWARE\OSTotoSoft\DriverTalent
Operation:writeName:AppPath
Value:
C:\Program Files (x86)\OSTotoSoft\DriverTalent
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_CURRENT_USER\SOFTWARE\OSTotoSoft\DriverTalent
Operation:writeName:OemID
Value:
0
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_CURRENT_USER\SOFTWARE\OSTotoSoft\DriverTalent
Operation:writeName:UnionId
Value:
2548
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_CURRENT_USER\SOFTWARE\OSTotoSoft\DriverTalent
Operation:writeName:UserID
Value:
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_CURRENT_USER\SOFTWARE\OSTotoSoft\DriverTalent
Operation:writeName:Version
Value:
801110046
(PID) Process:(6416) DriverTalent_2548.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
Executable files
105
Suspicious files
209
Text files
260
Unknown types
4

Dropped files

PID
Process
Filename
Type
6416DriverTalent_2548.exeC:\Users\admin\AppData\Local\Temp\Hot4330.tmp\pcid.dllexecutable
MD5:A8416C64B918B026247CC87303C64F77
SHA256:6D5FFC23F532A64E5B3AC79A02876CD7B841695E08C5CD78A9DB06D5413CCD17
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\Autosetup\filter.proctext
MD5:E82C20C1B43F9B24276E7813F4AF3205
SHA256:FB4817BB5C74017FC3850211D390371B0A2BCADE03BBFFE16F8A4C2735AD8F58
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\Autosetup\DisableLogging.regtext
MD5:7E4A8705F4C3675B927C375FAB876951
SHA256:1382172EF07187998CBFA74215E7B7178E40C013CFCEA7BEF8E8C5B375A41C92
6416DriverTalent_2548.exeC:\Users\admin\AppData\Local\Temp\Hot4330.tmp\substat.dllexecutable
MD5:D3E2716621CD2946CACE33ABFD1F5202
SHA256:5E4BCCA804B7A9AB66CD3C97024B9B729892BC024762DA38094B35FCD5DD0983
6416DriverTalent_2548.exeC:\Users\admin\AppData\Local\Temp\Hot4330.tmp\DTInstUI.dllexecutable
MD5:88E4681A1FC93E14C539D85761F859B6
SHA256:183ABE5572EB850E30111D958132C25850AEF5A1BE75DBED504B66CD5B7355FA
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\Autosetup\EnableFullLogging.regtext
MD5:DB35C068B2490F8703E76CA57AE55895
SHA256:A04B7FC95D244E05E94E466D0F8E56202A87C007DA992F79D2E880DA1231549B
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\cache\softico\125-10.pngimage
MD5:1757FBB3BAC290DFD509BA39EA67F76A
SHA256:512FC8B325D2EF2D687AC55049181E744C8A739CBCD99FB0C4F9C16B8AB7098B
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\CleanConfig.datbinary
MD5:F0B35B88B65D285FDAD19DF2E2EBB6C4
SHA256:6E1406A43C09895F75C854412D38BA93CD68E407DCDE970838BD1E3A9FA677BB
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\cache\softico\125-2.pngimage
MD5:5E274B5EC0D5406A906E3F6CD6047195
SHA256:642D16C98033D743001D9C74DBBA0780B8472A4B978C6D67CB54898802B193D1
6416DriverTalent_2548.exeC:\Program Files (x86)\OSTotoSoft\DriverTalent\config\activity\img\dt_cp2.pngimage
MD5:6F99942A876FAD64384119112F5040CF
SHA256:F344BAD6FCFADBDF9C5B0C98AB89210FEAF16DE009033B6F6221204A6396280C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
118
TCP/UDP connections
143
DNS requests
85
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5140
MoUsoCoreWorker.exe
GET
200
23.223.17.198:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
7088
DriverTalent.exe
POST
43.152.26.197:80
http://int.qudong.drivethelife.com/api/int_networkspeed.json
unknown
unknown
7088
DriverTalent.exe
POST
200
43.152.26.197:80
http://int.qudong.drivethelife.com/api/vinfo
unknown
unknown
5612
RUXIMICS.exe
GET
200
23.223.17.198:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
5228
svchost.exe
GET
200
184.85.144.229:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
5612
RUXIMICS.exe
GET
200
184.85.144.229:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
5228
svchost.exe
GET
200
23.223.17.198:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
5140
MoUsoCoreWorker.exe
GET
200
184.85.144.229:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
6416
DriverTalent_2548.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
unknown
6416
DriverTalent_2548.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5612
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5140
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5612
RUXIMICS.exe
23.223.17.198:80
crl.microsoft.com
AKAMAI-AS
US
unknown
4364
svchost.exe
239.255.255.250:1900
unknown
5140
MoUsoCoreWorker.exe
23.223.17.198:80
crl.microsoft.com
AKAMAI-AS
US
unknown
5228
svchost.exe
23.223.17.198:80
crl.microsoft.com
AKAMAI-AS
US
unknown
5228
svchost.exe
184.85.144.229:80
www.microsoft.com
AKAMAI-AS
FI
unknown
5612
RUXIMICS.exe
184.85.144.229:80
www.microsoft.com
AKAMAI-AS
FI
unknown

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 23.223.17.198
  • 23.223.17.208
whitelisted
www.microsoft.com
  • 184.85.144.229
  • 88.221.169.152
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl3.digicert.com
  • 192.229.221.95
whitelisted
dispatch.integrate.drivethelife.com
  • 209.58.131.173
unknown
install.integrate.drivethelife.com
  • 209.58.131.173
unknown
autoupdater.drivethelife.com
  • 52.53.192.135
unknown
int.qudong.drivethelife.com
  • 43.152.26.197
  • 43.152.26.58
  • 43.152.26.151
  • 43.152.26.104
  • 43.152.26.142
  • 43.152.26.154
  • 43.152.26.221
unknown
config.edge.skype.com
  • 13.107.42.16
whitelisted

Threats

Found threats are available for the paid subscriptions
1 ETPRO signatures available at the full report
Process
Message
DriverTalent_2548.exe
hwang InitCommandLineArgv parm=c:\users\admin\desktop\drivertalent_2548.exe
DriverTalent_2548.exe
hwang Create Directory C:\Users\admin\AppData\Local\Temp\Hot4330.tmp!
DriverTalent_2548.exe
hwang UnCompress EXT to C:\Users\admin\AppData\Local\Temp\Hot4330.tmp .
DriverTalent_2548.exe
hwang global_licence_url: http://www.drivethelife.com/EULA.html
DriverTalent_2548.exe
hwang UnCompress successful.
DriverTalent_2548.exe
hwang Create Directory C:\Program Files (x86)\OSTotoSoft\DriverTalent!
DriverTalent_2548.exe
hwang UnCompress DATA to C:\Program Files (x86)\OSTotoSoft\DriverTalent .
DriverTalent_2548.exe
hwang UnCompress successful.
DriverTalent_2548.exe
hwang Copy C:\Users\admin\AppData\Local\Temp\Hot4330.tmp\AdModule.dll to C:\Program Files (x86)\OSTotoSoft\DriverTalent failed!
DriverTalent_2548.exe
hwang SHFileOperation error code : 0x2
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
DriverTalent_2548.exe